ECE 69500 - Holistic Software Security
Course Details
Lecture Hours: 3 Credits: 3
Areas of Specialization:
- Computer Engineering
Counts as:
Normally Offered:
Each Fall
Campus/Online:
On-campus only
Requisites:
ECE 264, ECE 496
Requisites by Topic:
Operating systems, computer security
Catalog Description:
This course introduces software security research and provides a complete overview of different aspects of software security and standard techniques used to solve various software security problems. We discuss generic techniques, such as data flow analysis, type inference, and dynamic analysis, that are also needed to perform research in other areas such as software engineering and program analysis.
Required Text(s):
None.
Recommended Text(s):
None.
Lecture Outline:
| Week(s) | Topic(s) |
|---|---|
| 3 | Vulnerability finding: Static analysis (pattern based/dataflow based/ type based/DSL based), dynamic analysis (different flavors of fuzzing), machine learning, and a combination of all the above. |
| 2 | Automated patching: Automated program repair techniques: pattern based/dynamic analysis based/machine learning, etc. |
| 3 | Patch propagation: Understanding the problem of propagating patches caused by software diversity and potential solutions. |
| 3 | Vulnerability prevention: Type-safe languages (Rust, Go, etc.), retrofitting techniques (Sanitizers: ASAN, etc.), type-safe dialects (Checked C/Cyclone/etc.). |
| 4 | Real world case studies: We use the learned techniques on real world open-source software. |
Assessment Method:
Projects, programming assignments (4/23)