After the course students can:
- explain how standard C data types are represented, and write C programs to inspect and manipulate these representations
- explain how the stack and heap are used to allocate data in C programs
- write C programs that makes use of pointers and pointer arithmetic
- explain how the stack is used to administer procedure calls
- explain how buffer overflows work
- explain some of the countermeasures against these vulnerabilities, how these work, and apply some of them
- develop simple exploits for code with buffer overflow weaknesses.
Most security problems have their origin in software, esp. software that is accessible via the internet. This course is about software security vulnerabilities, standard types of such vulnerabilities, what the causes are, what can be done about them and how they can be detected and exploited.
This course concentrates on typical security problems in C(++) programs and machine code, related to memory management: buffer overflows (on heap and stack), integer overflows, and format string attacks.
|Processors and Imperative Programming|
|Project work and written exam. The grade is determined by the exam, but the project work must be sufficient to obtain the grade.|
|This course is taught in English.|