| Semester | Summer 2020 |
| Course type | Block Seminar |
| Lecturer | TT.-Prof. Dr. Wressnegger |
| Audience | Informatik Master & Bachelor |
| Credits | 4 ECTS |
| Room | 148, Building 50.34 Online |
| Language | English or German |
| Link | https://campus.kit.edu/campus/all/event.asp?gguid=0xD3D89BD643F8453E86847CE356668B25 |
| Registration | https://ilias.studium.kit.edu/goto.php?target=crs_1095188 |
Due to the COVID-19 outbreak, this course is going to start off remotely, meaning, the kick-off meeting will happen online. The final colloquium, however, will hopefully be an in-person meeting again.
To receive all the necessary information, please subscribe to the mailing list here.
This seminar is concerned with the analysis and the discovery of vulnerabilities in software. Exploitable flaws in software are the foundation of attacks against entire systems and networks. Finding these hence is an important building block of proactive security.
The module introduces students to the large field of vulnerability discovery and teaches them to work up results from state-of-the-art research. To this end, the students will read up on a sub-field, prepare a seminar report, and present their work at the end of the term to their colleagues.
Topics include but are not limited to approaches for fuzzing software/devices, particular vulnerability classes, and static analysis for finding bugs.
| Date | Step |
| Tue, 21. April, 11:30–13:00 | Primer on academic writing, assignment of topics |
| Tue, 05. May | Arrange appointment with assistant |
| Mo, 11. May - Fr, 15. May | Individual meetings with assistant |
| Tue, 09. June | Submit final paper |
| Tue, 30. June | Submit review for fellow students |
| Thu, 09. July | Submit camera-ready version of your paper |
| Fr, 17. July | Presentation at final colloquium |
News about the seminar, potential updates to the schedule, and additional material are distributed using a separate mailing list. Moreover, the list enables students to discuss topics of the seminar.
You can subscribe here.
Every student may choose one of the following topics. For each of these, we additionally provide a recent top-tier publication that you should use as a starting point for your own research. For the seminar and your final report, you should not merely summarize that paper, but try to go beyond and arrive at your own conclusions.
Moreover, all of these papers come with open-source implementations. Play around with these and include the lessons learned in your report.
ParmeSan: Sanitizer-guided Greybox Fuzzing, USENIX Security 2020
IJON: Exploring Deep State Spaces via Fuzzing, IEEE S&P 2020
HALucinator: Firmware Re-hosting Through Abstraction Layer Emulation, USENIX Security 2020
ANTIFUZZ: Impeding Fuzzing Audits of Binary Executables, USENIX Security 2019
LAVA: Large-scale Automated Vulnerability Addition, IEEE S&P 2016
NEUZZ: Efficient Fuzzing with Neural Program Smoothing, IEEE S&P 2019
Automatic Inference of Search Patternsfor Taint-Style Vulnerabilities, IEEE S&P 2015
Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks, IEEE S&P 2019
The schedule of the final colloquium can be found here.