CS 5770 Software Vulnerabilities and Security (SoftVulnSec)
echo "Software Security" | sed s/\ /\ Vulnerabilities\ and\ /g
IMPORTANT REGISTRATION INFORMATION
If you add or drop the course after 01.10.2018, send me an email ASAP.
Teaching AssistantsManoj Venkatesan
With the exception of emergency situations, all course-related communication
will be done over Piazza. We cannot guarantee responding to individual emails in
a timely manner, but we will monitor Piazza regularly and do our best to answer
all questions as quickly as humanly possible.
Individual contact addresses are available in the university directory.
- 04.11.2018 Challenge 9 posted.
- 04.04.2018 Challenge 8 posted.
- 03.27.2018 Challenge 7 posted. Bonus 4 posted.
- 03.21.2018 Challenge 6 posted. Note the 2 week deadline.
- 03.15.2018 Challenge 5 posted. Memory corruption (part 1) slides updated with complete version.
- 03.08.2018 Come see your midterms during next class. Network security slides updated to fix critical typo.
- 02.14.2018 Challenge 4 posted. Bonus challenge 3 posted. Web slides updated with final version.
- 02.07.2018 Challenge 3 posted.
- 01.22.2018 Bonus challenge 2 posted.
- 01.22.2018 Challenge 2 posted.
- 01.22.2018 Room change. We now meet in Cargill Hall 097.
- 01.18.2018 A bonus challenge appears! (see the "Challenges" menu on the left.). UPDATE: Description updated with clarifications.
- 01.17.2018 Challenge 1 posted (see the "Challenges" menu on the left.). Your registration code is under your home directory, in "~/reg_code.txt". Lecture 2 slides posted. Incomplete crypto slides updated.
- 01.12.2018 We are looking for a bigger room. Don't forget to check out the latest announcements before class next Wednesday.
- 01.11.2018 Challenge 0 posted (see the "Challenges" menu on the left.). Lecture 1 slides posted.
- 01.09.2018 First class tomorrow! TAs posted. Check your email after class for your credentials and Piazza link.
- 12.15.2017 The course website is online.
Internet and computer security have become part of everyday life. The year 2017 in particular is dubbed the "worst-year for security" by numerous independent researchers, with high-profile security breaches and damaging new attacks taking center stage in technology news.
These trends will continue as vulnerabilities become more severe and attacks more profitable. As such, it is more important than ever to train security professionals equipped with the right skills and mindset to stay one step ahead of the bad guys.
This course aims to make students security aware by surveying practical vulnerability classes, and importantly, by teaching students a key skill: thinking like an attacker. Students will gain hands on experience using security tools & technologies, and crafting their own attacks, all the while emphasizing the importance of using these skills ethically to advance the state of the art in computer security.
- Cryptographic primitives (only basics, this is not a crypto course!)
- OS & Linux security
- Internet security
- Memory corruption
- Reverse engineering
- Research in systems security
This course has a big hands-on component, requiring students to survey technical documents, learn new skills, and implement those in potentially unfamiliar computing environments to solve practical challenges (i.e., lab assignments). Students should carefully read the below prerequisites before registering for the course.
Significant programming experience. You will need to program and debug in C, and understand the basics of the x86 architecture. If you have a non-technical background, you may have a considerably difficult time.
A genuine interest in practical, technical computer security. Practical challenges are not necessarily difficult, but they will require patience & dedication to solve. With the right motivation, you will have a blast tackling them; but without that drive they can feel like a chore.
Familiarity with computer networks, TCP/IP, and how the Internet works in general. This is not a Computer Networks course, and you don't need to be an expert. But be prepared to do some research online and learn on your own if you lack the basics.
Familiarity with Linux and working on the command line. This is not an Operating Systems course, so ditto above.
Don't be scared to see cryptography in the topics. This is not a Cryptography course, we will only cover some extremely basic primitives and principles key to understanding the rest of the material. NO math skills needed, at all.
Dates and Times
Cargill Hall, Room 097, 6-9pm, Wednesday
Slides and Schedule
- 01.10.2018 // Class 1 [1-Introduction], [2-Security], [3-Cryptography]
- 01.17.2018 // Class 2 [4-Architecture] [5-Hacking]
- 01.24.2018 // Class 3 [6-OS]
- 01.31.2018 // Class 4 [7-Network]
- 02.07.2018 // Class 5
- 02.14.2018 // Class 6 [8-Web]
- 02.21.2018 // Class 7 [9-Scriptless Attacks]
- 02.28.2018 // Midterm Exam
- 03.07.2018 // Spring break -- No class
- 03.14.2018 // Class 8 [10-Memory Corruption -- Part 1]
- 03.21.2018 // Class 9 [11-Memory Corruption -- Part 2]
- 03.28.2018 // Class 10 [12-Reverse Engineering]
- 04.04.2018 // Class 11 [13-Malware]
- 04.11.2018 // Class 12 // Research topics -- There'll be no slides
- 04.18.2018 // Class 13 -- Optional lab session
- 04.25.2018 // Final Exam -- Regular time & place
- 10%: Quizzes
- 20%: Midterm exam
- 20%: Final exam
- 50%: Practical challenges
Last Modified: Wed Apr 11 23:26:20 2018 EDT