Homepage Syllabus Schedule Homework & Projects

CSCE 489: Special Topics in Software Security

Note: Dates and topics are approximate and subject to change.

Date Topics Reading
Week 1
08/28 Introduction and Course Overview
Cancelled due to flooding
08/30 Foundational concepts in security SSBSI 1
09/01 System Design J.H. Saltzer, D.P. Reed and D.D. Clark. End to end arguments in system design
Week 2
09/04 Principles of Secure Design 1 Salzter and Kaashoek. Principles of Computer System Design, Chapter 11.1.4
09/06 Principles of Secure Design 2
Class Activity: Hack Me
US-CERT Build Security In Design Principles
09/08 System Design Ross Anderson. Why Cryptosystems Fail
Week 3
09/11 A Risk Management Framework SSBSI 2
09/13 Input Validation and Data Sanitization DS 10, 1, 2
09/15 Student Presentations Software Penetration Testing
Dissecting Android Malware: Characterization and Evolution
Cross-platform, secure message delivery for mobile devices
Week 4
09/18 Overruns and Overflows DS 5,6,7
Smashing the Stack for Fun and Profit
Beyond Stack Smashing
09/20 Exceptions and Error Handling DS 9, 11
09/22 Student Presentations A Green Software Development Life Cycle for Cloud Computing
Agile Development of Secure Web Applications
Week 5
09/25 Leakage DS 12,16,17
09/27 Race Conditions DS 13
Race Condition Vulnerability Lecture
[optional] Dirty COW Vulnerability
09/29 Student Presentations Software Engineering for Security: a Roadmap
Design and implementation of cloud security defense system with software defined networking technologies
Week 6
10/02 A Taxonomy of Coding Errors SSBSI 12
10/04 Common Bugs and Flaws OWASP Top 10
Avoiding the Top 10 Software Security Design Flaws
10/06 Student Presentations Penetration Testing for Web Services
Source Code Patterns of SQL Injection Vulnerabilities
DynSec: On-the-fly Code Rewriting and Repair
Week 7
10/09 Software Security Touchpoints SSBSI 3
10/11 Code Review I: Peer Best Kept Secrets of Peer Code Review
10/13 Student Presentations Loophole: Timing Attacks on Shared Event Loops in Chrome
Research of evaluation methods for software security
AEG: Automatic Exploit Generation
Week 8
10/16 Code Review II: Static Analysis SSBSI 4
10/18 Code Review III: Dynamic Analysis All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution (but might have been afraid to ask)
10/20 Project Workday
Week 9
10/23 Architectural Risk Analysis SSBSI 5
10/25 Penetration Testing I SSBSI 6
10/27 Project Workday
Week 10
10/30 Penetration Testing II
11/01 Fuzzing SAGE: Whitebox Fuzzing for Security Testing
11/03 Project Workday
Week 11
11/06 Risk-Based Security Testing SSBSI 7
11/08 Cryptographic Sins DS 19, 20, 21
11/10 Project Workday
Week 12
11/13 Abuse Cases SSBSI 8
11/15 Networking Sins DS 22, 23, 24
11/17 Project Workday
Week 13
11/20 Security Requirements and Operations SSBSI 9
11/22 Reading Day: No Class Alice's Restaurant
11/24 Thanksgiving Break: No Class SMBC #2425
Week 14
11/27 DEF CON 25 - Lee Holmes - Get $pwnd: Attacking Battle Hardened Windows Server
12/01 Student Presentations Limits of static analysis for malware detection
Practicality of Accelerometer Side Channels on Smartphones
Your botnet is my botnet: analysis of a botnet takeover
Week 15
12/04 Student Presentations StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks
Venerable Variadic Vulnerabilities Vanquished
OAuth Demystified for Mobile Application Developers
12/06 Student Presentations DeepXplore: Automated Whitebox Testing of Deep Learning Systems
Why Silent Updates Boost Security
Protection Poker: The New Software Security "Game"
12/08 No Class The Final Countdown
Week 16
12/12 Student Presentations
Final Exam: 8:00am - 10:00am
The Use of Security Tactics in Open Source Software Projects
A qualitative analysis of software security patterns
What Cannot Be Read, Cannot Be Leveraged? Revisiting Assumptions of JIT-ROP Defenses