ISA 764 Security Experimentation

Spring 2011

Time and Place: Thursday 4:30~7:10pm at Engineering Building, Room 1505

Instructor: Dr. Xinyuan (Frank) Wang

Office: Room 5331, Engineering Building

Office phone: (703) 993-9461

Office hours: Wednesday 5:00~6:30PM or by appointment

Email: xwangc at gmu dot edu

 

Teaching Assistant: TBA

Office hours: TBA at Room 4456 Engineering Building

 

Course Description

The objective of this course is to prepare students for research or development in system security by providing systematic training of security experimentation. The course contains both research and hands-on components. Specifically, it emphasizes on practical and hands-on experiences in real world vulnerabilities (e.g., buffer overflow), threats, exploits (gaining remote shell) and defense (intrusion detection) in a controlled lab environment. In addition, the course brings the state of the art of system security to students and expose them to open problems (e.g., rootkit, malware analysis) in system security.

Course Outcomes

• First hand experience in system security experimentation.
• A knowledge of the state of the art of security experimentation.
• A deep understanding on security vulnerabilities, exploits and defense, as well as the technical challenges and fundamental limitations of existing system security solutions.
• Preparation to become either a capable practitioner or independent researcher in system security.

Course Prerequisite

ISA 562, ISA564, ISA 674; or permission by the instructor.

The students are expected to have good understanding on Unix/BSD/Linux operating system internals (e.g. system call internals, run-time memory organization, assembly language of x86). Proficiency in C programming is essential in order to be successful in the course projects.

Textbook and Readings

There is NO textbook for this course. The course is in form of seminars, and it is based on current research papers and technical reports!

Reference Books

• Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson.
• The Shellcoder's Handbook: Discovering and Exploiting Security Holes by Chris Anley etc.

Class Schedule (click to see)

Class schedule is tentative and subject to change. Please check frequently.

Grading

There will be NO written exams :)

However, there are 4 or 5 security lab assignments to be done individually, a research assignment with presentation and a open lab project to be done by small teams.

4 or 5 Lab Assignments	50%
Research Assignment	20%
Open Lab Project	20%
Class Discussion Participation	10%

The final grade is computed according to the following rules:

·        A+: >= 95%; A: [90%, 95%); A-: [85%, 90%)

·        B+: [80%, 85%);  B: [75%, 80%); B-: [70%, 75%)

·        C+: [66%, 70%); C: [63%, 66%); C-: [60%, 63%)

·        D+: [56%, 60%); D:[53%, 56%); D-: [50%, 53%)

·        F: < 50%.

Academic Integrity

All students are required to follow all university, school and department policies regarding academic integrity. Violator of the Honor Code will result in a grade of F for the course, as well as any penalties imposed by the university and/or the CS department.

Disability Statement

If you have a documented learning disability or other condition that may affect academic performance you should: 1) make sure this documentation is on file with the Office of Disability Services (SUB I, Rm. 222; 703-993-2474; www.gmu.edu/student/drc) to determine the accommodations you need; and 2) talk with me to discuss your accommodation needs. All academic accommodations must be arranged through the ODS.

Acknowledgement

This course contains materials provided by Dr. Xuxian Jiang (N. C. State University) .