CAP6135: Malware and Software Vulnerability Analysis

Cliff ZouSpring 2009

2

Course Information Teacher: Cliff Zou

Office: HEC335 407-823-5015 Email: czou@cs.ucf.edu Office hour: TuTh 3pm – 5pm TA: TBD

Course Webpage: http://www.cs.ucf.edu/~czou/CAP6135/index.html Use WebCourse for homework submissions, and grading

feedback Online lecture video stream:

FEEDS video http://feeds.ucf.edu/NEW_FEEDS/Online_classes.asp Usually video available the next day

UCF Tegrity http://tegrity.ucf.edu/listallcourses/listing.aspx Recorded by myself via my Tablet PC Video available two hours after each lecture

3

Objectives Learn software vulnerability

Underlying reason for most computer security problems

Buffer overflow: stack, heap, integer Buffer overflow defense:

stackguard, address randomization … http://en.wikipedia.org/wiki/Buffer_overflow

How to build secure software Software assessment, testing

E.g., Fuzz testing

4

Objectives Learn computer malware:

Malware: malicious software Viruses, worms, botnets Email virus/worm, spam, phishing Spyware, adware Trojan, rootkits,….

A good resource for reading: http://en.wikipedia.org/wiki/Malware

Learn their characteristics Learn how to detect Learn how to defend

5

Objective Learn state-of-art research on malware

and software security Paper reading/presentation for selected

milestone papers on related research topics Lecture session students:

Need to participate in presentation, in-class discussion

Video streaming students: Need to read paper, write review, and comments

on in-class student’s presentation Your evaluation will feedback to presenter!

6

Course Materials No required textbook. Reference books:

Building Secure Software: How to Avoid Security Problems the Right Way  by John Viega, Gary McGraw

Software Security: Building Security In (Addison-Wesley Software Security Series) (Paperback) Gary McGraw

19 Deadly Sins of Software Security (Security One-off)  by Michael Howard, David LeBlanc, John Viega

Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson Reference courses:

CS161: Computer Security, By Dawn Song from UC, Berkley. Software Security, by Erik Poll from Radboud University Nijmegen. Introduction to Software Security, by Vinod Ganapathy from Rutgers Wikipiedia: Great resource and tutorial for initial learning

Other references as we go on: First time to teach it, learn as it goes on

7

Course Introduction Coursework                face-to-face          online streaming

In-class presentation               20%                                N/A In-class participation              10%                                N/A Paper review reports               N/A                                 25% Homework                             15%                                20% Program projects                    25%                                25% Final term project                   30%                                 30%

Paper presentation About half of the course time The other half is my lecture time Only face-to-face students participate Online students:

Write reports on presented papers Comment on student presentation

8

Course Introduction Programming projects

Probably will have 2 to 3 programming projects

Example: stack buffer overflow, software fuzz testing,

Internet worm propagation simulation Term project is a research like project

Two students as a group Or yourself if you cannot find a partner if you are an online

student Find topics by yourself

Must related to malware and software security In-class short presentation of your project proposal

Will have term project in-class presentation in final exam period

9

Questions?