Course introduction

288 views
243 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
288
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Course introduction

  1. 1. CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2010
  2. 2. Course Information <ul><li>Teacher: Cliff Zou </li></ul><ul><ul><li>Office: HEC335 407-823-5015 </li></ul></ul><ul><ul><li>Email: [email_address] </li></ul></ul><ul><ul><li>Office hour: TuTh 1pm – 3pm </li></ul></ul><ul><ul><li>TA: TBD </li></ul></ul><ul><li>Course Webpage: </li></ul><ul><ul><li>Course time: Tuesday/Thursday 3pm – 4:15pm </li></ul></ul><ul><ul><li>http://www.cs.ucf.edu/~czou/CAP6135/index.html </li></ul></ul><ul><ul><li>Use WebCourse for homework submissions, and grading feedback </li></ul></ul><ul><li>Online lecture video stream: </li></ul><ul><ul><li>UCF Tegrity </li></ul></ul><ul><ul><ul><li>http://tegrity.ucf.edu/listallcourses/listing.aspx </li></ul></ul></ul><ul><ul><ul><li>Recorded by myself via my Tablet PC </li></ul></ul></ul><ul><ul><ul><li>Video available usually two hours after each lecture </li></ul></ul></ul>
  3. 3. Prerequisites <ul><li>C programming language </li></ul><ul><ul><li>For our program projects </li></ul></ul><ul><li>Knowledge on computer architecture </li></ul><ul><ul><li>Know stack, heap, memory </li></ul></ul><ul><li>Knowledge on OS, algorithm, networking </li></ul><ul><li>Basic usage of Unix machine </li></ul><ul><ul><li>We will need to use Unix machine in our department: eustis.eecs.ucf.edu, for programming projects </li></ul></ul>
  4. 4. Objectives <ul><li>Learn software vulnerability </li></ul><ul><ul><li>Underlying reason for most computer security problems </li></ul></ul><ul><ul><li>Buffer overflow: stack, heap, integer </li></ul></ul><ul><ul><li>Buffer overflow defense: </li></ul></ul><ul><ul><ul><li>stackguard, address randomization … </li></ul></ul></ul><ul><ul><ul><li>http://en.wikipedia.org/wiki/Buffer_overflow </li></ul></ul></ul><ul><ul><li>How to build secure software </li></ul></ul><ul><ul><li>Software assessment, testing </li></ul></ul><ul><ul><ul><li>E.g., Fuzz testing </li></ul></ul></ul>
  5. 5. Objectives <ul><li>Learn computer malware: </li></ul><ul><ul><li>Malware: malicious software </li></ul></ul><ul><ul><li>Viruses, worms, botnets </li></ul></ul><ul><ul><li>Email virus/worm, spam, phishing, pharming </li></ul></ul><ul><ul><li>Spyware, adware </li></ul></ul><ul><ul><li>Trojan, rootkits,…. </li></ul></ul><ul><li>A good resource for reading: </li></ul><ul><ul><li>http://en.wikipedia.org/wiki/Malware </li></ul></ul><ul><li>Learn their characteristics </li></ul><ul><li>Learn how to detect </li></ul><ul><li>Learn how to defend </li></ul>
  6. 6. Objective <ul><li>Learn state-of-art research on malware and software security </li></ul><ul><ul><li>Paper reading/presentation for selected milestone papers on related research topics </li></ul></ul><ul><ul><li>Lecture session students: </li></ul></ul><ul><ul><ul><li>Required to participate in presentation of assigned papers, in-class discussion </li></ul></ul></ul><ul><ul><li>Online students: </li></ul></ul><ul><ul><ul><li>Read assigned paper, write review </li></ul></ul></ul><ul><ul><ul><li>Comment on in-class student’s presentation </li></ul></ul></ul><ul><ul><ul><li>Your evaluation will feedback to presenter! </li></ul></ul></ul>
