Presentation is loading. Please wait.

Presentation is loading. Please wait.

CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2013.

Published byBartholomew Walker Modified over 9 years ago

Similar presentations

Presentation on theme: "CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2013."— Presentation transcript:

1 CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2013

2 2 Course Information  Teacher: Cliff Zou  Office: HEC243 407-823-5015  Email: czou@cs.ucf.educzou@cs.ucf.edu  Office hour: MoWe 12:00pm-2:00pm  Course lecture time: MoWe 10:30am – 11:45am (BA 110)  Course Main Webpage:  http://www.cs.ucf.edu/~czou/CAP6135/index.html http://www.cs.ucf.edu/~czou/CAP6135/index.html  Use the new UCF Canvas for homework submissions, discussion, and grading feedback  Very similar to previous webCourse.  Login at: https://webcourses2c.instructure.com/https://webcourses2c.instructure.com/  Online lecture video stream:  UCF Tegrity  http://tegrity.ucf.edu/ http://tegrity.ucf.edu/  Recorded via my own Tablet PC in face-to-face sessions  Video available in the early evening after each lecture

3 Prerequisites  C programming language  For our software security programming projects  Knowledge on computer architecture  Know stack, heap, memory  For our buffer overflow programming project  Knowledge on OS, algorithm, networking  Basic usage of Unix machine  We will need to use Unix machine in our department: eustis.eecs.ucf.edu, for programming projects 3

4 4 Objectives  Learn software vulnerability  Underlying reason for most computer security problems  Buffer overflow: stack, heap, integer  Buffer overflow defense:  stackguard, address randomization …  http://en.wikipedia.org/wiki/Buffer_overflow http://en.wikipedia.org/wiki/Buffer_overflow  How to build secure software  Software assessment, testing  E.g., Fuzz testing

5 5 Objectives  Learn computer malware:  Malware: malicious software  Viruses, worms, botnets  Email virus/worm, spam, phishing, pharming  Spyware, adware  Trojan, rootkits,….  A good resource for reading:  http://en.wikipedia.org/wiki/Malware http://en.wikipedia.org/wiki/Malware  Learn their characteristics  Learn how to detect, monitoring  Learn how to defend

6 6 Objective  Learn state-of-art research on malware and software security  Paper reading/presentation for selected milestone papers on related research topics  Face-to-face session students:  Required to participate in presentation of assigned papers, in-class discussion  Online students:  Read assigned paper, write review  Comment on in-class student’s presentation  Your evaluation will feedback to presenter!

7 7 Course Materials  No required textbook. Reference books:  Building Secure Software: How to Avoid Security Problems the Right Way by John Viega, Gary McGraw  Software Security: Building Security In (Addison-Wesley Software Security Series) (Paperback) Gary McGraw  19 Deadly Sins of Software Security (Security One-off) by Michael Howard, David LeBlanc, John Viega  Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson  Reference courses:  CS161: Computer Security, By Dawn Song from UC, Berkley. CS161: Computer Security  Software Security, by Erik Poll from Radboud University Nijmegen. Software Security  Introduction to Software Security, by Vinod Ganapathy from Rutgers Introduction to Software Security  Wikipiedia: Great resource and tutorial for initial learning Wikipiedia  Other references as we go on:

8 8 Grading Guideline  Coursework face-to-face online streaming  In-class presentation 20% N/A  In-class participation 10% N/A  Paper review reports N/A 30%  Homework 10% 10%  Program projects 30% 30%  Final term project 30% 30%  Right now we have two programming projects ready. If we add the third programming project, the their weight will probably be higher.

9 Course Assignment – face-to-face students  Paper presentation  Each class will have two students present two selected milestone papers  Students are required to participate and provide discussion  Discussion will count in your grade!  Occupy about 1/3 of the course time  The other 2/3 time is my lecture time  Only for face-to-face session students 9

10 Course Assignment – Online students  Write reports on about 30% of presented papers  Provide comments on student presentation in your reports  Enforce online students to watch video  Collected/Anonymized comment feedback be accessible to everyone  A great help to improve student presentation  Even if you are not the presenter 10

11 11 Programming projects  Probably will have 3 programming projects  Example:  Basic buffer overflow  Use Unix machine, learn stack, debugger (gdb)  Software fuzz testing  Find bugs in a provided binary program  Internet worm propagation simulation  Or network intrusion detection experiment

12 Term Project  A research like project  Two students as a group  Or yourself if you cannot find a partner  Will make you do more work  Group format help you to learn how to collaborate  Find topics by yourself  Must related to malware and software security  Provide topic proposal one and half month later  Result:  Submit report before semester ends (late April)  Report will look just like a research paper we read  Face-to-face students: present your project  Online students: submit your presentation slides with speaking notes on every page 12

13 13  Questions?

