INTRODUCTION TO THE

SOFTWARE SECURITY COURSE

Software Security
Pedro Adão 2024/25
(with Ana Matos & Miguel Pupo Correia)

1
 2

2
Teaching staff
• Pedro Adão - coordinator + VSSD lectures + labs
– Office at Alameda – Office 3, Informática 3
– Office at IST TagusPark – 2N3.3

• Ana Matos - coordinator + LBS lectures + labs

– Office at Alameda – TBD
– Office at IST TagusPark – 2N3.11

• João Pereira - labs

– Office at Alameda – TBD

• Nuno Sabino - labs

– Office at Alameda – TBD

3
Objectives
• to give the students the mental tools necessary to
understand the problem of the security of the computer
and its software, vis-à-vis the security of the
communication or distributed system

• to give a deep insight into the security problems in

modern software systems, and present paradigms,
models and tools to tackle these problems
4

4
Program overview
• Principles of Computer Security
• Software Vulnerabilities
• Development of Secure Software

5
Program in detail
• Principles of Computer Security
– (VSSD) Basic properties and concepts; Software security design principles.
– (LBS) Security policies and properties
• Software Vulnerabilities
– (VSSD) Conventional applications (buffer overflows, race conditions); Web applications and
databases; Mobile applications.
– (LBS) Vulnerabilities as information flow errors
• Development of Secure Software
– (VSSD) Software auditing; Validation and encoding
– (LBS) Enforcement mechanisms; Program analysis and verification for security (taint
checking, type checking, monitoring, symbolic execution)

6
Language-Based Security

7-1
Language-Based Security
techniques based on programming language theory and
implementation, including semantics, types, optimisation and
verification, brought to bear on the security question
Schneider et. al, 2000

7-2
Language-Based Security
techniques based on programming language theory and
implementation, including semantics, types, optimisation and
verification, brought to bear on the security question
Schneider et. al, 2000

Attacks: Software (program) level

Tools: Programming Languages techniques

Goal: Security by design, built into software

7

7-3
Security by design

8-1
Security by design
• Software applications are implemented in programming
languages

8-2
Security by design
• Software applications are implemented in programming
languages
• systems are modelled at different levels of abstraction (using
different languages)

8-3
Security by design
• Software applications are implemented in programming
languages
• systems are modelled at different levels of abstraction (using
different languages)
• security policies can be expressed and analysed at each of
these levels

8-4
Security by design
• Software applications are implemented in programming
languages
• systems are modelled at different levels of abstraction (using
different languages)
• security policies can be expressed and analysed at each of
these levels
• security-by-design: using language-based analysis
techniques to enforce specified security properties with
strong guarantees
8

8-5
Secure? (w.r.t. ...)

9-1
Secure? (w.r.t. ...)
yH := xL
xL := yH

9-2
Secure? (w.r.t. ...)
yH := xL ✓
xL := yH

9-3
Secure? (w.r.t. ...)
yH := xL ✓
xL := yH ✗

9-4
Secure? (w.r.t. ...)
yH := xL ✓
xL := yH ✗
if yH then xL := 0 else xL := 1
while yH do skip ; xL := 0

9-5
Secure? (w.r.t. ...)
yH := xL ✓
xL := yH ✗
if yH then xL := 0 else xL := 1 ✗
while yH do skip ; xL := 0

9-6
Secure? (w.r.t. ...)
yH := xL ✓
xL := yH ✗
if yH then xL := 0 else xL := 1 ✗
while yH do skip ; xL := 0
✓
9

9-7
Secure? (w.r.t. ...)
yH := xL ✓ Explicit leak
xL := yH ✗
if yH then xL := 0 else xL := 1 ✗
while yH do skip ; xL := 0
✓
9

9-8
Secure? (w.r.t. ...)
yH := xL ✓ Explicit leak
xL := yH ✗
if yH then xL := 0 else xL := 1 ✗ Implicit leak
while yH do skip ; xL := 0
✓
9

9-9
Secure? (w.r.t. ...)

10

10-1
Secure? (w.r.t. ...)
yH := xL ✓
xL := yH ✗
if yH then xL := 0 else xL := 1 ✗
while yH do skip ; xL := 0

10

10-2
Secure? (w.r.t. ...)
yH := xL ✓
xL := yH ✗
if yH then xL := 0 else xL := 1 ✗
while yH do skip ; xL := 0 ✗
10

10-3
Secure? (w.r.t. ...)
yH := xL ✓
xL := yH ✗
if yH then xL := 0 else xL := 1 ✗ Termination leak
while yH do skip ; xL := 0 ✗
10

10-4
Ethics and law
• The purpose of the course is to learn how to protect computer
systems from cyber-attacks
– but some of the things you learn may also be used to attack
them
• Notice that
– Attacking systems is unethical and punished by law
– Even just “testing” systems without written permission may be
punished by law

11

11-1
Ethics and law
• The purpose of the course is to learn how to protect computer
systems from cyber-attacks
– but some of the things you learn may also be used to attack
them
• Notice that
– Attacking systems is unethical and punished by law
– Even just “testing” systems without written permission may be
punished by law
• Don’t try this at home  Try this just at home
11

