CAP6135: Malware and Software Vulnerability Analysis

Cliff ZouSpring 2015

2

Course Information

Teacher: Cliff Zou Office: HEC243 407-823-5015 Email: czou@cs.ucf.edu Office hour: TuTh 9:00am-10:30am Course lecture time: TuTh 10:30am – 11:45am (Eng2-103)

Course Main Webpage: http://www.cs.ucf.edu/~czou/CAP6135-15 Use the UCF WebCourse for homework submissions,

discussion, and grading feedback

Online lecture video stream: UCF Mediasite (Tegrity)

Recorded via my own Tablet PC in face-to-face sessions on every Monday and Wednesday morningVideo available in the late afternoon after each lectureYou can access video through the link in Webcourse “Modules” tab

Prerequisites C programming language

Software security lecturing will mainly use C code as examples

Programming experience Any programming language is fine

Knowledge on computer architecture Know stack, heap, memory For our buffer overflow programming project

Knowledge on OS, algorithm, networking Basic usage of Unix machine

We will need to use Unix machine in our department: eustis2.eecs.ucf.edu, for some programming projects

3

4

Objectives

Learn software vulnerability Underlying reason for most computer security

problems Buffer overflow: stack, heap, integer Buffer overflow defense:

stackguard, address randomization … http://en.wikipedia.org/wiki/Buffer_overflow

How to build secure software Software assessment, testing

E.g., Fuzz testing

5

Objectives

Learn computer malware: Malware: malicious software Viruses, worms, botnets Email virus/worm, spam, phishing, pharming Spyware, adware Trojan, rootkits,….

A good resource for reading: http://en.wikipedia.org/wiki/Malware

Learn their characteristics Learn how to detect, monitoring Learn how to defend

6

Objective

Learn state-of-art research on malware and software security Paper reading/presentation for selected

milestone papers on related research topics Face-to-face session students:

Required to participate in presentation of assigned papers, in-class discussion

Online students: Read assigned paper, write review Comment on in-class student’s presentation Your evaluation will feedback to presenter!

7

Course Materials

No required textbook. Reference books: Building Secure Software: How to Avoid Security Problems the Right

Way  by John Viega, Gary McGraw Software Security: Building Security In (Addison-Wesley Software

Security Series) (Paperback) Gary McGraw 19 Deadly Sins of Software Security (Security One-off)  by Michael

Howard, David LeBlanc, John Viega Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson

Reference courses: CS161: Computer Security, By Dawn Song from UC, Berkley. Software Security, by Erik Poll from Radboud University Nijmegen. Introduction to Software Security, by Vinod Ganapathy from Rutgers Wikipiedia: Great resource and tutorial for initial learning

Other references as we go on:

8

Grading Guideline Coursework      face-to-face     online streaming

In-class presentation      18%                     N/A In-class participation     6%                     N/A Paper review reports      N/A                      24% Homework                    10%                     10% Program projects            36%                     36% Final term project            30%                    30%

We will probably have three programming projects. So you need to have experience in programming!

Course Assignment – face-to-face students

Paper presentation In the later half to 1/3 of the class (when we finish

lecturing on knowledge-based content), each class will have three face-to-face students present three selected milestone papers

Students are required to participate and provide discussion

Discussion will count in your grade! Occupy about 1/3 to half of the course

time The other time is my lecture time

Only for face-to-face session students

9

Course Assignment – Online students

Write reports on about 10%-15% of presented papers

Provide comments on student presentation in your reports Enforce online students to watch video Collected/Anonymized comment

feedback be accessible to everyone A great help to improve student presentation Even if you are not the presenter

10

11

Programming projects

Probably will have 3 programming projects

Example: Basic buffer overflow

Use Unix machine, learn stack, debugger (gdb)

Software fuzz testing Find bugs in a provided binary program

Network monitoring and analysis Using Wireshark to analyze captured network traffic

Term Project A research like project

Two students as a group Or yourself if you cannot find a partner

Will make you do more work Group format help you to learn how to collaborate

Find topics by yourself Must related to malware and software security Provide topic proposal one and half month later

Result: Submit report before semester ends (late April)

Report will look just like a research paper we read Face-to-face students: present your project Online students: submit your presentation slides with

speaking notes on every page

12

13

Questions?