University of Minnesota
Development of Secure Software Systems

Course assignments

Problem set 1

Covering threat modeling and heap vulnerabilities. Questions here, C code for question 5. You may also want to refer to these extra notes on drawing data-flow diagrams. Optionally you can use this template (LaTeX, Google Doc, use Make a Copy) to prepare your submission.

Due online by Friday, February 9th at 11:59pm.

Project 0.5: BCBASIC

In this assignment you will audit and attack a C program with low-level vulnerabilities. Available now:

Project instructions (PDF)

BCBASIC source code

BCBASIC victim binary

Sample programs: hello.bcbas, bottles.bcbas, fib.bcbas, stmt-types.bcbas,

Project 1: memory safety in BCImgView

In this assignment you will threat model, attack, and write a security report on a Linux C program that has memory-safety and other low-level bugs. Available now:

Project instructions (PDF)

BCImgView source code

BCImgView victim binary

Sample input images (3.8MB)