CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2015.

Slides:



Advertisements
Similar presentations
CS 858 – Hot Topics in Computer and Communications Security Fall 2010 Introduction.
Advertisements

Introduction 1-1 CS6204 Recent Advances in Computer Security and Privacy 3-credit graduate-level seminar Danfeng (Daphne) Yao Spring 2010 Office hours:
COMP171 Data Structures and Algorithms Spring 2009.
Welcome to EECS 354 Network Penetration and Security.
Welcome to CS 450 Internet Security: A Measurement-based Approach.
COMP171 Data Structures and Algorithm Qiang Yang Lecture 1 ( Fall 2006)
Operating Systems CS 502. Topics F Background F Admin Stuff F Motivation F Objectives F Operating Systems!
COMP 14 – 02: Introduction to Programming Andrew Leaver-Fay August 31, 2005 Monday/Wednesday 3-4:15 pm Peabody 217 Friday 3-3:50pm Peabody 217.
COMS W1004 Introduction to Computer Science May 27, 2009.
Developing Secure Systems Introduction Jan 8, 2013 James Joshi, Associate Professor.
ECS15: Introduction to Computers Fall 2013 Patrice Koehl
Computer Science 102 Data Structures and Algorithms V Fall 2009 Lecture 1: administrative details Professor: Evan Korth New York University 1.
A First Course in Information Security
CS 3305 Course Overview. Introduction r Instructor: Dr Hanan Lutfiyya r Office: MC 355 r hanan at csd dot uwo ca r Office Hours: m Drop-by m Appointment.
CS 458 Internet Engineering Instructor: Prof. Jörg Liebeherr University of Virginia.
COMP Introduction to Programming Yi Hong May 13, 2015.
1 CDA6938 Special Topic: Research in Computer and Network Security (spring’07) Class Overview.
Lecture 1 Page 1 CS 239, Fall 2010 Introduction CS 239 Advanced Topics in Computer Security Peter Reiher September 23, 2010.
Course Introduction Software Engineering
CST 229 Introduction to Grammars Dr. Sherry Yang Room 213 (503)
Term Project Description CAP6135 Spring Term Project Two students form a group to do term project together – A research oriented term project.
Catie Welsh January 10, 2011 MWF 1-1:50 pm Sitterson 014.
CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2010.
Data Structures (Second Part) Lecture 1 Bong-Soo Sohn Assistant Professor School of Computer Science and Engineering Chung-Ang University.
Introduction to Data Structures
Computer Science 102 Data Structures and Algorithms CSCI-UA.0102 Fall 2012 Lecture 1: administrative details Professor: Evan Korth New York University.
Engineering Secure Software. Vulnerability of the Day  Each day, we will cover a different type of code-level vulnerability Usually a demo How to avoid,
Programming In Perl CSCI-2230 Thursday, 2pm-3:50pm Paul Lalli - Instructor.
Introduction 1-1 Lecture 1 University of Nevada – Reno Computer Science & Engineering Department Fall 2015 CPE 400 / 600 Computer Communication Networks.
CS 858 – Hot Topics in Computer and Communications Security Winter 2009 Introduction.
CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2013.
CIS 3360: Security in Computing Cliff Zou Spring 2012.
1 CAP6133: Advanced Topics in Computer Security and Computer Forensics (spring’08) Class Overview Dr. Cliff Zou.
CAP6135: Malware and Software Vulnerability Analysis Paper Presentation and Summary Cliff Zou Spring 2010.
CDA6530: Performance Models of Computers and Networks Cliff Zou Fall 2013.
Term Project Description CAP6135 Spring Term Project Two students form a group to do term project together – A research oriented term project.
1 CNT 4704 Analysis of Computer Communication Networks Cliff Zou Department of Electrical Engineering and Computer Science University of Central Florida.
COT 5405: Design and Analysis of Algorithms Cliff Zou Spring 2015.
ICS202 Data Structures King Fahd University of Petroleum & Minerals College of Computer Science & Engineering Information & Computer Science Department.
Syllabus. Instructor Dr. Hanan Lutfiyya Middlesex College 418 Ext Office Hours: Wednesday 5-6; Thursdays 4-6 or by appointment.
Unix Machine In Computer Science for Teaching Cliff Zou Spring 2015.
CMSC 2021 CMSC 202 Computer Science II for Majors Spring 2001 Sections Ms. Susan Mitchell.
1 CDA 4527 Computer Communication Networking (not “analysis”) Prof. Cliff Zou School of Electrical Engineering and Computer Science University of Central.
Term Project Description CAP6135 Spring Term Project Two students form a group to do term project together – A research oriented term project.
Data Structures and Algorithms in Java AlaaEddin 2012.
1 CNT 4704 Analysis of Computer Communication Networks Cliff Zou Department of Electrical Engineering and Computer Science University of Central Florida.
CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2009.
Lecture 1 Page 1 CS 236 Online Introduction CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
CAP6135: Malware and Software Vulnerability Analysis Paper Presentation and Summary Cliff Zou Spring 2013.
CAP6135: Malware and Software Vulnerability Analysis Paper Presentation and Summary Cliff Zou Spring 2015.
1 CNT 3004 Computer Network Concept Cliff Zou School of Electrical Engineering and Computer Science University of Central Florida Summer 2012.
CET4884 Dr. Nabeel Yousef.  Dr. Nabeel Yousef  Located at the ATC campus room 107Q  Phone number 
CIS6395: Incident Response Technologies Cliff Zou Fall 2016.
W4118 Operating Systems Junfeng Yang. What this course is about  Fundamental OS concepts  OS: one of the most crucial, almost everything thru OS  What?
CDA6938/COT4932 Special Topic: Research in Computer and Network Security (spring’06) Class Overview.
CNT 4704 Computer Communication Networking (not “analysis”)
CNT 4704 Computer Communication Networking (not “analysis”)
Secure Software Development: Theory and Practice
CNT 4704 Computer Communication Networking (not “analysis”)
Computer Science 102 Data Structures CSCI-UA
CAP6135: Malware and Software Vulnerability Analysis Paper Presentation and Summary Cliff Zou Spring 2012.
Computer Networks Copyright © 2010 Pearson Education, Inc. Publishing as Prentice Hall 1 1.
Midterm 2 Exam Review Release questions via webcourse “assignment” around 2pm, Wednesday Mar. 28th, due via webcourse at 2pm, next day Submit format: Word.
CNT 4704 Analysis of Computer Communication Networks
CNT 4704 Analysis of Computer Communication Networks
Course Information Teacher: Cliff Zou Course Webpage:
CNT 3004 Computer Network Concept
Course Information Teacher: Cliff Zou Office: HEC
Introduction to Internet Worm
Term Project Description
Presentation transcript:

CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2015

2 Course Information  Teacher: Cliff Zou  Office: HEC   Office hour: TuTh 9:00am-10:30am  Course lecture time: TuTh 10:30am – 11:45am (Eng2-103)  Course Main Webpage:   Use the UCF WebCourse for homework submissions, discussion, and grading feedback  Online lecture video stream:  UCF Mediasite (Tegrity)  Recorded via my own Tablet PC in face-to-face sessions on every Monday and Wednesday morning  Video available in the late afternoon after each lecture  You can access video through the link in Webcourse “Modules” tab

Prerequisites  C programming language  Software security lecturing will mainly use C code as examples  Programming experience  Any programming language is fine  Knowledge on computer architecture  Know stack, heap, memory  For our buffer overflow programming project  Knowledge on OS, algorithm, networking  Basic usage of Unix machine  We will need to use Unix machine in our department: eustis2.eecs.ucf.edu, for some programming projects 3

4 Objectives  Learn software vulnerability  Underlying reason for most computer security problems  Buffer overflow: stack, heap, integer  Buffer overflow defense:  stackguard, address randomization …   How to build secure software  Software assessment, testing  E.g., Fuzz testing

5 Objectives  Learn computer malware:  Malware: malicious software  Viruses, worms, botnets  virus/worm, spam, phishing, pharming  Spyware, adware  Trojan, rootkits,….  A good resource for reading:   Learn their characteristics  Learn how to detect, monitoring  Learn how to defend

6 Objective  Learn state-of-art research on malware and software security  Paper reading/presentation for selected milestone papers on related research topics  Face-to-face session students:  Required to participate in presentation of assigned papers, in-class discussion  Online students:  Read assigned paper, write review  Comment on in-class student’s presentation  Your evaluation will feedback to presenter!

7 Course Materials  No required textbook. Reference books:  Building Secure Software: How to Avoid Security Problems the Right Way by John Viega, Gary McGraw  Software Security: Building Security In (Addison-Wesley Software Security Series) (Paperback) Gary McGraw  19 Deadly Sins of Software Security (Security One-off) by Michael Howard, David LeBlanc, John Viega  Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson  Reference courses:  CS161: Computer Security, By Dawn Song from UC, Berkley. CS161: Computer Security  Software Security, by Erik Poll from Radboud University Nijmegen. Software Security  Introduction to Software Security, by Vinod Ganapathy from Rutgers Introduction to Software Security  Wikipiedia: Great resource and tutorial for initial learning Wikipiedia  Other references as we go on:

8 Grading Guideline  Coursework face-to-face online streaming  In-class presentation 18% N/A  In-class participation 6% N/A  Paper review reports N/A 24%  Homework 10% 10%  Program projects 36% 36%  Final term project 30% 30%  We will probably have three programming projects.  So you need to have experience in programming!

Course Assignment – face-to-face students  Paper presentation  In the later half to 1/3 of the class (when we finish lecturing on knowledge-based content), each class will have three face-to-face students present three selected milestone papers  Students are required to participate and provide discussion  Discussion will count in your grade!  Occupy about 1/3 to half of the course time  The other time is my lecture time  Only for face-to-face session students 9

Course Assignment – Online students  Write reports on about 10%-15% of presented papers  Provide comments on student presentation in your reports  Enforce online students to watch video  Collected/Anonymized comment feedback be accessible to everyone  A great help to improve student presentation  Even if you are not the presenter 10

11 Programming projects  Probably will have 3 programming projects  Example:  Basic buffer overflow  Use Unix machine, learn stack, debugger (gdb)  Software fuzz testing  Find bugs in a provided binary program  Network monitoring and analysis  Using Wireshark to analyze captured network traffic

Term Project  A research like project  Two students as a group  Or yourself if you cannot find a partner  Will make you do more work  Group format help you to learn how to collaborate  Find topics by yourself  Must related to malware and software security  Provide topic proposal one and half month later  Result:  Submit report before semester ends (late April)  Report will look just like a research paper we read  Face-to-face students: present your project  Online students: submit your presentation slides with speaking notes on every page 12

13  Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.