CMPS 4510 Vulnerability Analysis - CEE/CS Department, CSUB

CMPS 451 Vulnerability Analysis

Catalog Description

CMPS 451 Vulnerability Analysis (4)

Identification and quantification of security weaknesses in programs, systems and networks. Topics include professional ethics, static binary analysis, dynamic binary analysis, anti-analysis techniques, risk assessment, penetration testing, vulnerability classification and mitigation techniques. Prerequisite: CMPS 350

Prerequisites by Topic

Knowledge of programming languages
Basics of computer language translation

Units and Contact Time

5 quarter units. 4 units lecture (200 minutes), 1 unit lab (150 minutes).

Type

Selected elective for CS

Required Textbook

The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. Mark Dowd, John McDonald, Justin Schuh. Addison-Wesley, 2007, ISBN-13: 978-0-321-44442-4.

Recommended Textbook and Other Supplemental Materials

None

Coordinator(s)

Melissa Danforth

Student Learning Outcomes

This course covers the following ACM/IEEE CS2013 (Computer Science) Body of Knowledge student learning outcomes:

CS-IAS/Foundational Concepts in Security
CS-IAS/Principles of Secure Design
CS-IAS/Defensive Programming
CS-IAS/Threats and Attacks
CS-PL/Static Analysis
CS-SE/Software Construction

ABET Outcome Coverage

The course maps to the following performance indicators for Computer Science (CAC/ABET):

3e. An understanding of professional, ethical, legal, security, and social issues and responsibilities.
3j. An ability to apply mathematical foundations, algorithmic principles, and computer science theory in the modeling and design of computer-based systems in a way that demonstrates comprehension of the tradeoffs involved in design choices.

Lecture Topics and Rough Schedule

Week	Chapter(s)	Topics
1	Chapters 1, 2, and 3	Classic security goals (confidentiality, integrity, etc.), Threats, Vulnerabilities, Audits, Threat exposure
2	Chapter 5	Memory corruption: buffer overflows, heap overflows, global and static data
3	Chapter 5	Memory corruption: shellcode, protection mechanisms
4	Chapters 6 and 8	C/C++ language issues; String and character handling issues
5	Chapter 4	Auditing tools for source code and binary analysis
6 and 7	Chapter 7	Auditing techniques for source code and binary analysis
8 and 9	Chapters 9 and 10	Vulnerabilities and analysis for Unix/Linux systems
10	n/a	Project presentations and/or Interactive tutorials

Design Content Description

Not applicable to this course.

Prepared By

Melissa Danforth on 24 March 2015

Approval

Approved by CEE/CS Department on [date]
Effective Spring 2015