Course Overview
The goal of this course is to understand the low-level details with respect to software security by examining the state of the art software vulnerabilities and attacks, such as memory exploits (e.g., ROP) and designing program analysis to reverse engineer the system details.
The learning outcome is students shall be able to understand and know
- Automated program analysis for the reverse engineering of the low level code. Static binary code analysis. Dynamic Binary code instrumentation. Data flow analysis and Program slicing.
- Vulnerability Discovery, Memory Exploits, and system defense. Understand the common software vulnerabilities such as buffer overflow, integer overflows. Understand how to develop exploits against each vulnerability, and understand how to bypass the state-of-the-art defense
Objectives
- Mastery of concepts and techniques of vulnerability assessment of software
- Familiarity with software hardening countermeasures
- Familiarity with common defense principles, and mechanisms for vulnerability exploitation
- Familiarity with fundamentals of secure coding practice
- Familiarity with software threats in new emerging platforms
Level and Credits
Undergraduate/Graduate 2 credits
Text Books
Required textbooks
Reference textbooks
Office Hours
- Instructor: M/W 2:00PM - 3:00PM (or by appointment). Office DL 787
- TA (Wubing Wang): T/TR 12:00-13:00 Baker 439
Prerequisites
This is a highly technical class. We expect students to have a strong technical background before taking this course. Students who have not taken a security class before or whom are otherwise unfamiliar with computer security will likely not be able to complete this class. Specifically, students should satisfy at least three of the following:
- Assembly code (Intel X86 preferred)
- CSE 2451 (advanced C programming)
- CSE 4471 (Information Security)
- CSE 5343 (Compiler Design and Implementation)
- Proficiency in a scripting language (python preferably)
- Familiarity with command line operation of Windows AND Linux
Course Policy
Late Policy
All late submissions will automatically lose 10 points per delayed day until the points in that project are gone.
Collaboration Policy
Students are encouraged to collaborate, particularly on the discussion on the course project. However, each individual must finish the project by him/her-self.
Cheating Policy
We will strictly follow the university policy on cheating and plagiarism which is available here. If you have any questions regarding this issue, please contact the instructor.
HOME SOURCE