This course studies the nature of software bugs and security vulnerabilities arising in complex application domains and surveys specialized program analysis + automated testing techniques for identifying such issues proactively. The course will take a tour of various domains such as mobile systems, databases, web browsers, distributed and networked systems, autonomous vehicles, and smart contracts. For each domain, the class will review case studies of high-impact software bugs that have manifested in production and will then discuss state-of-the-art research techniques that aim to uncover such bugs automatically. Apart from the literature review, students will engage significantly with software system design + engineering via hands-on assignments and a semester-long project; these activities will involve working with real-world applications and analysis tools for one or more domains.
Spring 2023, 12 units
Class: Tue/Thu 5pm-6:20pm in WEH 3203
Office hours: TBD in TCS 325
Should I take this course?
Note: This is not a traditional lecture-based course. Classes will often consist of group discussions and student-led presentations, based on assigned readings of research papers, online articles, or case studies on open-source software.
- For students doing research in the areas of programming languages, software engineering, computer systems, or security: this course will provide exposure to (a) a number of new application domains and the challenges of reasoning about software in those domains, and (b) techniques for leveraging domain-specific assumptions in order apply their research to new problems.
- For students targeting careers in security, software quality, or as domain experts: this course will (a) provide an introduction to a wide array of techniques for highly specialized software analysis and bug finding, and (b) help develop a knack for acquiring knowledge about state-of-the-art techniques from academic literature and prototyping with associated tools and artifacts.
- For students with a general interest in program analysis and security, this course will provide an opportunity to learn about and discuss a variety of different approaches to automated bug finding, as well as to engage in hands-on tool building through assignments and the course project.
Students completing this course should be able to:
- Identify practical challenges of applying well known program analysis techniques to a variety of application domains.
- Formulate and leverage domain-specific assumptions for making program analysis tractable and useful in a specialized setting.
- Build practical tools for improving software quality in real-world systems.
This course is open to PhD and Masters students interested in software engineering, program analysis, and/or security. The course assumes some background in understanding the source of common software bugs (e.g., buffer overflows) and dealing with program representations (e.g., abstract syntax trees) or automated testing tools (e.g., fuzzing). Any one of the following courses serve as sufficient prerequisites: 18-335/732 (Secure Software Systems), 14-735 (Secure Coding), 17-355/665/819 (Program Analysis), 15-411/611 (Compiler Design), 15-414 (Bug Catching), 15-330/18-330/18-730 (Intro to Computer Security). 14-741/18-631 (Intro to Information Security) may also be sufficient, depending on background or related coursework. If you have taken a course equivalent to any of the listed pre-requisites in a different institution, or if you think you may have the required background based on other experiences (e.g., participating in CTFs or working in industry), please register and contact the instructor via email.
Degree Requirements Fulfilled
Masters: TBD. Contact the instructor to request.
PhD students: TBD. Contact the instructor to request.
Tentatively, the course will cover the following topics and associated readings.
- Overview of general techniques for finding software bugs (fuzzing, taint analysis and symbolic execution).
- Mobile systems (FlowDroid, etc.)
- Database systems (SQLancer, etc.)
- Networked systems (AFLNet, etc.)
- Web browsers (Sys, etc.)
- .. (this list keeps evolving)
40% across two hands-on assignments, 30% final project, 15% pre-class reading responses, 15% in-class participation
The following schedule of topics is tentative and will be updated in real time during the semester.
|Date||Topic||Reading/Material||Assignments Due||Optional Reading|
|Mar 7 & 9||Spring break; no class|
|Apr 13||Spring carnival; no class|
|TBD (May 1--8)||Final Presentations||Project Reports|