CAP6135: Malware and Software
Vulnerability Analysis
Cliff Zou
Spring 2014
Course Information

Teacher: Cliff Zou





Course Main Webpage:



Office: HEC243 407-823-5015
Email: czou@cs.ucf.edu
Office hour: MoWe 12:00pm-2:00pm
Course lecture time: MoWe 10:30am – 11:45am (Engr 388)
http://www.cs.ucf.edu/~czou/CAP6135-14/index.html
Use the UCF WebCourse for homework submissions,
discussion, and grading feedback
Online lecture video stream:

UCF Tegrity




http://tegrity.ucf.edu/
Recorded via my own Tablet PC in face-to-face sessions on
every Monday and Wednesday morning
Video available in the late afternoon after each lecture
You can access Tegrity video through the link in Webcourse
“Modules” tab
2
Prerequisites

C programming language


Programming experience




Any programming language is fine
Knowledge on computer architecture


Software security lecturing will mainly use C code as
examples
Know stack, heap, memory
For our buffer overflow programming project
Knowledge on OS, algorithm, networking
Basic usage of Unix machine

We will need to use Unix machine in our department:
eustis.eecs.ucf.edu, for some programming projects
3
Objectives

Learn software vulnerability



Underlying reason for most computer security
problems
Buffer overflow: stack, heap, integer
Buffer overflow defense:
stackguard, address randomization …
 http://en.wikipedia.org/wiki/Buffer_overflow



How to build secure software
Software assessment, testing

E.g., Fuzz testing
4
Objectives

Learn computer malware:






A good resource for reading:




Malware: malicious software
Viruses, worms, botnets
Email virus/worm, spam, phishing, pharming
Spyware, adware
Trojan, rootkits,….
http://en.wikipedia.org/wiki/Malware
Learn their characteristics
Learn how to detect, monitoring
Learn how to defend
5
Objective

Learn state-of-art research on malware
and software security


Paper reading/presentation for selected
milestone papers on related research topics
Face-to-face session students:


Required to participate in presentation of assigned
papers, in-class discussion
Online students:
Read assigned paper, write review
 Comment on in-class student’s presentation
 Your evaluation will feedback to presenter!

6
Course Materials

No required textbook. Reference books:





Building Secure Software: How to Avoid Security Problems the Right
Way by John Viega, Gary McGraw
Software Security: Building Security In (Addison-Wesley Software
Security Series) (Paperback) Gary McGraw
19 Deadly Sins of Software Security (Security One-off) by Michael
Howard, David LeBlanc, John Viega
Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson
Reference courses:
CS161: Computer Security, By Dawn Song from UC, Berkley.
 Software Security, by Erik Poll from Radboud University Nijmegen.
 Introduction to Software Security, by Vinod Ganapathy from Rutgers
 Wikipiedia: Great resource and tutorial for initial learning


Other references as we go on:
7
Grading Guideline

Coursework
face-to-face
 In-class presentation
18%
 In-class participation
6%
 Paper review reports
N/A
 Homework
10%
 Program projects
36%
 Final term project
30%

We will probably have three programming
projects.

online streaming
N/A
N/A
24%
10%
36%
30%
So you need to have experience in programming!
8
Course Assignment
– face-to-face students

Paper presentation




Occupy about 1/3 of the course time


In the later 1/3 of the class (when we finish
lecturing on knowledge-based content), each
class will have two face-to-face students
present two selected milestone papers
Students are required to participate and
provide discussion
Discussion will count in your grade!
The other 2/3 time is my lecture time
Only for face-to-face session
students
9
Course Assignment
– Online students
Write reports on about 30% of
presented papers
 Provide comments on student
presentation in your reports

Enforce online students to watch video
 Collected/Anonymized comment
feedback be accessible to everyone

A great help to improve student presentation
 Even if you are not the presenter

10
Programming projects


Probably will have 3 programming
projects
Example:

Basic buffer overflow


Software fuzz testing


Use Unix machine, learn stack, debugger (gdb)
Find bugs in a provided binary program
Network monitoring and analysis

Using Wireshark to analyze captured network traffic
11
Term Project

A research like project

Two students as a group

Or yourself if you cannot find a partner



Will make you do more work
Group format help you to learn how to collaborate
Find topics by yourself
Must related to malware and software security
 Provide topic proposal one and half month later


Result:

Submit report before semester ends (late April)

Report will look just like a research paper we read
Face-to-face students: present your project
 Online students: submit your presentation slides
with speaking notes on every page

12

Questions?
13