CMPS 4510 Vulnerability Analysis (4)
Identification and quantification of security weaknesses, primarily
in source code and executables. Topics include professional ethics,
source code auditing, common source code errors, the runtime stack
and memory systems, common attacks against executables, risk assessment,
vulnerability classification, static binary analysis, and mitigation
techniques.
Prerequisites: CMPS 2240 and 3500
Knowledge of an assembly language (Intel, MIPS, etc.)
Knowledge of the runtime stack and basic memory layout
Knowledge of programming languages in the C/C++ family
Knowledge of formal computer language grammar
Basic understanding of computer language translation from source code to binary
4 semester units. 3 units lecture (150 minutes), 1 unit lab (150 minutes).
As a 4000-level elective, students are expected to engage in independent
learning in this course through reading assignments, case studies, and a
group project. Critical thinking, independent evaluation, and troubleshooting
are important traits for the cybersecurity profession.
Lectures after the third week assume that you have completed the reading
assignments and will focus on exploring examples and scenarios, including
modern vulnerabilities and exploits, related to the topics of the week.
Case studies will also analyze more modern examples of vulnerabilities.
Selected elective for CS
The Art of Software Security Assessment: Identifying and Preventing Software
Vulnerabilities. Mark Dowd, John McDonald, Justin Schuh. Addison-Wesley, 2007,
ISBN-13: 978-0-321-44442-4.
Computer Security: Art and Science, 2nd edition. Matt Bishop. Addison-Wesley,
2019, ISBN-13: 978-0321712332.
http://nob.cs.ucdavis.edu/book
(Note: There is an abridged version of the first edition of this book
available that is titled "Introduction to Computer Security")
Supporting articles and articles about currrent vulnerability/exploit
events will be posted to the course website.
Melissa Danforth
This course covers the following ACM/IEEE CS2013 (Computer Science)
Body of Knowledge student learning outcomes:
CS-IAS/Foundational Concepts in Security
CS-IAS/Principles of Secure Design
CS-IAS/Defensive Programming
CS-IAS/Threats and Attacks
CS-PL/Static Analysis
CS-SE/Software Construction
The course maps to the following performance indicators for Computer Science
(CAC/ABET):
- 4. An ability to recognize professional responsibilities and make
informed judgments in computing practice based on legal and ethical
principles.
-
Professional ethics and legal issues are integrated into this course and
students will complete at least one homework assignment related to this
topic.
- 6 [CS]. An ability to apply computer science theory and software
development fundamentals to produce computing-based solutions.
-
Homework and laboratory assignments investigate how vulnerabilities in
source code can arise from common mistakes, lack of understanding about the
details of the high-level language, valuing optimization over security, and
other causes. Through this intensive investigation, students will gain the
awareness and skills to produce more secure code.
| Week | Chapter(s) | Topics |
|---|
| 1 | Chapter 1 |
Professional ethics, Classic security goals (confidentiality, integrity, etc.), Threats and threat exposure, Vulnerability categories, Audit overview |
| 1 and 2 | Chapter 2 |
Design reviews, Fundamental design flaws, Threat modeling |
| 2 and 3 | Chapter 3 |
Operational review, Attack surfaces, Hardening |
| 4 and 5 | Chapter 4 |
Audit process, Audit strategies, Auditing tools |
| 5 to 7 | Chapter 5 |
Memory corruption: buffer overflows, heap overflows, global and static data, shellcode, protection mechanisms |
| 8 to 10 | Chapter 6 |
C/C++ language issues, Expression evaluation, Type conversions, Common mistakes |
| 11 to 13 | Chapter 8 |
String and character handling issues, String encoding, Metacharacter handling and injection issues, String functions, Hex encoding |
| 13 and 14 | Chapter 7 |
Auditing techniques for source code analysis |
| 15 | Outside information |
Hardware vulnerabilities (Spectre, Meltdown, etc.) |
For the first half of the semester, laboratory assignments will focus on basic
reverse engineering techniques including disassembly and static binary
analysis using command line tools.
Remaining laboratory assignments will be complementary to the lecture topics
including type conversion issues, metacharacter parsing, SQL injection
attacks, and topical assignments based on current vulnerabilities.
Melissa Danforth on 31 July 2014 (revised 01 October 2019)
Approved by CEE/CS Department in Fall 2014 (revision approved in Fall 2019)
Effective Fall 2016 (revision effective Fall 2020)