SecAppDev 2020 Lecture Details

Introduction to low-level software security

Frank Piessens
Tuesday March 10, 11:00 - 12:30
Short description

Learn about memory management vulnerabilities, the attack techniques to exploit them, and the countermeasures that can be taken to defend against them.

Abstract

Languages like C or C++ are still very popular for low-level programming, for instance in systems programming, or for programming IoT devices. However, the use of these languages carries significant security risks. Memory management vulnerabilities in software developed in these languages have been and continue to be the most critical security vulnerabilities in software systems.

This session will discuss these vulnerabilities, the attack techniques to exploit them, and the countermeasures that can be taken to defend against them from first principles.

Key takeaway

The security risks of programming in languages like C/C++ and how to deal with these risks.

Content level

Introductory

Target audience

Anyone involved with developing or testing software in C or C++

Prerequisites

Participants need to know C well enough to read simple C programs, and must have a basic understanding of operating systems and compilers.


Frank Piessens

Frank Piessens

Full professor, KU Leuven

Frank Piessens is a full professor in the Department of Computer Science at the Katholieke Universiteit Leuven, Belgium. His research field is software security, where he focuses on the development of high-assurance techniques to deal with implementation-level software vulnerabilities and bugs, including techniques such as software verification, run-time monitoring, hardware security architectures, type systems and programming language design.

Full speaker profile


Related low-level security sessions

Hands-on introduction to Rust

One-day workshop by Jake Goulding and Carol Nichols

Haven't done any Rust? Want to know what makes Rust so special? Want the ability to ask two highly experienced Rust developers nuanced questions? Join us as we go hands-on with Rust, starting from an empty file and learning about the Rust ecosystem, pervasive and unique-to-Rust concepts, and areas where Rust truly shines.

Low-level security Thursday March 12, 09:00 - 17:30

How Rust helps us make safer and more secure code

Lecture by Jake Goulding

Rust promises to help us write better, safer code, but how exactly does it do so? Marketing can only convince us of so much. Join us to learn about the details for yourself.

Low-level security Tuesday March 10, 14:00 - 15:30

Rust - A Language for the Next 40 Years

Lecture by Carol Nichols

This session provides a high-level overview of the safety and stability of the Rust programming language in its historical context.

Low-level security Friday March 13, 11:00 - 12:30

Trusted Execution and how far you can trust it

Lecture by Jan Tobias Muehlberg

Modern processors provide Trusted Execution Environments that allow you to protect software components even from an untrusted operating system. Learn when and how to use them!

Low-level security Wednesday March 11, 09:00 - 10:30

Security of embedded devices - an introduction

Lecture by Lennert Wouters

This session introduces the main components of the embedded device ecosystem and some of the common security pitfalls. We do this by looking at real world examples and by demonstrating easy to use techniques.

Low-level security Friday March 13, 09:00 - 10:30