CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2009

1. CAP6135: Malware and Software Vulnerability Analysis Cliff ZouSpring 2009

2. Course Information • Teacher: Cliff Zou • Office: HEC335 407-823-5015 • Email: czou@cs.ucf.edu • Office hour: TuTh 3pm – 5pm • TA: TBD • Course Webpage: • http://www.cs.ucf.edu/~czou/CAP6135/index.html • Use WebCourse for homework submissions, and grading feedback • Online lecture video stream: • FEEDS video • http://feeds.ucf.edu/NEW_FEEDS/Online_classes.asp • Usually video available the next day • UCF Tegrity • http://tegrity.ucf.edu/listallcourses/listing.aspx • Recorded by myself via my Tablet PC • Video available two hours after each lecture

3. Objectives • Learn software vulnerability • Underlying reason for most computer security problems • Buffer overflow: stack, heap, integer • Buffer overflow defense: • stackguard, address randomization … • http://en.wikipedia.org/wiki/Buffer_overflow • How to build secure software • Software assessment, testing • E.g., Fuzz testing

4. Objectives • Learn computer malware: • Malware: malicious software • Viruses, worms, botnets • Email virus/worm, spam, phishing • Spyware, adware • Trojan, rootkits,…. • A good resource for reading: • http://en.wikipedia.org/wiki/Malware • Learn their characteristics • Learn how to detect • Learn how to defend

5. Objective • Learn state-of-art research on malware and software security • Paper reading/presentation for selected milestone papers on related research topics • Lecture session students: • Need to participate in presentation, in-class discussion • Video streaming students: • Need to read paper, write review, and comments on in-class student’s presentation • Your evaluation will feedback to presenter!

6. Course Materials • No required textbook. Reference books: • Building Secure Software: How to Avoid Security Problems the Right Way  by John Viega, Gary McGraw • Software Security: Building Security In (Addison-Wesley Software Security Series) (Paperback) Gary McGraw • 19 Deadly Sins of Software Security (Security One-off)  by Michael Howard, David LeBlanc, John Viega • Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson • Reference courses: • CS161: Computer Security, By Dawn Song from UC, Berkley. • Software Security, by Erik Poll from Radboud University Nijmegen. • Introduction to Software Security, by Vinod Ganapathy from Rutgers • Wikipiedia: Great resource and tutorial for initial learning • Other references as we go on: • First time to teach it, learn as it goes on

7. Course Introduction • Coursework                face-to-face          online streaming • In-class presentation               20%                                N/A • In-class participation              10%                                N/A • Paper review reports               N/A                                 25% • Homework                             15%                                20% • Program projects                    25%                                25% • Final term project                   30%                                 30% • Paper presentation • About half of the course time • The other half is my lecture time • Only face-to-face students participate • Online students: • Write reports on presented papers • Comment on student presentation

8. Course Introduction • Programming projects • Probably will have 2 to 3 programming projects • Example: • stack buffer overflow, software fuzz testing, Internet worm propagation simulation • Term project is a research like project • Two students as a group • Or yourself if you cannot find a partner if you are an online student • Find topics by yourself • Must related to malware and software security • In-class short presentation of your project proposal • Will have term project in-class presentation in final exam period

9. Questions?