Course Summary
An introduction to the state of the art of software-security research. This course surveys common software vulnerabilities and malware: buffer overflows, format string attacks, virus, worms, botnets. The course then discusses research topics at the forefront of software security, including runtime monitoring, static analysis, theorem proving, and type systems. Projects in the course are designed to let students have hands-on experience.
Short programming assignments and paper critiques. Each student will select a research paper and present a short talk in class summarizing it. A midterm exam. There is a choice between a final exam or a final project on a cutting-edge research topic. The graduate version differs from the undergraduate version by requiring advanced assignments and projects.
Course Objectives
The goal of this course is twofold: First, on completing the course, students will understand the common software-security vulnerabilities and basic counter-measures. Second, students interested in software-security research will be sufficiently prepared to carry out research on the topics covered.
Prerequisites
- CSE 109: Systems Programming--Or familiarity with C and low-level system programming
- CSE 261: Discrete Structures--Or familiarity with Propositional and Predicate Logics, sets, and relations
- CSE 262: Programming Languages
Textbook
Logic in Computer Science: modelling and reasoning about systems by Michael Huth and Mark Ryan.
No single book covers all the topics of this course. The following two books cover some topics, but they are optional.
- Computer Security Principles and Practice by William Stallings and Lawrie Brown
- Principles of Program Analysis by Flemming Nielson, Hanne Riis Nielson, and Chris Hankin.
We have put a copy of ``Logic in Computer Science: modelling and reasoning about systems'' and ``Principles of Program Analysis'' on reserve in the FM library.