-
Secure Programming [CSCI 8245]
This is a special course I teach at the University of Georgia every Spring semester. This is a senior grad class. In this course, students will first learn about security threats of unsafe language and program analysis methods to identify software vulnerabilities. Later, the class will continue based on the fastest-growing memory-safe language (i.e. Rust)… — read more
-
CyberSecurity [CSCI 4250/6250]
This is a regular course I teach at the University of Georgia every Fall semester. This is a combined class (i.e. both undergrads and grads students are welcome). This is an introductory class on cybersecurity where we mostly focus on software, system, web, and network security with a minor in cryptography, mobile, hardware, IoT, AI… — read more
-
Building Your Own Clang LibTool: A Step-by-Step Tutorial
Technically, Clang receives an Abstract Syntax Tree (AST), build by Clang Parser (clang/Parse/*), not the input C/C++ code (although Parser is part of Clang code base). There is obviously a Lexer in between this process, but neither Lexer nor Parser is our focus in this tutorial. Clang is responsible to convert the AST to LLVM… — read more
-
System and Software Security Research Conference
Several conferences focus on security, including top-tier and flagship events, where publishing your work should be a priority. Additionally, individual top-tier systems and software conferences can also be good choices for publishing your research. I have categorized the conferences accordingly: Top-tier Security Conference * IEEE Symposium on Security and Privacy (S&P/Oakland)* ACM Computer and Communications Security (CCS) * USENIX… — read more
-
SVF: Interprocedural Static Value-Flow Analysis in LLVM
SVF is a static analysis framework implemented in LLVM that allows value-flow construction and pointer analysis to be performed in an iterative manner (sparse analysis – analysis conducted into stages, from overapproximate analysis to precise, expensive analysis). It uses (default) points-to information from Andersen’s analysis and constructs an interprocedural memory SSA (Static-Single Assignment) form where… — read more
-
Intel Pin Tool
The most difficult part of doing research is prototyping. Especially when it’s about security, its a must one. A researcher has to prove the proposed system is legitimate. It’s true for both attack and defense. Researchers greatly depend on existing technology and software to implement their prototype. It cuts the development time to start from… — read more