Software Security 4384

Instructor: Ahmed Tamrawi

Class Meets: Tuesdays and Thursdays 12:50-2:05pm

Syllabus: Revision 2

Anonymous Feedback

---

Course Schedule

Week 01, 09/07 - 09/10: Course Introduction

• Tuesday, September 8, 2020
  • Lecture: Course Introduction, History of Computer Security
  • Review: Syllabus
  • Reading: Chapter 1 from [B2]
• Thursday, September 10, 2020
  • Lecture: Security Blanket or Security Theater
  • Reading: Chapter 1 from [B3]

---

Week 02, 09/14 - 09/17: Software Security Problem

• Tuesday, September 15, 2020
  • Lecture: Security Blanket or Security Theater
  • Review: Syllabus “Revision 2”
  • Reading: Chapter 1 from [B3]
• Thursday, September 17, 2020
  • Lecture: The Software Security Problem
  • Assignments: Assignment 1 “Revision 2” (due on Tuesday, September 29, 2020 at 1:00 PM)
  • Reading: Chapter 1 from [B4], Reflections on Trusting Trust
  • Optional Reading: Chapter 1 from [B5]

---

Week 03, 09/21 - 09/24: Operating Systems Concepts

• Tuesday, September 22, 2020
  • Lecture: Continue The Software Security Problem
  • Reading: Chapter 1 from [B4]
• Thursday, September 24, 2020
  • Lecture: Operating Systems Concepts
  • Reading: Section 3.1 and Section 3.4.1 from [B1]

---

Week 04, 09/28 - 10/01: Integer Overflow Attacks

• Tuesday, September 29, 2020
  • Due: Assignment 1 at 1:00 PM
  • (No Class)
• Thursday, October 1, 2020
  • Assignments: Assignment 2 (due on Thursday, October 15, 2020 at 1:00 PM)
  • Lecture: Integer Overflow Attacks
  • Reading: Section 3.4.2 from [B1]
  • Extra Reading: Section 7.1 from [B4], Chapter 7 from [B6], Basic Integer Overflows, When integers go bad!

---

Week 05, 10/05 - 10/08: Integer Overflow Attacks

• Tuesday, October 6, 2020
  • Lecture: Continue Integer Overflow Attacks
• Thursday, October 8, 2020
  • Lecture: Continue Integer Overflow Attacks

---

Week 06, 10/12 - 10/15: Buffer Overflow Attacks

• Tuesday, October 13, 2020
  • Lecture: Buffer Overflow Attacks
  • Reading: Section 3.4.3 and Section 3.4.4 from [B1], Section 6.1 and Section 7.2 from [B4], Buffer Overflow Module (bomod)
  • Extra Reading: Chapter 5 from [B6], Smashing the Stack (for Fun and Profit).
• Thursday, October 15, 2020
  • Due: Assignment 2 at 1:00 PM
  • Lecture: Continue Buffer Overflow Attacks

---

Week 07, 10/19 - 10/22: Buffer Overflow Attacks

• Tuesday, October 20, 2020
  • Lecture: Continue Buffer Overflow Attacks
  • Extra Reading: How a CPU works and Introduction to Assembler, Guessing vs. Not Knowing in Hacking and CTFs
• Thursday, October 22, 2020
  • Lecture: Continue Buffer Overflow Attacks
  • Extra Reading: Reversing and Cracking first simple Program, Simple Tools and Techniques for Reversing a binary

---

Week 08, 10/26 - 10/29: Buffer Overflow Attacks

• Tuesday, October 27, 2020
  • Assignments: Assignment 3 (due on Tuesday, November 17, 2020 at 1:00 PM)
  • Lecture: Continue Buffer Overflow Attacks, High Quality Version
• Thursday, October 29, 2020
  • No Class

---

Week 09, 11/02 - 11/05: Buffer Overflow Attacks

• Tuesday, November 03, 2020
  • No Class
• Thursday, November 05, 2020
  • Lecture: Continue Buffer Overflow Attacks

---

Week 10, 11/09 - 11/12: Application Program Security Attacks

• Tuesday, November 10, 2020
  • No Class
• Thursday, November 12, 2020
  • No Class

---

Week 11, 11/16 - 11/19: Application Program Security Attacks

• Tuesday, November 17, 2020
  • Assignments: Assignment 3 “Revision 2” (due on Tuesday, December 15, 2020 at 1:00 PM)
  • Lecture: Continue Application Program Security Attacks
  • Reading: Section 3.4.5 and Section 3.4.6 from [B1], Section 6.2 and Chapter 12 from [B4]
  • Extra Reading: Chapters 6 and 10 from [B6]
• Thursday, November 19, 2020
  • Lecture: Continue Application Program Security Attacks

---

Week 12, 11/23 - 11/26: Application Program Security Attacks

• Tuesday, November 24, 2020
  • Lecture: Continue Application Program Security Attacks
• Thursday, November 26, 2020
  • Lecture: Continue Application Program Security Attacks

---

Week 13, 11/30 - 12/03: Web Security

• Tuesday, December 1, 2020
  • Assignments: Assignment 4 (due on Thursday, December 10, 2020 at 1:00 PM)
  • Lecture: Continue Application Program Security Attacks
• Thursday, December 3, 2020
  • Lecture: Web Security
  • Reading: Chapter 7 from [B1], Chapter 18 from [B2], Chapter 9 from [B4]
  • Extra Reading: Chapters 2, 3 and 4 from [B6]

---

Week 14, 12/07 - 12/10: Web Security

• Tuesday, December 8, 2020
  • Assignments: Assignment 4 “Revision 2” (due on Tuesday, December 22, 2020 at 1:00 PM)
  • Lecture: Continue Web Security
• Thursday, December 10, 2020
  • Lecture: Continue Web Security

---

Week 15, 12/14 - 12/17: Web Security

• Tuesday, December 15, 2020
  • Due: Assignment 3 at 1:00 PM
  • Lecture: Continue Web Security
• Thursday, December 17, 2020
  • Lecture: Algorithmic Complexity and Side-Channel Attacks

---

Week 16, 12/21 - 12/24: Security Vulnerabilities Management

• Tuesday, December 22, 2020
  • Due: Assignment 4 at 1:00 PM
  • Lecture: Security Vulnerabilities Management by Ming Chow
  • Extra Reading: Certifying Applications for Known Security Weaknesses by Robert Martin, Introduction to CVE, CWE, and the Top 25 by Steve Coley, State of Vulnerabilities 2019 by ENISA
• Thursday, December 24, 2020
  • No Class

---