Computer Security Tutorial

Instructors

Description

This page describes the tutorial and homework assignments by tutorial and due date.

Time and Location

Tutorials:

Grading

Active participation requires successful completion of homework assignments and projects and is graded on a pass / no pass basis. At least 50% of the cumulative score is required to pass.

Useful links

Assignments

Tutorial 1, Monday April 18

Assignment:

Due date: April 28th, 2011; hand in your printout at the beginning of the lecture.

Tutorial 2, Monday April 25

Topics: (Note that there will be no tutorial on Easter Monday)

Tutorial 3, Monday May 02

Assignment:

Binaries and challenge output:

You may find the following link useful:

Note that no decompilers are allowed, you need to look at the assembler code. If you take a shortcut then you may fail some test down the road.

Due date: May 12th, 2011; hand in your solutions at the beginning of the lecture.

Tutorial 4, Monday May 09

No new assignment today.

Tutorial 5, Monday May 16

Assignment:

Due date: June 7th, 2011; hand in your print out at the beginning of the lecture.

Tutorial 10, Monday June 20

Assignment: Develop a working exploit for a buffer overflow vulnerability for a given vulnerable program. The exploit shall consist of two parts:

The goal of the unpacker is to mask any NULL bytes in the shellcode that would otherwise cut off the exploit and prevent overflowing the target buffer.

In order to test this, you need to configure your system and your linker in a way that makes the victim vulnerable. Specifically, you need to disable:

Recommendations:

Switch off ASLR:

Useful compiler and linker options, and hints:

Helpful programs:

Documentation you must turn in by the due date:

Due date: July 7th, 2011; hand in your print out at the beginning of the lecture.