General Information¶
Course description¶
Security and privacy are important aspects of the cyber space. This course discusses key concepts, classic ideas and recent advances in software security from both offensive and defensive perspectives. We will discusses specific software security topics, including reverse engineering, malware detection and analysis, vulnerability discovery, patching and hardening, exploit generation, and code clone detection, etc. Students are advised to conduct small-scale projects and make final project presentations in the end.
Class¶
- When: MW 5:00pm-6:30pm
- Where: on Zoom (link on iLearn)
- Office hours: TBD
Communication¶
We will use iLearn for general announcements, assignments, and grading. We will use Discord for online discussion (link will be provided on iLearn).
Paper Review and Presentation¶
The lectures will focus on paper discussion. Each student is responsible to present one paper in the class for about 15 minutes and lead the discussion. Please use this signup sheet to select which paper to present (first come first serve). Use your R’Mail to access it.
Every student is required to read one of the two papers for each class. You are required to write a review of at least 400 words for each paper which offers critical comments. I’ll look for evidence that you read the paper and thought carefully about the topic. The reviews are due before the class.
A review must include the following aspects:
- A briefly summary of the problem and how this paper tackles the problem.
- Describe in some details the positive points.
- Describe in some details the negative points, or any improvements you can suggest.
- List questions you have and would like to discuss in the class.
Lab Assignments (Tentative)¶
- Dynamic Binary Instrumentation: Develop a simple pintool for shadow stack protection.
- Static Data-flow Analysis: Develop a simple call-graph analysis.
- Symbolic Execution: Develop an Angr script to perform automated exploit generation.
- Grey-box Fuzzing: Understand the importance of harness and sanitizers.
Research Project¶
You will conduct a research project during the quarter, with the goal of writing a publishable workshop paper. A list of suggested projects will be provided. Students may also propose their own projects. Students may also propose their own projects. Projects can be done individually or by groups. Each group should not exceed 2 students. The project report must clearly state each member’s contribution.
Grading policy¶
- Class participation: 10%
- Lab assignments: 20%
- Paper presentation: 13%
- Paper review: 17%
- Research project: 40%
Misconduct Policy¶
Academic integrity is fundamentally about ethical behavior. We strictly follow the academic integrity policies and procedures of UCR (read more).
If you are at all uncertain about an action, whether it be working with another student, researching existing code, or something else, you are always welcome to ask the instructor for clarification.
The severity of sanctions imposed for an academic integrity violation will depend on the severity of the transgression and ascertained intent of the student. Penalties may range from failing the assignment to failing the course. Again, actions will adhere to the Academic Honesty policies of BCOE and UCR.
Ethics, Law, and University Policies¶
Important
Please respect the rights and privacy of others. Be aware that Federal and state laws criminalize computer intrusion and wiretapping. You can be expelled by the university and arrested if you violate the policies and laws. When in doubt, consult me or a lawyer.
- Computer Fraud and Abuse Act (CFAA)
- Electronic Communications Privacy Act (ECPA)
- University of California Electronic Communications Policy