Thinking outside the box

Adversarial behavior and unconventional attack vectors from security research

(course for PhD students - 2021 edition)

Get Started

Overview of the course

Never, ever, think outside the box

A glimpse on the mindset and tools of
software & systems security researchers.

Hardware vulnerabilities and attacks of the likes of Spectre, Meltdown, and Rowhammer have shattered the common perception of what makes a program secure. Beyond the exceptionality of the nature of such attacks, the mindset of security researchers historically strives to consider strong threat models and unexpected execution conditions, with users willing to sacrifice average-case performance for better security guarantees.

Unconventional attack vectors and instances of adversarial behavior require researchers to think outside the box to provide such guarantees to a satisfying extent, second-guessing the standard separation of concerns that has led computer scientists to develop analyses and defenses that target programs, libraries, operating systems, and hardware individually.

On a similar note, attackers may nowadays successfully target also ML systems with relatively low-effort adversarial behavior, with software classification systems as one of the most prominent cases.

This course aims to provide attendees with a primer of software and systems security principles, and present recent advances in relevant security topics that affect other computer science disciplines.

Its first edition is delivered as part of the educational activities of the PhD program in Engineering in Computer Science from Sapienza University of Rome, and is open to students from other institutions.

If you are interested in attending, please enroll here.


Lectures are scheduled every Monday 3.00-6.00 PM CET, starting on May 17 until June 14, 2021. Streaming on Zoom.

Lecture 1 (May 17)

Security characteristics of software nowadays are just as important as correctness and efficiency requirements. The lecture will touch on fundamentals of software and system security research, covering typical thought processes and methodologies, and providing examples of completeness and soundness issues for analyses and mitigations.
References: [1], [2]

Instructor: Daniele Cono D'Elia
Delayed to 4.00-7.00 PM CET

Lecture 2 (May 24)

Protecting software from reverse engineering attempts is important for vendors to combat piracy and intellectual property theft, and for threat actors too to shield their attack vectors. The lecture will cover anti-analysis techniques and software protection schemes that received most attention from the security community in recent years.
References: [3], [4]

Instructor: Daniele Cono D'Elia
Delayed to 4.00-7.00 PM CET

Lecture 3 (May 31)

The lecture will introduce the concept of adversarial attacks against ML systems, by using as example attacks against images classification systems and audio. It will then discuss recent attacks against anti-virus and malware detection techniques, giving an overview of the state of the art used against machine learning models used to automate the analysis of source code.
References: [5], [6]

Instructor: Giuseppe Antonio Di Luna

Lecture 4 (Jun 7)

Separation of concerns has led computer scientists to develop analyses and defenses that target programs, libraries, operating systems, and hardware individually. While their practical value is of utmost importance, attackers can breach through software defenses by targeting hardware glitches and side channels. The lecture will cover side channels against crypto code, transient execution attacks of the likes of Spectre, and other hardware attacks.
References: [7], [8]

Instructor: Daniele Cono D'Elia

Lecture 5 (Jun 14)

Weird machine attacks combine program bugs with extensional properties of software: attackers make a victim program or system execute semantics outside its intended behavior without adding any code to it. Weird machines are often Turing complete and challenge the way we think about and analyze software. The lecture will mainly cover code reuse attacks and data-only attacks.
References: [9], [10]

Instructor: Daniele Cono D'Elia

Final exam. The student will give a presentation detailing 2-3 papers assigned by the instructors on a topic of interest. Alternatively, they may agree on the development of a code prototype exercising a protection mechanism or attack.


  1. Software Security: Principles, Policies, and Protection

    Mathias Payer. “Software Security: Principles, Policies, and Protection”. Book, April 2019

  2. Adam Shostack. “Threat modeling: Designing for security”. Book, 2014.

  3. Zhui Deng et al. “Spider: Stealthy binary program instrumentation and debugging via hardware virtualization”. Annual Computer Security Applications Conference (ACSAC), 2013.

  4. Sebastian Schrittwieser et al. “Protecting Software through Obfuscation: Can It Keep Pace with Progress in Code Analysis?”. ACM Computing Surveys, 2016.

  5. Junkun Yuan et al. “Black-box Adversarial Attacks Against Deep Learning Based Malware Binaries Detection with GAN”. ECAI 2020.

  6. Noam Yefet et al. “Adversarial Examples for Models of Code”. ACM OOPSLA 2020.

  7. Bart Coppens et al. “Practical Mitigations for Timing-Based Side-Channel Attacks on Modern x86 Processors”. IEEE Symposium on Security and Privacy 2009.

  8. Daniel Gruss. “Transient-Execution Attacks and Defenses”. Book, June 2020.

  9. Hovav Shacham. “The Geometry of Innocent Flesh on the Bone”. ACM SIGSAC Conference on Computer and Communications Security (CCS), 2007.

  10. Sergey Bratus et al. “Exploit programming: From buffer overflows to weird machines and theory of computation.” USENIX ;login: magazine, 2011.


Daniele Cono D'Elia

Lead Instructor

Daniele is a post-doctoral researcher with Sapienza University of Rome. His research involves Software and Systems Security. He has been a Black Hat speaker for two times (2019, 2020).

Giuseppe Antonio Di Luna

Guest Lecturer

Giuseppe is a tenure-track assistant professor with Sapienza University of Rome. His research covers many aspects of Distributed Computing, Distributed Systems and Computer Security.


For any inquiry on the course, feel free to drop us a line at the email addresses reported on our academic home pages.