  7. 7. Course Materials <ul><li>No required textbook. Reference books: </li></ul><ul><ul><li>Building Secure Software: How to Avoid Security Problems the Right Way  by John Viega, Gary McGraw </li></ul></ul><ul><ul><li>Software Security: Building Security In (Addison-Wesley Software Security Series) (Paperback) Gary McGraw </li></ul></ul><ul><ul><li>19 Deadly Sins of Software Security (Security One-off)  by Michael Howard, David LeBlanc, John Viega </li></ul></ul><ul><ul><li>Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson </li></ul></ul><ul><li>Reference courses: </li></ul><ul><ul><li>CS161: Computer Security , By Dawn Song from UC, Berkley. </li></ul></ul><ul><ul><li>Software Security , by Erik Poll from Radboud University Nijmegen. </li></ul></ul><ul><ul><li>Introduction to Software Security , by Vinod Ganapathy from Rutgers </li></ul></ul><ul><ul><li>Wikipiedia : Great resource and tutorial for initial learning </li></ul></ul><ul><li>Other references as we go on: </li></ul><ul><ul><li>First time to teach it, learn as it goes on </li></ul></ul>
  8. 8. Grading Guideline <ul><li>Coursework      face-to-face     online streaming </li></ul><ul><ul><li>In-class presentation      20%                     N/A </li></ul></ul><ul><ul><li>In-class participation     10%                     N/A </li></ul></ul><ul><ul><li>Paper review reports      N/A                       25% </li></ul></ul><ul><ul><li>Homework                    15%                      20% </li></ul></ul><ul><ul><li>Program projects            25%                      25% </li></ul></ul><ul><ul><li>Final term project            30%                     30% </li></ul></ul>
  9. 9. Course Assignment – face-to-face students <ul><li>Paper presentation </li></ul><ul><ul><li>Each class will have two students present two selected milestone papers </li></ul></ul><ul><ul><li>Students are required to participate and provide discussion </li></ul></ul><ul><ul><li>Discussion will count in your grade! </li></ul></ul><ul><li>Occupy about half of the course time </li></ul><ul><ul><li>The other half is my lecture time </li></ul></ul><ul><li>Only for face-to-face students </li></ul>
  10. 10. Course Assignment – Online students <ul><li>Write reports on 50% of presented papers </li></ul><ul><li>Provide comments on student presentation in your reports </li></ul><ul><ul><li>Enforce online students to watch video </li></ul></ul><ul><ul><li>Collected/Anonymized comment feedback be accessible to everyone </li></ul></ul><ul><ul><li>A great help to improve student presentation </li></ul></ul><ul><ul><ul><li>Even if you are not the presenter </li></ul></ul></ul>
  11. 11. Programming projects <ul><li>Probably will have 3 programming projects </li></ul><ul><li>Example: </li></ul><ul><ul><ul><li>Basic buffer overflow </li></ul></ul></ul><ul><ul><ul><li>Software fuzz testing </li></ul></ul></ul><ul><ul><ul><li>Internet worm propagation simulation (maybe changed on this one) </li></ul></ul></ul>
  12. 12. Term Project <ul><li>A research like project </li></ul><ul><ul><li>Two students as a group </li></ul></ul><ul><ul><ul><li>Or yourself if you cannot find a partner </li></ul></ul></ul><ul><ul><ul><ul><li>Will make you do more work </li></ul></ul></ul></ul><ul><ul><ul><li>Group format help you to learn how to collaborate </li></ul></ul></ul><ul><ul><li>Find topics by yourself </li></ul></ul><ul><ul><ul><li>Must related to malware and software security </li></ul></ul></ul><ul><ul><ul><li>Provide topic proposal one and half month later </li></ul></ul></ul><ul><ul><li>Result: </li></ul></ul><ul><ul><ul><li>Submit report in early April </li></ul></ul></ul><ul><ul><ul><ul><li>Report will look just like a research paper we read </li></ul></ul></ul></ul><ul><ul><ul><li>Face-to-face students: present your project </li></ul></ul></ul><ul><ul><ul><li>Online students: submit your presentation slides with speaking notes on every page </li></ul></ul></ul>
  13. 13. <ul><li>Questions? </li></ul>

×