The course gives an introduction to C programming (incl. the use of pointers and dynamically allocated data), the underlying memory representation on the stack and the heap, and ways to abuse all this (with buffer overflows, integer overflows, and format strings attacks). The course also teaches some basic command lines skills in Linux/UNIX, incl. shell scripts and Makefiles.
Parts of the course are inspired by or based on material from the SysSec Common Curriculum.
Hoorcollege: woensdag 15:30-17:30 in HG00.307 (except
on March 19, then it's in HG00.303).
Werkcollege: dinsdag 8:30-10:30 in HG00.075
Vereiste voorkennis: Imperatief programmeren 1 & 2 (NWI-IPC014, NWI-IPC015 ) en Processoren (NWI-IPC006)
For this course there are obligatory weekly programming or hacking exercises, which have to be done in pairs. At most one of these exercises may have been marked as nsi (niet serieus ingeleverd) in order for you to take the exam. Exercises have to be handed in via Blackboard.
4 feb college 1 | Intro [slides] |
10 feb practicum 1 |
The Linux command line, gcc, and make: [assignment1] [linux-cheat-sheet] |
11 feb college 2 | Compilation & interpretation. C data types incl. pointers [slides] (NB slide 59 corrected 12/3/2014!) The code demo-ed during the lecture to check alignment is alignment.c; compile with option -O2 to get gcc to re-align data (at least, it does on my 64-bit machine). Read Section 9.1 of your 'Program Solving with C++' book for another explanation of pointers. |
18 feb practicum 2 |
Messing around on the stack: [assignment2 (version 2)] Note: Version 2 as of 2014-02-20 19:30
Note: exercises use some things from college 3. |
19 feb college 3 | Memory management: the stack
& the heap [slides]
A bit childish maybe, but the C pointer movie from Stanford explains the basic pointer operations and heap-allocation using malloc. ([Hi res version] |
25 feb practicum 3 |
Messing around on the heap: [assignment 3]
Note: exercises use some things from college 4. |
26 feb college 4 | Memory management continued [slides]; gdb [slides] |
4 maart | geen practicum vanwege carnaval |
5 maart college 5 | Buffer overflows and format strings attacks [slides] Read the tutorial on buffer overflows by Herbert Bos and lecture notes on format strings by Wenliang Du. |
11 maart practicum 4 | Simple `local' buffer overflows attacks (without machine code
payloads): [assignment 4] |
12 maart college 6 | Buffer overflows: more attacks and defenses |
18 maart practicum 5 | A classic `remote' buffer overflow attack (with machine code
payload): [assignment 5] |
19 maart college 7 | Discussion of assignment 4; Reflection [slides] |
25 maart practicum 6 | Working session on final assignment |
26 maart college 8 | Discussion of assignment 5 [slides]; Q&A session voor het tentamen |
dinsdag 1 april | tentamen in HG00.304, 8:30-11:30 (HG00.065 voor mensen met extra tijd) |
dinsdag 8 juli | hertentamen in HG00.108, 8:30-11:30 |