On behalf of the Institute of Cybersecurity and Privacy, UGA, I would like to invite you to join us in our upcoming UGA Capture The Flag (CTF) Workshop. This workshop will be open to all UGA Computer Science and CyberSecurity&Privacy students who are interested in learning practical cybersecurity skills and potentially joining the UGA CTF…
Secure Programming [CSCI 8245]
This is a special course I teach at the University of Georgia every Spring semester. This is a senior grad class. In this course, students will first learn about security threats of unsafe language and program analysis methods to identify software vulnerabilities. Later, the class will continue based on the fastest-growing memory-safe language (i.e. Rust)…
IoT Firmware Security: Navigating Stripped Environments Across Platforms
Beyond Memory Safety: Navigating the Challenges of Learning and Development in Rust
CyberSecurity [CSCI 4250/6250]
This is a regular course I teach at the University of Georgia every Fall semester. This is a combined class (i.e. both undergrads and grads students are welcome). This is an introductory class on cybersecurity where we mostly focus on software, system, web, and network security with a minor in cryptography, mobile, hardware, IoT, AI…
Research Review: Fuzzing Linux Kernel
MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation Link: https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-pailoor.pdfSource Code: N/A Summary: Syzkaller is one of the most popular kernel fuzzer. It generates a sequence of random system calls. Due to the randomness, most of them are unrealistic cases. They lose the efficiency because they don’t consider dependency (both implicit and explicit) among system…
Research Review: Control Flow Integrity
GRIFFIN: Guarding Control Flows Using Intel Processor Trace Link:https://dl.acm.org/citation.cfm?id=3037716Source Code:https://github.com/TJAndHisStudents/Griffin-Trace Summary: The author only attempt to prove the performance overhead optimization using Intel PT for online verification. They claim to verify the enforcement policy for both backward and forward indirect control transfer with different strictness of policy when they completely discard the discussion regarding how they…
Fuzzing Challenges: Exploring Technical Hurdles for Effective Security Testing
Coming soon …
Unlocking the Potential: Exploring Challenges and Applications of Trusted Execution Environments for Enhanced Security
Coming soon …