Software Security 2
Summer 2025Team
- Prof. Dr. Kevin Borgolte
- Tobias Holl
- Felipe Novais
Time and Place
- Lecture: Wed 10-12, MC 1/54
- Exercise: Thur 12-14, MC 1/54
Course Description and Syllabus
The course covers the area of software security and vulnerability discovery and vulnerability verification, focusing on:
- Attacks on Just-in-time Compilers
- Sandboxing Techniques
- Browser Vulnerabilities
- Kernel and Hypervisor Vulnerabilities
- Non-x86 Architectures
- Non-Linux Operating Systems
- Automated Exploit/Verification Synthesis
Goals
At the end of this course, students will be able to:
- classify and describe complex vulnerabilities and advanced protection mechanisms of a diverse set of software systems
- analyze and reason about protection mechanisms for modern software systems across its layers from userspace to kernel to hypervisor
- identify end-to-end vulnerabilities in software systems
- develop proofs of concept exploits/verifications to show the existence of an end-to-end vulnerability in a modern software system with modern defenses
- understand how to write code defensively to reduce the risk of vulnerabilities
Prerequisites
Prior knowledge about programming in Python, C, and assembler is highly recommended.
The following courses (or equivalent) are required:
- System Security (211011)
- Operating Systems (211005)
- Software Security 1 (212026)
In exceptional circumstances and on written request only, this requirement may be waived by the responsible lecturer.
Exam
The exam is a practical exam spanning the lecture period of the semester.
The exact exam schedule and details will be communicated during the first lecture.