In this course, students will be introduced to the foundations of software security. We will be exploring different classes of software vulnerabilities, analyzing the fundamental problems behind these vulnerabilities, and studying the methods and techniques to discover, exploit, prevent and mitigate these vulnerabilities. Topics of interest include buffer overflow, integer overflow, type confusion, use-after-free, etc. Throughout the course, we take a defense-in-depth mentality and see how systems can be protected. Students are expected to have a solid understanding of assembly language, C/C++ and operating system.
Recommended Pre-req: CSE 361, feel free to join the class without pre-req as long as you are willing to pick up the low-level system knowledge in the first several weeks of the class.
There is no textbook for the class. We will use research papers for some of the topics. However, the following references can be helpful.
There is no exam in this class, evaluation will be based on class participation and final projects.
| Research Discussion |
-- Topic Presentation 15%
-- Attendance 5%
-- Discussion Participation 20%
| 40% |
| Projects |
-- Background research 10%
-- Mid term progress 20%
-- Final Presentation and Paper 30%
| 60% |
With greater power, comes greater responsibility. In this course, we will be learning about and exploring some vulnerabilities that could be used to attack systems. Students are expected to behave responsibly and ethically. You may not attack any system prior approval of the site owners, and may not use anything you learn in this class to disrupt services or harm others. If you have any doubts about whether or not something you want to do is ethical and legal, you should check with the course instructor.
Software Security, Spring 2019, Ning Zhang