CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2013.

Slides:



Advertisements
Similar presentations
CS 858 – Hot Topics in Computer and Communications Security Fall 2010 Introduction.
Advertisements

Introduction 1-1 CS6204 Recent Advances in Computer Security and Privacy 3-credit graduate-level seminar Danfeng (Daphne) Yao Spring 2010 Office hours:
Welcome to EECS 354 Network Penetration and Security.
COMP 14 Introduction to Programming Miguel A. Otaduy Summer Session I, 2004 MTWRF 9:45-11:15 am Sitterson Hall 014.
Welcome to CS 450 Internet Security: A Measurement-based Approach.
COMP 14 – 02: Introduction to Programming Andrew Leaver-Fay August 31, 2005 Monday/Wednesday 3-4:15 pm Peabody 217 Friday 3-3:50pm Peabody 217.
COMS W1004 Introduction to Computer Science May 27, 2009.
ECE 751: Embedded Computing Systems Prof. Mikko Lipasti Lecture notes adapted from Prof. Mike Schulte Course Overview.
ECS15: Introduction to Computers Fall 2013 Patrice Koehl
A First Course in Information Security
Math 125 Statistics. About me  Nedjla Ougouag, PhD  Office: Room 702H  Ph: (312)   Homepage:
CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2015.
CS 458 Internet Engineering Instructor: Prof. Jörg Liebeherr University of Virginia.
COMP Introduction to Programming Yi Hong May 13, 2015.
1 CDA6938 Special Topic: Research in Computer and Network Security (spring’07) Class Overview.
CS 103 Discrete Structures Lecture 01 Introduction to the Course
Lecture 1 Page 1 CS 239, Fall 2010 Introduction CS 239 Advanced Topics in Computer Security Peter Reiher September 23, 2010.
CST 229 Introduction to Grammars Dr. Sherry Yang Room 213 (503)
Term Project Description CAP6135 Spring Term Project Two students form a group to do term project together – A research oriented term project.
Syllabus. Instructor Dr. Hanan Lutfiyya Middlesex College 418 Ext Office Hours: Tuesday from 12:05-1:05 and Thursday from 11:05-1:05.
Spring 2011 ICS321 Data Storage & Retrieval Mon & Wed 12-1:15 PM Asst. Prof. Lipyeow Lim Information & Computer Science Department University of Hawaii.
Catie Welsh January 10, 2011 MWF 1-1:50 pm Sitterson 014.
CSCI 51 Introduction to Computer Science Dr. Joshua Stough January 20, 2009.
CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2010.
Data Structures (Second Part) Lecture 1 Bong-Soo Sohn Assistant Professor School of Computer Science and Engineering Chung-Ang University.
Introduction to Data Structures
Engineering Secure Software. Vulnerability of the Day  Each day, we will cover a different type of code-level vulnerability Usually a demo How to avoid,
COP3502: Introduction to Computer Science Yashas Shankar.
Programming In Perl CSCI-2230 Thursday, 2pm-3:50pm Paul Lalli - Instructor.
CS 858 – Hot Topics in Computer and Communications Security Winter 2009 Introduction.
CIS 3360: Security in Computing Cliff Zou Spring 2012.
1 CAP6133: Advanced Topics in Computer Security and Computer Forensics (spring’08) Class Overview Dr. Cliff Zou.
CAP6135: Malware and Software Vulnerability Analysis Paper Presentation and Summary Cliff Zou Spring 2010.
CDA6530: Performance Models of Computers and Networks Cliff Zou Fall 2013.
Term Project Description CAP6135 Spring Term Project Two students form a group to do term project together – A research oriented term project.
1 CNT 4704 Analysis of Computer Communication Networks Cliff Zou Department of Electrical Engineering and Computer Science University of Central Florida.
COT 5405: Design and Analysis of Algorithms Cliff Zou Spring 2015.
ICS202 Data Structures King Fahd University of Petroleum & Minerals College of Computer Science & Engineering Information & Computer Science Department.
Syllabus. Instructor Dr. Hanan Lutfiyya Middlesex College 418 Ext Office Hours: Wednesday 5-6; Thursdays 4-6 or by appointment.
Fall 2010 ICS321 Data Storage & Retrieval Mon & Wed 12-1:15 PM Asst. Prof. Lipyeow Lim Information & Computer Science Department University of Hawaii at.
Fall 2010 ICS321 Data Storage & Retrieval Mon & Wed 12-1:15 PM Asst. Prof. Lipyeow Lim Information & Computer Science Department University of Hawaii at.
Unix Machine In Computer Science for Teaching Cliff Zou Spring 2015.
1 CDA 4527 Computer Communication Networking (not “analysis”) Prof. Cliff Zou School of Electrical Engineering and Computer Science University of Central.
Term Project Description CAP6135 Spring Term Project Two students form a group to do term project together – A research oriented term project.
1 CNT 4704 Analysis of Computer Communication Networks Cliff Zou Department of Electrical Engineering and Computer Science University of Central Florida.
CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2009.
Lecture 1 Page 1 CS 236 Online Introduction CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
CAP6135: Malware and Software Vulnerability Analysis Paper Presentation and Summary Cliff Zou Spring 2013.
CAP6135: Malware and Software Vulnerability Analysis Paper Presentation and Summary Cliff Zou Spring 2015.
1 CNT 3004 Computer Network Concept Cliff Zou School of Electrical Engineering and Computer Science University of Central Florida Summer 2012.
CET4884 Dr. Nabeel Yousef.  Dr. Nabeel Yousef  Located at the ATC campus room 107Q  Phone number 
W4118 Operating Systems Junfeng Yang. What this course is about  Fundamental OS concepts  OS: one of the most crucial, almost everything thru OS  What?
CDA6938/COT4932 Special Topic: Research in Computer and Network Security (spring’06) Class Overview.
CSCE 451/851 Operating System Principles
CNT 4704 Computer Communication Networking (not “analysis”)
CNT 4704 Computer Communication Networking (not “analysis”)
Secure Software Development: Theory and Practice
CNT 4704 Computer Communication Networking (not “analysis”)
Computer Science 102 Data Structures CSCI-UA
CAP6135: Malware and Software Vulnerability Analysis Paper Presentation and Summary Cliff Zou Spring 2012.
Midterm 2 Exam Review Release questions via webcourse “assignment” around 2pm, Wednesday Mar. 28th, due via webcourse at 2pm, next day Submit format: Word.
CNT 4704 Analysis of Computer Communication Networks
CNT 4704 Analysis of Computer Communication Networks
Introduction to Computer Security II
Course Information Teacher: Cliff Zou Course Webpage:
CSE1311 Introductory Programming for Engineers & Scientists
CNT 3004 Computer Network Concept
Course Information Teacher: Cliff Zou Office: HEC
Introduction to Internet Worm
Term Project Description
Presentation transcript:

CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2013

2 Course Information  Teacher: Cliff Zou  Office: HEC   Office hour: MoWe 12:00pm-2:00pm  Course lecture time: MoWe 10:30am – 11:45am (BA 110)  Course Main Webpage:   Use the new UCF Canvas for homework submissions, discussion, and grading feedback  Very similar to previous webCourse.  Login at:  Online lecture video stream:  UCF Tegrity   Recorded via my own Tablet PC in face-to-face sessions  Video available in the early evening after each lecture

Prerequisites  C programming language  For our software security programming projects  Knowledge on computer architecture  Know stack, heap, memory  For our buffer overflow programming project  Knowledge on OS, algorithm, networking  Basic usage of Unix machine  We will need to use Unix machine in our department: eustis.eecs.ucf.edu, for programming projects 3

4 Objectives  Learn software vulnerability  Underlying reason for most computer security problems  Buffer overflow: stack, heap, integer  Buffer overflow defense:  stackguard, address randomization …   How to build secure software  Software assessment, testing  E.g., Fuzz testing

5 Objectives  Learn computer malware:  Malware: malicious software  Viruses, worms, botnets  virus/worm, spam, phishing, pharming  Spyware, adware  Trojan, rootkits,….  A good resource for reading:   Learn their characteristics  Learn how to detect, monitoring  Learn how to defend

6 Objective  Learn state-of-art research on malware and software security  Paper reading/presentation for selected milestone papers on related research topics  Face-to-face session students:  Required to participate in presentation of assigned papers, in-class discussion  Online students:  Read assigned paper, write review  Comment on in-class student’s presentation  Your evaluation will feedback to presenter!

7 Course Materials  No required textbook. Reference books:  Building Secure Software: How to Avoid Security Problems the Right Way by John Viega, Gary McGraw  Software Security: Building Security In (Addison-Wesley Software Security Series) (Paperback) Gary McGraw  19 Deadly Sins of Software Security (Security One-off) by Michael Howard, David LeBlanc, John Viega  Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson  Reference courses:  CS161: Computer Security, By Dawn Song from UC, Berkley. CS161: Computer Security  Software Security, by Erik Poll from Radboud University Nijmegen. Software Security  Introduction to Software Security, by Vinod Ganapathy from Rutgers Introduction to Software Security  Wikipiedia: Great resource and tutorial for initial learning Wikipiedia  Other references as we go on:

8 Grading Guideline  Coursework face-to-face online streaming  In-class presentation 20% N/A  In-class participation 10% N/A  Paper review reports N/A 30%  Homework 10% 10%  Program projects 30% 30%  Final term project 30% 30%  Right now we have two programming projects ready. If we add the third programming project, the their weight will probably be higher.

Course Assignment – face-to-face students  Paper presentation  Each class will have two students present two selected milestone papers  Students are required to participate and provide discussion  Discussion will count in your grade!  Occupy about 1/3 of the course time  The other 2/3 time is my lecture time  Only for face-to-face session students 9

Course Assignment – Online students  Write reports on about 30% of presented papers  Provide comments on student presentation in your reports  Enforce online students to watch video  Collected/Anonymized comment feedback be accessible to everyone  A great help to improve student presentation  Even if you are not the presenter 10

11 Programming projects  Probably will have 3 programming projects  Example:  Basic buffer overflow  Use Unix machine, learn stack, debugger (gdb)  Software fuzz testing  Find bugs in a provided binary program  Internet worm propagation simulation  Or network intrusion detection experiment

Term Project  A research like project  Two students as a group  Or yourself if you cannot find a partner  Will make you do more work  Group format help you to learn how to collaborate  Find topics by yourself  Must related to malware and software security  Provide topic proposal one and half month later  Result:  Submit report before semester ends (late April)  Report will look just like a research paper we read  Face-to-face students: present your project  Online students: submit your presentation slides with speaking notes on every page 12

13  Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.