Introduction

EEMCS / SCS

INTRODUCTION

ERIK TEWS

9 NOVEMBER 2020 SOFTWARE SECURITY 2020 1 ABOUT ME

• I‘m Erik • Assistant Professor at the University of Twente since 3 years • Previously in Darmstadt and Birmingham • I like programming • I like security

2 9 November 2020 Software Security 2020 ABOUT THIS LECTURE STRUCTURE

• I will provide you with some teaching material upfront • Videos but also articles • We will later on discuss this • We can have video conferences • And we can also use the breakout rooms there • And then we will have the opportunity to try things together • We will have lab sessions online • And potentially on the campus as well • And we can use a chat for the lecture where you can get help

4 CONTENT

• Low level programming bugs in C • How buffer overflows and memory corruption affect the security • More secure low level languages (Rust) • Rust is a modern and memory safe low level language • Automated and advanced tools to detect bugs • Code checkers, verification, fuzzing and more • Modern software development and web security • How to use all those tools in a modern development environment

5 TIME PLANNING

• I will try to hand out all assignments in 2020 • In 2021, no (significant) new topics will be added • We will spend more time with discussing your results • In a nutshell: • More work for you in 2020 • Less in the last weeks of the course

6 WHO THE COURSE IS MADE FOR

• People who like programming • And would like to be able to write better and more secure code • And do that in a larger group • People who manage software projects • And are responsible for the security in their projects • I‘m sorry, but you need to learn something about programming as well

7 TECHNOLOGY

• We will do coding in C, Rust and a high level language • We will use git and https://gitlab.utwente.nl/ • Most of the tools we use work best on Linux • Windows users may use WSL2 and/or a VM • MacOS users should probably use a Linux VM (Ubuntu or whatever you like) • And we will use Zulip • Please join using this link • https://zulip.eemcs.utwente.nl/join/rkhk004pajjaigr3h3a3gyyy/

8 VIDEO CONFERENCING

• We are currently on Zoom • Probably the best solution from a technology point of view • We could also use Microsoft Teams • The university uses it anyway • And we could use Canvas Conferences • Nice integration with Canvas

9 ASSIGNMENTS AND EXAMS

• There will be some assignments for each of the 4 topics • You will work in groups of 2 on them • And sometimes with other groups as well • Grades for those assignment sets can be • Not sufficient – you screwed it up! • Sufficient – it’s OK but we are not impressed • Excellent – we are impressed! • You need at least 3x sufficient or better to go to the exam • An excellent gives you a 0,5 bonus on the exam mark (3x max)

10 THE EXAM

• Currently we plan a traditional exam written on Chromebooks • I know that there are some who would like to avoid the campus at the moment • And we don‘t know what the next Covid19 rule change will bring • Possible alternatives • Oral online exam • A final project • A combination of both

11 WHAT THE COURSE IS BASED ON

• The course from 2017 given by Jaco van de Pol • Who based it on: • A course from the University of Maryland • And a course by Erik Poll, Radboud University

12 YOUR TASKS NOW

• Try to find answers to the following questions • How good are you in programming? • What do you expect from the course? • Would you (now) like to come to the campus once a week? • Which online conferencing solution do you like? • Shell we record the common part of the conferences? • Which examination mode do you like? • And do that in breakout rooms • I might join you there

13 BREAK OUT ROOMS

14 YOUR NEXT TASKS

• You need to find a team mate • When you don’t know someone yet • Ask in Zulip: https://zulip.eemcs.utwente.nl/#narrow/stream/93-CS- SoftSec.202020.20Teamfinding • Join a team finding event on Wednesday 15:45 • Feel free to submit a slide about you upfront (Tuesday evening) • Until Thursday 23:59 • Join a team on Canvas • Login once on https://gitlab.utwente.nl/ • Join Zulip https://zulip.eemcs.utwente.nl/join/rkhk004pajjaigr3h3a3gyyy/

15 ABOUT ZULIP

• It’s a chat like Slack, Mattermost, Discord… • One major difference: Every message has a topic • Similar to threads in Slack • Makes it very easy to group messages and catch up with them • Chatting about software is really nice there due to syntax highlighting • And you can link bots as well • And you even get nice mobile apps • And you can have your private team channel there as well

16 ZULIP CHANNELS

• #CS SoftSec 2020 General • General questions about the course, help with assignments • #CS SoftSec 2020 Teamfinding • When you are still looking for a team member • #CS SoftSec 2020 Announcements • Important announcements you should read • #Playground • When you are new to Zulip and like to play around • Stuff you can safely ignore

17 LOGGING IN TO ZULIP

• Join the first time via the link we provide • Use your Utwente email address and pasword • When it doesn‘t work: • Go to https://tap.utwente.nl/ • Change your password once • Wait a few minutes • Try again

18 LOGGING IN TO GITLAB

• Go to https://gitlab.utwente.nl • Use your s-number and your Utwente password • When it doesn‘t work, try the same procedure as for Zulip • When it still doesn‘t work: Contact the ICT servicedesk

19 QUESTIONS?