Malware and Software Vulnerability Analysis Cliff Zou University
Malware and Software Vulnerability Analysis Cliff Zou University of Central Florida
Course Information Teacher: Cliff Zou ◦ Office: HEC 243 407 -823 -5015 ◦ Email: czou@cs. ucf. edu 2
Prerequisites C programming language ◦ Software security lecturing will mainly use C code as examples Programming experience ◦ Any programming language is fine Knowledge on computer architecture ◦ Know stack, heap, memory ◦ For our buffer overflow programming project Knowledge on OS, algorithm, networking Basic usage of Unix machine ◦ We will need to use Kali Linux Virtual Machine for some experiments and programming assignments 3
Objectives Learn software vulnerability ◦ Underlying reason for most computer security problems ◦ Buffer overflow: stack, heap, integer ◦ Buffer overflow defense: stackguard, address randomization … http: //en. wikipedia. org/wiki/Buffer_overflow ◦ How to build secure software ◦ Software assessment, testing E. g. , Fuzz testing 4
Objectives Learn computer malware: ◦ Malware: malicious software ◦ Viruses, worms, botnets ◦ Email virus/worm, spam, phishing, pharming ◦ Spyware, adware ◦ Trojan, rootkits, …. Learn malware analysis A good resource for reading: ◦ http: //en. wikipedia. org/wiki/Malware Learn their characteristics Learn how to detect, monitoring, defend Learn how to simulation malware propagation 5
Course Materials No required textbook. Reference books: ◦ ◦ ◦ 19 Deadly Sins of Software Security (Security One-off) by Michael Howard, David Le. Blanc, John Viega The Basics of Hacking and Penetration Testing (2 nd edition) by Patrick Engebretson Hacker Techniques, Tools, and Incident Handling (2 nd edition) by Sean. Philip Oriyano Online References: ◦ ◦ CS 161: Computer Security, By Dawn Song from UC, Berkley. Software Security, by Erik Poll from Radboud University Nijmegen. Introduction to Software Security, by Vinod Ganapathy from Rutgers http: //www. cis. syr. edu/~wedu/seed/ Hands-on Labs for Security Education, Dr. Wenliang Du, Syracuse University ◦ http: //www. hackercurriculum. org/, Guide to ethical hacker publications, ◦ Wikipiedia: Great resource and tutorial for initial learning Other references as we go on: 6
Programming projects Probably projects Example: will have 3 programming Basic buffer overflow Use Unix machine, learn stack, debugger (gdb) Software fuzz testing Find bugs in a provided binary program Internet worm propagation simulation Understand how to do discrete-time simulation 7
- Slides: 7