CAP6135: Malware and Software
Vulnerability Analysis
Cliff Zou
Spring 2015
Course Information

Teacher: Cliff Zou





Course Main Webpage:



Office: HEC243 407-823-5015
Email: czou@cs.ucf.edu
Office hour: TuTh 9:00am-10:30am
Course lecture time: TuTh 10:30am – 11:45am (Eng2-103)
http://www.cs.ucf.edu/~czou/CAP6135-15
Use the UCF WebCourse for homework submissions,
discussion, and grading feedback
Online lecture video stream:

UCF Mediasite (Tegrity)



Recorded via my own Tablet PC in face-to-face sessions on
every Monday and Wednesday morning
Video available in the late afternoon after each lecture
You can access video through the link in Webcourse
“Modules” tab
2
Prerequisites

C programming language


Programming experience




Any programming language is fine
Knowledge on computer architecture


Software security lecturing will mainly use C code as
examples
Know stack, heap, memory
For our buffer overflow programming project
Knowledge on OS, algorithm, networking
Basic usage of Unix machine

We will need to use Unix machine in our department:
eustis2.eecs.ucf.edu, for some programming projects
3
Objectives

Learn software vulnerability



Underlying reason for most computer security
problems
Buffer overflow: stack, heap, integer
Buffer overflow defense:
stackguard, address randomization …
 http://en.wikipedia.org/wiki/Buffer_overflow



How to build secure software
Software assessment, testing

E.g., Fuzz testing
4
Objectives

Learn computer malware:






A good resource for reading:




Malware: malicious software
Viruses, worms, botnets
Email virus/worm, spam, phishing, pharming
Spyware, adware
Trojan, rootkits,….
http://en.wikipedia.org/wiki/Malware
Learn their characteristics
Learn how to detect, monitoring
Learn how to defend
5
Objective

Learn state-of-art research on malware
and software security


Paper reading/presentation for selected
milestone papers on related research topics
Face-to-face session students:


Required to participate in presentation of assigned
papers, in-class discussion
Online students:
Read assigned paper, write review
 Comment on in-class student’s presentation
 Your evaluation will feedback to presenter!

6
Course Materials

No required textbook. Reference books:





Building Secure Software: How to Avoid Security Problems the Right
Way by John Viega, Gary McGraw
Software Security: Building Security In (Addison-Wesley Software
Security Series) (Paperback) Gary McGraw
19 Deadly Sins of Software Security (Security One-off) by Michael
Howard, David LeBlanc, John Viega
Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson
Reference courses:
CS161: Computer Security, By Dawn Song from UC, Berkley.
 Software Security, by Erik Poll from Radboud University Nijmegen.
 Introduction to Software Security, by Vinod Ganapathy from Rutgers
 Wikipiedia: Great resource and tutorial for initial learning


Other references as we go on:
7
Grading Guideline

Coursework
face-to-face
 In-class presentation
18%
 In-class participation
6%
 Paper review reports
N/A
 Homework
10%
 Program projects
36%
 Final term project
30%

We will probably have three programming
projects.

online streaming
N/A
N/A
24%
10%
36%
30%
So you need to have experience in programming!
8
Course Assignment
– face-to-face students

Paper presentation




Occupy about 1/3 to half of the course
time


In the later half to 1/3 of the class (when we finish
lecturing on knowledge-based content), each class
will have three face-to-face students present three
selected milestone papers
Students are required to participate and provide
discussion
Discussion will count in your grade!
The other time is my lecture time
Only for face-to-face session students
9
Course Assignment
– Online students
Write reports on about 10%-15% of
presented papers
 Provide comments on student
presentation in your reports

Enforce online students to watch video
 Collected/Anonymized comment
feedback be accessible to everyone

A great help to improve student presentation
 Even if you are not the presenter

10
Programming projects


Probably will have 3 programming
projects
Example:

Basic buffer overflow


Software fuzz testing


Use Unix machine, learn stack, debugger (gdb)
Find bugs in a provided binary program
Network monitoring and analysis

Using Wireshark to analyze captured network traffic
11
Term Project

A research like project

Two students as a group

Or yourself if you cannot find a partner



Will make you do more work
Group format help you to learn how to collaborate
Find topics by yourself
Must related to malware and software security
 Provide topic proposal one and half month later


Result:

Submit report before semester ends (late April)

Report will look just like a research paper we read
Face-to-face students: present your project
 Online students: submit your presentation slides
with speaking notes on every page

12

Questions?
13