University of Minnesota
Development of Secure Software Systems

Course assignments

Problem set 1

Covering threat modeling and heap vulnerabilities. Questions here, C code for question 5. You may also want to refer to these extra notes on drawing data-flow diagrams.

Due on Canvas by Friday, February 17th at 11:59pm.

Project 0.5: BCBASIC

In this assignment you will audit and attack a Linux C program with low-level vulnerabilities. Available now:

Project instructions (PDF)

BCBASIC source code

BCBASIC victim binary

Sample programs: hello.bcbas, bottles.bcbas, bignum.bcbas, fib.bcbas.

Project 1: memory safety in BCImgView

In this assignment you will threat model, attack, and write a security report on a Linux C program that has memory-safety and other low-level bugs. Available now:

Project instructions (PDF), updated 4/12

BCImgView source code

BCImgView victim binary

Sample input images (3.8MB)