CSE 5479: Software Security

---

Course Overview

The goal of this course is to understand the low-level details with respect to software security by examining the state of the art software vulnerabilities and attacks, such as memory exploits (e.g., ROP) and designing program analysis to reverse engineer the system details.

The learning outcome is students shall be able to understand and know

• Automated program analysis for the reverse engineering of the low level code. Static binary code analysis. Dynamic Binary code instrumentation. Data flow analysis and Program slicing.
• Vulnerability Discovery, Memory Exploits, and system defense. Understand the common software vulnerabilities such as buffer overflow, integer overflows. Understand how to develop exploits against each vulnerability, and understand how to bypass the state-of-the-art defense

Objectives

• Mastery of concepts and techniques of vulnerability assessment of software
• Familiarity with software hardening countermeasures
• Familiarity with common defense principles, and mechanisms for vulnerability exploitation
• Familiarity with fundamentals of secure coding practice
• Familiarity with software threats in new emerging platforms

Level and Credits

Undergraduate/Graduate 2 credits

---

Text Books

Required textbooks

• None

Reference textbooks

• [CSAPP] Randal E. Bryant and David R. O'Hallaron. ``Computer Systems: A Programmer's Perspective, 2/E''
• [AOE] Erickson, Jon. ``Hacking: The Art of Exploitation'' 2nd Edition
• [PPA] Nielson, Flemming, Nielson, Hanne R., Hankin, Chris. ``Principles of Program Analysis''. Springer.
• [TSH] Kozoil, Jack. ``The Shellcoder's Handbook: Discovering and Exploiting Security Holes''
• [CRH] Ed Skoudis; Tom Liston. ``Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses'', Second Edition
• [SRE] Eldad Eilam. ``Reversing: Secrets of Reverse Engineering''

Office Hours

• Instructor: M/W 2:00PM - 3:00PM (or by appointment). Office DL 787
• TA (Wubing Wang): T/TR 12:00-13:00 Baker 439

Prerequisites

This is a highly technical class. We expect students to have a strong technical background before taking this course. Students who have not taken a security class before or whom are otherwise unfamiliar with computer security will likely not be able to complete this class. Specifically, students should satisfy at least three of the following:

• Assembly code (Intel X86 preferred)
• CSE 2451 (advanced C programming)
• CSE 4471 (Information Security)
• CSE 5343 (Compiler Design and Implementation)
• Proficiency in a scripting language (python preferably)
• Familiarity with command line operation of Windows AND Linux

Course Policy

Late Policy

All late submissions will automatically lose 10 points per delayed day until the points in that project are gone.

Collaboration Policy

Students are encouraged to collaborate, particularly on the discussion on the course project. However, each individual must finish the project by him/her-self.

Cheating Policy

We will strictly follow the university policy on cheating and plagiarism which is available here. If you have any questions regarding this issue, please contact the instructor.

---

HOME SOURCE