City: Saint Petersburg Novosibirsk Kazan Language: Русский English

Program Analysis for Security
Saint Petersburg / autumn 2010, посмотреть все семестры

Enroll in the course to get notifications and to be able to submit home assignments.
Register to enroll now Login

This course will bring together topics from programming languages, compilers, and security. My goal is to familiarize the students with the foundations of these topics by talking about compilers and runtime and then move on and cover the basics of 1) security attacks and 2) security defenses. The final portion of the course will focus on some of the recent academic research with a particular emphasis on practical systems that are actually deployed.

  • Buffer overruns. History and what is relevant today when it comes to memory exploits. Worms. Heap spraying attacks. Detection and prevention.
  • Web application vulnerabilities. SQL injections and cross-site scripting. JavaScript worms. Defenses and practical considerations.
  • Browser security and issues with JavaScript. JavaScript is rapidly becoming the de-facto language of the web. As such, security issues that exist in the context of JavaScript are of particular interest.

Many of the topics I will touch upon in this course will serve as an example of modern research in software systems. The emphasis will be on instilling the practical researcher mindset in the students.

Date and time Class|Name Venue|short Materials
17 October
11:15–11:30
Course overview, Lecture ПОМИ РАН slides
17 October
11:30–12:50
Introduction to Systems Security, Lecture ПОМИ РАН slides
17 October
13:00–14:35
Introduction to Compilers, Lecture ПОМИ РАН slides
17 October
15:35–17:10
Nozzle, Lecture ПОМИ РАН slides