1. CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2015

2. 2 Course Information  Teacher: Cliff Zou  Office: HEC243 407-823-5015  Email: czou@cs.ucf.educzou@cs.ucf.edu  Office hour: TuTh 9:00am-10:30am  Course lecture time: TuTh 10:30am – 11:45am (Eng2-103)  Course Main Webpage:  http://www.cs.ucf.edu/~czou/CAP6135-15 http://www.cs.ucf.edu/~czou/CAP6135-15  Use the UCF WebCourse for homework submissions, discussion, and grading feedback  Online lecture video stream:  UCF Mediasite (Tegrity)  Recorded via my own Tablet PC in face-to-face sessions on every Monday and Wednesday morning  Video available in the late afternoon after each lecture  You can access video through the link in Webcourse “Modules” tab

3. Prerequisites  C programming language  Software security lecturing will mainly use C code as examples  Programming experience  Any programming language is fine  Knowledge on computer architecture  Know stack, heap, memory  For our buffer overflow programming project  Knowledge on OS, algorithm, networking  Basic usage of Unix machine  We will need to use Unix machine in our department: eustis2.eecs.ucf.edu, for some programming projects 3

4. 4 Objectives  Learn software vulnerability  Underlying reason for most computer security problems  Buffer overflow: stack, heap, integer  Buffer overflow defense:  stackguard, address randomization …  http://en.wikipedia.org/wiki/Buffer_overflow http://en.wikipedia.org/wiki/Buffer_overflow  How to build secure software  Software assessment, testing  E.g., Fuzz testing

5. 5 Objectives  Learn computer malware:  Malware: malicious software  Viruses, worms, botnets  Email virus/worm, spam, phishing, pharming  Spyware, adware  Trojan, rootkits,….  A good resource for reading:  http://en.wikipedia.org/wiki/Malware http://en.wikipedia.org/wiki/Malware  Learn their characteristics  Learn how to detect, monitoring  Learn how to defend

6. 6 Objective  Learn state-of-art research on malware and software security  Paper reading/presentation for selected milestone papers on related research topics  Face-to-face session students:  Required to participate in presentation of assigned papers, in-class discussion  Online students:  Read assigned paper, write review  Comment on in-class student’s presentation  Your evaluation will feedback to presenter!

7. 7 Course Materials  No required textbook. Reference books:  Building Secure Software: How to Avoid Security Problems the Right Way by John Viega, Gary McGraw  Software Security: Building Security In (Addison-Wesley Software Security Series) (Paperback) Gary McGraw  19 Deadly Sins of Software Security (Security One-off) by Michael Howard, David LeBlanc, John Viega  Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson  Reference courses:  CS161: Computer Security, By Dawn Song from UC, Berkley. CS161: Computer Security  Software Security, by Erik Poll from Radboud University Nijmegen. Software Security  Introduction to Software Security, by Vinod Ganapathy from Rutgers Introduction to Software Security  Wikipiedia: Great resource and tutorial for initial learning Wikipiedia  Other references as we go on:

8. 8 Grading Guideline  Coursework face-to-face online streaming  In-class presentation 18% N/A  In-class participation 6% N/A  Paper review reports N/A 24%  Homework 10% 10%  Program projects 36% 36%  Final term project 30% 30%  We will probably have three programming projects.  So you need to have experience in programming!

9. Course Assignment – face-to-face students  Paper presentation  In the later half to 1/3 of the class (when we finish lecturing on knowledge-based content), each class will have three face-to-face students present three selected milestone papers  Students are required to participate and provide discussion  Discussion will count in your grade!  Occupy about 1/3 to half of the course time  The other time is my lecture time  Only for face-to-face session students 9

10. Course Assignment – Online students  Write reports on about 10%-15% of presented papers  Provide comments on student presentation in your reports  Enforce online students to watch video  Collected/Anonymized comment feedback be accessible to everyone  A great help to improve student presentation  Even if you are not the presenter 10

11. 11 Programming projects  Probably will have 3 programming projects  Example:  Basic buffer overflow  Use Unix machine, learn stack, debugger (gdb)  Software fuzz testing  Find bugs in a provided binary program  Network monitoring and analysis  Using Wireshark to analyze captured network traffic

12. Term Project  A research like project  Two students as a group  Or yourself if you cannot find a partner  Will make you do more work  Group format help you to learn how to collaborate  Find topics by yourself  Must related to malware and software security  Provide topic proposal one and half month later  Result:  Submit report before semester ends (late April)  Report will look just like a research paper we read  Face-to-face students: present your project  Online students: submit your presentation slides with speaking notes on every page 12

13. 13  Questions?