CSE 5479: Software Security Friday 2:00-4:20PM DL 264 $Id: fall2018b.t2t, v1.0, last updated %%mtime(%c) Exp $ %! Target: %! Options: --toc --css-sugar --encoding=iso-8859-1 %! Style: tech.css %! PreProc: %! PostProc: --------------------------------------------------------------------------- === Course Overview === The goal of this course is to understand the low-level details with respect to software security by examining the state of the art software vulnerabilities and attacks, such as memory exploits (e.g., ROP) and designing program analysis to reverse engineer the system details. The learning outcome is students shall be able to understand and know - Automated program analysis for the reverse engineering of the low level code. Static binary code analysis. Dynamic Binary code instrumentation. Data flow analysis and Program slicing. - Vulnerability Discovery, Memory Exploits, and system defense. Understand the common software vulnerabilities such as buffer overflow, integer overflows. Understand how to develop exploits against each vulnerability, and understand how to bypass the state-of-the-art defense === Objectives === - Mastery of concepts and techniques of vulnerability assessment of software - Familiarity with software hardening countermeasures - Familiarity with common defense principles, and mechanisms for vulnerability exploitation - Familiarity with fundamentals of secure coding practice - Familiarity with software threats in new emerging platforms ==== Level and Credits ==== Undergraduate/Graduate 2 credits --------------------------------------------------------------------------- === Text Books === ====Required textbooks==== - None ====Reference textbooks==== - [CSAPP] Randal E. Bryant and David R. O'Hallaron. [``Computer Systems: A Programmer's Perspective, 2/E'' http://csapp.cs.cmu.edu/] - [AOE] Erickson, Jon. [``Hacking: The Art of Exploitation'' 2nd Edition http://proquest.safaribooksonline.com/book/networking/security/9781593271442] - [PPA] Nielson, Flemming, Nielson, Hanne R., Hankin, Chris. ``Principles of Program Analysis''. Springer. - [TSH] Kozoil, Jack. [``The Shellcoder's Handbook: Discovering and Exploiting Security Holes'' http://proquest.safaribooksonline.com/book/networking/security/9780470080238] - [CRH] Ed Skoudis; Tom Liston. [``Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses'', Second Edition http://proquest.safaribooksonline.com/9780131481046] - [SRE] Eldad Eilam. [``Reversing: Secrets of Reverse Engineering'' http://proquest.safaribooksonline.com/book/software-engineering-and-development/9780764574818] === Office Hours === - Instructor: M/W 2:00PM - 3:00PM (or by appointment). Office DL 787 - TA (Wubing Wang): T/TR 12:00-13:00 Baker 439 === Prerequisites === This is a highly technical class. We expect students to have a strong technical background before taking this course. Students who have not taken a security class before or whom are otherwise unfamiliar with computer security will likely not be able to complete this class. Specifically, students should satisfy at least **three** of the following: - Assembly code (Intel X86 preferred) - CSE 2451 (advanced C programming) - CSE 4471 (Information Security) - CSE 5343 (Compiler Design and Implementation) - Proficiency in a scripting language (python preferably) - Familiarity with command line operation of Windows AND Linux === Course Policy === ==== Late Policy ==== All late submissions will automatically lose 10 points per delayed day until the points in that project are gone. ==== Collaboration Policy ==== Students are encouraged to collaborate, particularly on the discussion on the course project. However, each individual must finish the project by him/her-self. ==== Cheating Policy ==== We will strictly follow the university policy on cheating and plagiarism which is available [here https://oaa.osu.edu/academic-integrity-and-misconduct]. If you have any questions regarding this issue, please contact the instructor. %!include: ''new.js'' --------------------------------------------------------------------------- [HOME index.html] [SOURCE %%infile]