Download ppt "CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2013."

Similar presentations

CS 858 – Hot Topics in Computer and Communications Security Fall 2010 Introduction.

CS 858 – Hot Topics in Computer and Communications Security Fall 2010 Introduction.
Introduction 1-1 CS6204 Recent Advances in Computer Security and Privacy 3-credit graduate-level seminar Danfeng (Daphne) Yao Spring 2010 Office hours:

Introduction 1-1 CS6204 Recent Advances in Computer Security and Privacy 3-credit graduate-level seminar Danfeng (Daphne) Yao Spring 2010 Office hours:
Welcome to EECS 354 Network Penetration and Security.

Welcome to EECS 354 Network Penetration and Security.
COMP 14 Introduction to Programming Miguel A. Otaduy Summer Session I, 2004 MTWRF 9:45-11:15 am Sitterson Hall 014.

COMP 14 Introduction to Programming Miguel A. Otaduy Summer Session I, 2004 MTWRF 9:45-11:15 am Sitterson Hall 014.
Welcome to CS 450 Internet Security: A Measurement-based Approach.

Welcome to CS 450 Internet Security: A Measurement-based Approach.
COMP 14 – 02: Introduction to Programming Andrew Leaver-Fay August 31, 2005 Monday/Wednesday 3-4:15 pm Peabody 217 Friday 3-3:50pm Peabody 217.

COMP 14 – 02: Introduction to Programming Andrew Leaver-Fay August 31, 2005 Monday/Wednesday 3-4:15 pm Peabody 217 Friday 3-3:50pm Peabody 217.
COMS W1004 Introduction to Computer Science May 27, 2009.

COMS W1004 Introduction to Computer Science May 27, 2009.
ECE 751: Embedded Computing Systems Prof. Mikko Lipasti Lecture notes adapted from Prof. Mike Schulte Course Overview.

ECE 751: Embedded Computing Systems Prof. Mikko Lipasti Lecture notes adapted from Prof. Mike Schulte Course Overview.
ECS15: Introduction to Computers Fall 2013 Patrice Koehl

ECS15: Introduction to Computers Fall 2013 Patrice Koehl
A First Course in Information Security

A First Course in Information Security
Math 125 Statistics. About me  Nedjla Ougouag, PhD  Office: Room 702H  Ph: (312) 553-5935   Homepage:

Math 125 Statistics. About me  Nedjla Ougouag, PhD  Office: Room 702H  Ph: (312)   Homepage:
CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2015.

CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2015.
CS 458 Internet Engineering Instructor: Prof. Jörg Liebeherr University of Virginia.

CS 458 Internet Engineering Instructor: Prof. Jörg Liebeherr University of Virginia.
COMP 110-001 Introduction to Programming Yi Hong May 13, 2015.

COMP Introduction to Programming Yi Hong May 13, 2015.
1 CDA6938 Special Topic: Research in Computer and Network Security (spring’07) Class Overview.

1 CDA6938 Special Topic: Research in Computer and Network Security (spring’07) Class Overview.
CS 103 Discrete Structures Lecture 01 Introduction to the Course

CS 103 Discrete Structures Lecture 01 Introduction to the Course
Lecture 1 Page 1 CS 239, Fall 2010 Introduction CS 239 Advanced Topics in Computer Security Peter Reiher September 23, 2010.

Lecture 1 Page 1 CS 239, Fall 2010 Introduction CS 239 Advanced Topics in Computer Security Peter Reiher September 23, 2010.
CST 229 Introduction to Grammars Dr. Sherry Yang Room 213 (503) 821-1292.

CST 229 Introduction to Grammars Dr. Sherry Yang Room 213 (503)
Term Project Description CAP6135 Spring 2014. 2 Term Project Two students form a group to do term project together – A research oriented term project.

Term Project Description CAP6135 Spring Term Project Two students form a group to do term project together – A research oriented term project.
Syllabus. Instructor Dr. Hanan Lutfiyya Middlesex College 418 Ext. 86888 Office Hours: Tuesday from 12:05-1:05 and Thursday from 11:05-1:05.

Syllabus. Instructor Dr. Hanan Lutfiyya Middlesex College 418 Ext Office Hours: Tuesday from 12:05-1:05 and Thursday from 11:05-1:05.

Similar presentations

Ads by Google