System and Software Security

Link for download (software to use in Disassembler, Malware analysis lesson): 

(sent in Ecourse2, Check CourseIntroduction.pdf, slide #23)

Please follow the following steps to prepare an environment for Malware Analysis

1.  Install Oracle VirtualBox or VMWare Player/Workstation

2.  Create a virtual machine to run Windows 10  Pro (64-bit) (download from our campus store)

3.  Install IDA Pro (for education, 2024/9/13 - 2025/1/10) or Ghidra (requires Java SDK) on the virtual machine 

4. Download sample malware/virus files to the virtual machine

5.  Test Disassemble to a simple virus (.exe file)

Tools for Dynamic Malware Analysis

1.  Microsoft Sysinternal Suite 

2. Dependency Walker

3. PEView

4. Resource Hacker

5. Regshot

6. INETSIM 

7.  Tracking

8.  DNSSpoofing file

Grading:

• Attendance: 0-10%

• Homework: 0-20%

• Mid-exam: 40%

• Final-exam: 30%

Homework:

1. Assignment 01 

2. Assignment 02 

 + File for Flawfinder 

Mid-term:

• Ten questions:120 points

 8 easy/moderate questions: 10 points per one

2 hard questions: 20 points per one

• Content source

Easy/moderate questions: lecture notes

Hard questions: lecture notes, homework, internet, …

Technique demonstration bonus (can replace the final exam):

• Method: 

1. Implementation (software, application): (1) Develop/customize a secure source code analysis software with new features (e.g., suggest the secure version of unsecured code); (2) Find new vulnerabilities or bugs  in common applications; (3) Data forensics for a specific mission (traffic analysis)

2. Theoretical analysis: Solutions to solve the state-of-the-art issues of system and software security (paper writing)

3. Select one of the following topics (optional): 

a.  Build a program to track the details of where a user went by reading his/her photos/social posts (API calls) 

b. Find several security bugs in popular software in Windows 10 and demonstrate how to exploit 

c. Build generative deep learning (DRL, GAN, ...) models or semi-supervising learning models to detect malicious activities.

d.  Analyzing an Assembly program to list its features/functionalities automatically using deep learning

e. Create a program that highlights Python script security vulnerabilities 

• Assessment:  Creative ideas --> successful implementation/4-page report --> IEEE Conference format

• Presentation

1. Time for each group (if # of groups <=10): 25 mins for presentation + 10 mins for Q&A

2. PPT length: NOT over 25 slides. Please search "Top Tips for Effective Presentations" : Simple, easy to understand + demonstration

3. Storage: Upload to an assigned folder (TBD) after the presentation

If you have any issues related to the course, please send an email to ask TA or the instructor. 

This course may benefit your early career as much as you study it seriously, not only pass the exam! So please do:  

1.  Question and debate in the class  

2.  Finish your homework 

3.  Focus on programming/implementation/paper reading skills