18732 Secure Software Systems
Prerequisites:The prerequisites of this class include 18730 (Introduction to
Computer
Security), an undergraduate Operating System class, proficient
programming
in C and Java, and familarity with assembly language. Topics Covered in Class: Software vulnerabilities: study the causes and
manifestations
of different forms of vulnerabilities, including language dependent
vulnerabilities
(buffer overrun, format string vulnerabilities, etc.), language
independent
vulnerabilities (race conditions, concurrency vulnerabilities,
privilege
control, etc.), and viruses, etc. Class Format:Each class will involve lecturing and some discussions on related topics. 1 to 3 research papers will be assigned as reading requirements for each class. Reading assignments will be posted to the class web site several days before the class. Students must read the assigned papers before each class and write a short summary to be turned in electronically before class. The summaries should be sent to 18732-f05-summaries@lists.andrew.cmu.edu in plain text format (no attachment). Each summary should contain a description of the technical approach in the paper, three technical points that you learned from the paper, and three most significant flaws that you discovered in the paper. Grading:
Format Requirements for Project ReportThe project report should be written in LaTex.Template for the project report You should write your contents in a separate file and include it in project.tex using the "\input{your-flie-name}" line. The bibliography should be included in the .bib tex file. If you are not familiar with LaTex, you may also use Lyx at http://www.lyx.org. Requirements for Scribe NotesThe scribe notes should be written in LaTex, using the template provided on blackboard. You should write your contents in a separate file (name it by the date) and include it in scribe.tex using the "\input{your-file-name}" line. For example, the scribe for lecture on Sep 14 should be named 0914.tex. The new bibtex entries should be included in a new .bib file; e.g., 0914.bib in the above example. The new figures should be named using the date as prefix as well; e.g., 0914-1.eps in the above example.Submission guidlines:
Resources:Information about the class will be available at http://www.ece.cmu.edu/~dawnsong/teaching/f05. Course information, announcements, and reading assignments will be posted to this site. We will also be using the CMU Blackboard site for this course. To access the site, go to http://www.cmu.edu/blackboard and log in. If you are enrolled in the course, it will appear under my courses.If you have a question about the course, including course logistics or material we have covered, please post it to the Discussion Board. It's on the course blackboard site, under Communications. You may also send mail to 18732-f05-general@lists.andew.cmu.edu. WarningWe may discuss vulnerabilities in widely-deployed computer systems in class. This is not intended as an invitation to go exploit those vulnerabilities. CMU's policy (and my policy) on this should be clear: you may not break into machines that are not your own; you may not attempt to attack or subvert system security. Breaking into other people's systems is inappropriate, and the existence of a security hole is no excuse. |