CS443

Download as PDF

Software and Systems Security

Course (UG/PG)

Undergraduate

Offering Unit/Department

Course Description

Software and systems security aims in equipping students with the fundamental concepts in software and systems security, as well as basic hands-on skills in understanding, analyzing, and protecting a software program and a computer system. Each lesson spends roughly 50% of the time on fundamental concepts (lecturing) and 50% of the time on hands-on exercises/assessments. Assessments focus on hands-on projects.

Course Learning Outcomes

1. Understand what buffer overflow is and how it is introduced in C programming

2. Create exploits to buffer overflow vulnerabilities to modify critical data

3. Create exploits to buffer overflow vulnerabilities to inject and execute shellcode

4. Understand simple ways of defending against buffer overflow exploits

5. Understand what format string vulnerabilities are and how they are introduced in C programming

6. Create exploits to format string vulnerabilities to read any arbitrary memory location

7. Create exploits to format string vulnerabilities to write to any arbitrary memory location

8. Create return-to-libc exploits to execute a libc library function call

9. Create return-to-libc exploits to chain multiple libc library function calls

10. Demonstrate how vulnerabilities are introduced in real-world programs, how the corresponding exploits work, and how common defense mechanism works

Discipline-Specific Competencies

Applications Development, Failure Analysis, Security Assessment and Testing, Security Programme Management, Software Testing

SMU Graduate Learning Outcomes

Disciplinary Knowledge, Critical thinking & problem solving, Innovation and enterprising skills, Collaboration and leadership, Communication, Ethics and social responsibility, Self-directed learning

Grading Basis

GRD - Graded