1 / 13

CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2010

CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2010. Course Information. Teacher: Cliff Zou Office: HEC335 407-823-5015 Email: czou@cs.ucf.edu Office hour: TuTh 1pm – 3pm TA: TBD Course Webpage: Course time: Tuesday/Thursday 3pm – 4:15pm

cward
Télécharger la présentation

CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2010

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CAP6135: Malware and Software Vulnerability Analysis Cliff ZouSpring 2010

  2. Course Information • Teacher: Cliff Zou • Office: HEC335 407-823-5015 • Email: czou@cs.ucf.edu • Office hour: TuTh 1pm – 3pm • TA: TBD • Course Webpage: • Course time: Tuesday/Thursday 3pm – 4:15pm • http://www.cs.ucf.edu/~czou/CAP6135/index.html • Use WebCourse for homework submissions, and grading feedback • Online lecture video stream: • UCF Tegrity • http://tegrity.ucf.edu/listallcourses/listing.aspx • Recorded by myself via my Tablet PC • Video available usually two hours after each lecture

  3. Prerequisites • C programming language • For our program projects • Knowledge on computer architecture • Know stack, heap, memory • Knowledge on OS, algorithm, networking • Basic usage of Unix machine • We will need to use Unix machine in our department: eustis.eecs.ucf.edu, for programming projects

  4. Objectives • Learn software vulnerability • Underlying reason for most computer security problems • Buffer overflow: stack, heap, integer • Buffer overflow defense: • stackguard, address randomization … • http://en.wikipedia.org/wiki/Buffer_overflow • How to build secure software • Software assessment, testing • E.g., Fuzz testing

  5. Objectives • Learn computer malware: • Malware: malicious software • Viruses, worms, botnets • Email virus/worm, spam, phishing, pharming • Spyware, adware • Trojan, rootkits,…. • A good resource for reading: • http://en.wikipedia.org/wiki/Malware • Learn their characteristics • Learn how to detect • Learn how to defend

  6. Objective • Learn state-of-art research on malware and software security • Paper reading/presentation for selected milestone papers on related research topics • Lecture session students: • Required to participate in presentation of assigned papers, in-class discussion • Online students: • Read assigned paper, write review • Comment on in-class student’s presentation • Your evaluation will feedback to presenter!

  7. Course Materials • No required textbook. Reference books: • Building Secure Software: How to Avoid Security Problems the Right Way  by John Viega, Gary McGraw • Software Security: Building Security In (Addison-Wesley Software Security Series) (Paperback) Gary McGraw • 19 Deadly Sins of Software Security (Security One-off)  by Michael Howard, David LeBlanc, John Viega • Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson • Reference courses: • CS161: Computer Security, By Dawn Song from UC, Berkley. • Software Security, by Erik Poll from Radboud University Nijmegen. • Introduction to Software Security, by Vinod Ganapathy from Rutgers • Wikipiedia: Great resource and tutorial for initial learning • Other references as we go on: • First time to teach it, learn as it goes on

  8. Grading Guideline • Coursework      face-to-face     online streaming • In-class presentation      20%                     N/A • In-class participation     10%                     N/A • Paper review reports      N/A                       25% • Homework                    15%                      20% • Program projects            25%                      25% • Final term project            30%                     30%

  9. Course Assignment – face-to-face students • Paper presentation • Each class will have two students present two selected milestone papers • Students are required to participate and provide discussion • Discussion will count in your grade! • Occupy about half of the course time • The other half is my lecture time • Only for face-to-face students

  10. Course Assignment – Online students • Write reports on 50% of presented papers • Provide comments on student presentation in your reports • Enforce online students to watch video • Collected/Anonymized comment feedback be accessible to everyone • A great help to improve student presentation • Even if you are not the presenter

  11. Programming projects • Probably will have 3 programming projects • Example: • Basic buffer overflow • Software fuzz testing • Internet worm propagation simulation (maybe changed on this one)

  12. Term Project • A research like project • Two students as a group • Or yourself if you cannot find a partner • Will make you do more work • Group format help you to learn how to collaborate • Find topics by yourself • Must related to malware and software security • Provide topic proposal one and half month later • Result: • Submit report in early April • Report will look just like a research paper we read • Face-to-face students: present your project • Online students: submit your presentation slides with speaking notes on every page

  13. Questions?

More Related