CSE 5474
Transcript Abbreviation:
Software Security
Course Description:
Software security fundamentals, secure coding principles and practices, common software vulnerabilities, memory exploits (shell code), vulnerability analysis (e.g., reverse engineering, fuzzing and symbolic execution), and defenses against common vulnerability exploitation.
Course Levels:
Undergraduate (1000-5000 level)
Graduate
Designation:
Elective
General Education Course:
(N/A)
Cross-Listings:
(N/A)
Credit Hours (Minimum if “Range”selected):
3.00
Max Credit Hours:
(N/A)
Select if Repeatable:
Off
Maximum Repeatable Credits:
(N/A)
Total Completions Allowed:
(N/A)
Allow Multiple Enrollments in Term:
No
Course Length:
14 weeks (autumn or spring)
Off Campus:
Never
Campus Location:
Columbus
Instruction Modes:
In Person (75-100% campus; 0-24% online)
Prerequisites and Co-requisites:
Prereq: 2431, or Grad standing.
Electronically Enforced:
No
Exclusions:
(N/A)
Course Goals / Objectives:
Be competent with software vulnerability understanding and assessment
Be competent with program analysis for software vulnerability discovery
Be competent with software hardening countermeasures
Be familiar with secure coding principles and practice
Be familiar with software threats in new emerging platforms
Check if concurrence sought:
No
Contact Hours:
| Topic | LEC | REC | LAB | LAB Inst |
|---|---|---|---|---|
| Secure software principles and practice | 3.0 | 0.0 | 0.0 | 0 |
| Memory safety, memory corruption & vulnerabilities | 12.0 | 0.0 | 0.0 | 0 |
| Vulnerability identification (fuzzing, symbolic execution) | 6.0 | 0.0 | 0.0 | 0 |
| Exploit development (Shellcode, Return oriented programming) | 9.0 | 0.0 | 0.0 | 0 |
| Defenses: Canary, address space layout randomization (ASLR), data execution prevention (DEP), control flow integrity (CFI), software fault isolation (SFI) | 12.0 | 0.0 | 0.0 | 0 |
| Total | 42 | 0 | 0 | 0 |
Grading Plan:
Letter Grade
Course Components:
Lecture
Grade Roster Component:
Lecture
Credit by Exam (EM):
No
Grades Breakdown:
| Aspect | Percent |
|---|---|
| Capture-the-flag (CTF) contest | 80% |
| Final exam | 15% |
| Class participation | 5% |
Representative Textbooks and Other Course Materials:
| Title | Author | Year |
|---|---|---|
| Hacking: The Art of Exploitation, 2nd Edition | Erickson, Jon | |
| Computer Systems: A Programmer's Perspective | Randal E. Bryant and David R. O'Hallaron |
ABET-CAC Criterion 3 Outcomes:
| Outcome | Contribution | Description |
|---|---|---|
| 1 | Substantial contribution (3-6 hours) | Analyze a complex computing problem and to apply principles of computing and other relevant disciplines to identify solutions. |
| 2 | Significant contribution (7+ hours) | Design, implement, and evaluate a computing-based solution to meet a given set of computing requirements in the context of the program’s discipline. |
| 3 | Substantial contribution (3-6 hours) | Communicate effectively in a variety of professional contexts. |
| 4 | Substantial contribution (3-6 hours) | Recognize professional responsibilities and make informed judgments in computing practice based on legal and ethical principles |
| 6 | Some contribution (1-2 hours) | Apply computer science theory and software development fundamentals to produce computing-based solutions. |
ABET-ETAC Criterion 3 Outcomes:
(N/A)
ABET-EAC Criterion 3 Outcomes:
| Outcome | Contribution | Description |
|---|---|---|
| 1 | Substantial contribution (3-6 hours) | an ability to identify, formulate, and solve complex engineering problems by applying principles of engineering, science, and mathematics |
| 2 | Significant contribution (7+ hours) | an ability to apply engineering design to produce solutions that meet specified needs with consideration of public health, safety, and welfare, as well as global, cultural, social, environmental, and economic factors |
| 3 | Substantial contribution (3-6 hours) | an ability to communicate effectively with a range of audiences - pre-2019 EAC SLO (g) |
| 4 | Substantial contribution (3-6 hours) | an ability to recognize ethical and professional responsibilities in engineering situations and make informed judgments, which must consider the impact of engineering solutions in global, economic, environmental, and societal contexts |
| 6 | Significant contribution (7+ hours) | an ability to develop and conduct appropriate experimentation, analyze and interpret data, and use engineering judgment to draw conclusions |
| 7 | Substantial contribution (3-6 hours) | an ability to acquire and apply new knowledge as needed, using appropriate learning strategies |
Embedded Literacies Info:
Attachments:
(N/A)
Additional Notes or Comments:
(N/A)
Basic Course Overview:
CSE_5474_basic.pdf
(9.68 KB)