System and Software Security
Viruses and malware infect millions of computers, as some of you may see in the daily breaking news. Attackers often use these malicious programs to steal user data, blackmail businesses, and even bring down national networks, causing billions of dollars in damage per year. This course provides the basics of various security attacks and vulnerabilities (e.g., Buffer Overflow) in Windows and Linux systems and effective prevention methods. From understanding the basics of malicious programs and software security analysis, such as assembly programming and reverse engineering, you can know how attackers build malware/viruses and propose a proper defense approach. You will also learn about system forensics through Kali Linux and advanced tools (e.g., Metasploit) to trace security vulnerabilities and corresponding attacks. Finally, DevSecOps and building security APIs, a critical software security development skill for network administrators and secure software developers, are introduced. Note that this is an English-taught course (We use English in every activity, such as lecture/homework assignment/presentation...).
Course info:
Instructor: Van-Linh Nguyen, nvlinh [at] cs.ccu.edu.tw
Teaching assistant: TBD
Time & Location: TBD
Textbook :
No textbook is required. Lecture notes are compiled by the instructor
References:
Computer Security: Principles and Practice 4th (William Stallings)
Gray Hat Hacking: The Ethical Hacker's Handbook 5th (Allen Harper)
Software Security: Building Security In (Gary McGraw)
Practical Reverse Engineering: x86, x64, ARM, Windows Kernel
https://owasp.org/www-community/Source_Code_Analysis_Tools
Weekly schedule
Link for download (software to use in Disassembler, Malware analysis lesson):
(sent in Ecourse2, Check CourseIntroduction.pdf, slide #23)
Please follow the following steps to prepare an environment for Malware Analysis
Install Oracle VirtualBox or VMWare Player/Workstation
Create a virtual machine to run Windows 10 Pro (64-bit) (download from our campus store)
Install IDA Pro (for education, 2023/9/6 - 2024/1/10) or Ghidra (requires Java SDK) on the virtual machine
Download sample malware/virus files to the virtual machine
Test Disassemble to a simple virus (.exe file)
Tools for Dynamic Malware Analysis
Grading:
Attendance: 0-10%
Homework: 0-20%
Mid-exam: 40%
Final-exam: 30%
Homework:
Assignment 01
Assignment 02
Mid-term:
Ten questions:120 points
8 easy/moderate questions: 10 points per one
2 hard questions: 20 points per one
Content source
Easy/moderate questions: lecture notes
Hard questions: lecture notes, homework, internet, …
Technique demonstration bonus (can replace the final exam):
Method:
Implementation (software, application): (1) Develop/customize a secure source code analysis software with new features (e.g., suggest the secure version of unsecured code); (2) Find new vulnerabilities or bugs in common applications; (3) Data forensics for a specific mission (traffic analysis)
Theoretical analysis: Solutions to solve the state-of-the-art issues of system and software security (paper writing)
Select one of the following topics (optional):
a. Build a program to track the details of where a user went by reading his/her photos/social posts (API calls)
b. Find several security bugs in popular software in Windows 10 and demonstrate how to exploit
c. Build generative deep learning (DRL, GAN, ...) models or semi-supervising learning models to detect malicious activities.
d. Analyzing an Assembly program to list its features/functionalities automatically using deep learning
e. Create a program that highlights Python script security vulnerabilities
Assessment: Creative ideas --> successful implementation/4-page report --> IEEE Conference format
Presentation
Time for each group (if # of groups <=10): 25 mins for presentation + 10 mins for Q&A
PPT length: NOT over 25 slides. Please search "Top Tips for Effective Presentations" : Simple, easy to understand + demonstration
Storage: Upload to an assigned folder (TBD) after the presentation
If you have any issues related to the course, please send an email to ask TA or the instructor.
This course may benefit your early career as much as you study it seriously, not only pass the exam! So please do:
Question and debate in the class
Finish your homework
Focus on programming/implementation/paper reading skills