11-2
ORGANIZATION OF THE COURSE

12

12
Communication
• Primarily via mattermost, for a quicker response, and so that all
students can benefit from the information

• Official announcements and resources via:

• the course’s website (Fenix),
• email, using your official email address

• Course’s website @ Fenix:

https://fenix.tecnico.ulisboa.pt/disciplinas/SSof11/2024-2025/1-semestre

13

13
Classes
• 1 Lecture and 1 Lab on VSSD per week
VSSD
• Alameda: Lecture Mo + Labs Mo and Tu T01

• Tagus: Lecture Thu + Labs Thu VSSD

T02

• 1 Lecture and 1 Lab on LBS per week

LBS
• Alameda: Lecture We + Labs We + Fr T01

LBS
• Tagus: Lecture Tu + Labs Tu T02

• in person, in your own shift

14

14
 VSSD VSSD LBS
L05 L06 T02

VSSD
T01
LBS LBS
L03 L08

LBS
VSSD VSSD T01
L08 L07

LBS
LBS
L09 L07
VSSD VSSD

L03 T02

LBS LBS
L06 L05
VSSD
L04 LBS VSSD
L10 L10
LBS
L04

LBS VSSD
L11 L11

VSSD
L09
15

15
Labs/practical classes
• Labs (hands-on)
– Cross site scripting
– SQL injection
– Buffer overflows
– Format string vulnerabilities
– Race conditions
• Lab (hands-on) + practical classes
– Taint checker + information flow policies
– Language interpreter + formal semantics
– Language analyzer + enforcement
mechanisms
– Static analyzer + type systems
– Dynamic analyzer + monitors
– Symbolic analyzer + verification and
bugs
16
16
Labs
• VSSD labs will be CTF-style labs
– BYOD
– Login at https://gitlab.rnl.tecnico.ulisboa.pt/
– There will be 6 Lab assignments starting week 2
– Lab assignments are individual
– Write-ups need to be submitted weekly
– by Saturday 5pm
17

17
Evaluation
• 1 Exam (50%) that can be repeated
• Practical components:
• Lab Exercises (15%) - Individual
• Project (35%) - Groups of 3 students (registration in Fenix)
• All students are expected to participate, and are responsible for, all
parts of the project
• Min. grade: Labs >= 9; Exam >= 8
• Partial grades from previous years not reused

Read “Métodos de Avaliação”, Fénix 18

18
Practical Components
• Important Dates
• 6 lab assignments starting W2
• Solutions and writeups due Saturday 5pm (each week)

• Project due: 10 January 2025, 17:00

• Practical Test: 15 January 2025 (exact time TBD)

Check “Avaliação / Evaluations”, Fénix 19

19
Exams
• Important Dates
• Exam 1 - 20 January 2025, 15:30
• Repetition - 03 February 2025, 08:00
• Covers Theoretical and Lab classes
• Can be answered in Portuguese or English

• Tests from last years will be made available, but note:

– Detailed content and highlights are adjusted every year.

– Use slides and summaries as reference.

Check “Avaliação / Evaluations”, Fénix 20

20
Bibliography
• Segurança no Software
Miguel Correia and Paulo Sousa
FCA, September 2010/2017

• Complementary:
– The 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them, Michael Howard,
David LeBlanc and John Viega, 2009, McGraw-Hill ISBN 9780071626750
– Building Secure Software: How to Avoid Security Problems the Right Way, John Viega and Gary
McGraw, 2002, Addison-Wesley ISBN 9780201721522
– Introduction to Computer Security, Matt Bishop, 2005, Addison-Wesley

• Alternative texts for non-Portuguese speaking students (email me)

21

21
Study materials
• Book / other texts
• Papers
• Lab guides
• Slides
• Problem sets

22

22
WHO WANTS TO HACK?
Creating a (ethically-responsible) hacking team@IST

23
How do we want to do it?
• Invite ALL students with interest in Security to participate
• Teach Computer Security in an ethically responsible and
competitive environment
• Meet regularly (every week Mo, 5.00pm) to learn new
tricks
• Participate in CTF competitions

• More info at https://sectt.github.io

24

24
How successful have we been?
• Consistent top-50 in CTFs since 2017
• Several top-20 and top-10 classifications

• International on-site participations after competitive qualifications

• Volga CTF, Russia (Sep 2017, Sep2020)
• CSAW European Finals (Nov 2017 (5th), Nov 2018 (3rd), Nov2019,
Nov2020, Nov2021, Nov2022 (2nd), Nov2023 (2nd), Nov2024 (4th))
• RuCTF Finals (Apr 2018, Apr 2019)
• ProCTF (Nov 2021)
25

25
But with great power comes great responsibility
26

26
Ethics
• Exploiting others’ vulnerabilities is illegal
• Each of us is responsible for his own behaviour

27

27-1
Ethics
• Exploiting others’ vulnerabilities is illegal
• Each of us is responsible for his own behaviour

27

27-2