Instructor: Ben Holland

Class Meets: M/W/F 12:10-1:00pm in Gilman 2354

Open Help Hours: M/W/F 1:10-2:00pm in Gilman 1810

Syllabus: Revision 1

Teaching Assistants:

• Bryan Hall
• Payas Awadhutkar

---

Course Schedule

Week 01, 08/20 - 08/24: Course Introduction

• Monday, August 20, 2018
  • Lecture: Welcome, SE421.java
  • Review: Syllabus
  • Reading: Reflections on Trusting Trust
  • Assignment: Assignment 1, PDF (due Monday, August 27, 2018 Wednesday, August 29, 2018 at 12 PM noon)
• Wednesday, August 22, 2018
  • Guest Lecture: Software Graph Models by Suresh Kothari (Richardson Professor - Iowa State University)
• Friday, August 24, 2018
  • In Class Activity: ClassActivity1.pdf, ClassActivity1.java, Quine.java

Week 02, 08/27 - 08/31: Binary Exploitation Part 1

• Monday, August 27, 2018
  • Announcement: Assignment 1 extended until Wednesday at 12PM noon
  • Lecture: Buffer Overflows, Puzzle1.java
  • Reading: Smashing The Stack For Fun And Profit
  • Simulator: bomod
  • Virtual Machine: HackingLive.ova (VirtualBox only)
  • Suggested Reference: Hacking: The Art of Exploitation (2nd Edition)
• Wednesday, August 29, 2018
  • Due: Assignment 1 at 12PM noon
  • Assignment: Assignment 2, PDF (due Friday, September 7, 2018 at 12:00 PM noon)
  • Lecture: Continuation of Buffer Overflows, Puzzle2.java
• Friday, August 31, 2018
  • Lecture: Continuation of Buffer Overflows, CrackMe1.java

Week 03, 09/03 - 09/07: Binary Exploitation Part 2

• Monday, September 3, 2018
  • Labor Day (No Class)
• Wednesday, September 5, 2018
  • Lecture: Continuation of Buffer Overflows
  • In Class Activity: ClassActivity2.pdf, Puzzle3.java
• Friday, September 7, 2018
  • Due: Assignment 2 at 12:00 PM noon
  • Lecture: Atlas Query Language, Puzzle4.java
  • Resource: Atlas Installation Guide
  • Assignment: Assignment 3, PDF (due Monday, September 17, 2018 at 12:00 PM noon)

Week 04, 09/10 - 09/14: Control Flow Graphs + Path Counting

• Monday, September 9, 2018
  • Reading: Control Flow Analysis
  • In Class Activity: ClassActivity3.pdf, Puzzle5.java
• Wednesday, September 12, 2018
  • In Class Activity: Continuation of ClassActivity3.pdf, Puzzle6.java
• Friday, September 14, 2018
  • Lecture: Path Counting, Puzzle7.java, Puzzle8.java

Week 05, 09/17 - 09/21: Data Flow Graphs + Points-to Analysis

• Monday, September 17, 2018
  • Due: Assignment 3 at 12:00 PM noon
  • Guest Lecture: Software Security in Practice by John Chargo (Senior Engineering Manager - Rockwell Collins)
  • Reminder: Engineering Career Fair on September 18, 2018…go to it!
• Wednesday, September 19, 2018
  • Lecture: Data Flow Graphs, Puzzle9.java
• Friday, September 21, 2018
  • Readings: Pointer Analysis, Pointer Analysis: Haven’t We Solved This Problem Yet?
  • Assignment: Assignment 4, PDF (due Monday, October 1, 2018 at 12:00 PM noon)
  • Lecture: Points-to Analysis, Puzzle10.java

Week 06, 09/24 - 09/28: Midterm 1

• Monday, September 24, 2018
  • In Class Activity: ClassActivity4.pdf, Puzzle11.java
• Wednesday, September 26, 2018
  • Review: MidtermExam1Review.pdf, Puzzle12.java
• Friday, September 28, 2018
  • Midterm Exam 1

Week 07, 10/01 - 10/05: Call Graph Construction

• Monday, October 1, 2018
  • Due: Assignment 4 at 12:00 PM noon
  • Assignment: Assignment 5, PDF (due Monday, October 8, 2018 at 12:00 PM noon)
  • Readings: Optimization of Object-Oriented Programs Using Static Class Hierarchy Analysis, Fast Static Analysis of C++ Virtual Function Calls, Scalable Propagation-Based Call Graph Construction Algorithms
  • Q/A: Midterm 1 Results
  • Lecture: CallGraphConstruction.pdf, Puzzle13.java
• Wednesday, October 3, 2018
  • Continuation of CallGraphConstruction.pdf
• Friday, October 5, 2018
  • Class Activity: Work on Assignment 5
  • Extra Credit: Extra Credit Assignment 1, PDF (due on Monday, November 26, 2018 at 12:00 PM noon)
  • Anonymous Feedback

Week 08, 10/08 - 10/12: Program Slicing + Taint Analysis + Projected Control Graphs

• Monday, October 8, 2018
  • Due: Assignment 5 at 12:00 PM noon
  • Reading: Program slicing, The program dependence graph and its use in optimization, Interprocedural slicing using dependence graphs, A Survey of Program Slicing Techniques
  • Lecture: ProgramSlicing.pdf, Puzzle14.java
• Wednesday, October 10, 2018
  • Assignment: Assignment 6, PDF (due Friday, October 19, 2018 at 12:00 PM noon)
  • Lecture: ProjectedControlGraphs.pdf, Puzzle15.java
• Friday, October 12, 2018
  • Lecture: Building Tools to Verify Linux by Payas Awadhutkar, puzzle16.c

Week 09, 10/15 - 10/19: Dynamic Analysis

• Monday, October 15, 2018
  • Lecture: DynamicAnalysis.pdf, Puzzle17.java
  • Class Activity: Work on Assignment 6
• Wednesday, October 17, 2018
  • Guest Lecture: Machine Learning in Security by Benjamin Blakely (Cyber Security Researcher - Argonne National Laboratory)
• Friday, October 19, 2018
  • Due: Assignment 6 at 12:00 PM noon
  • Review: MidtermExam2Review.pdf, Puzzle18.java

Week 10, 10/22 - 10/26: Web Security

• Monday, October 22, 2018
  • Midterm Exam 2
• Wednesday, October 24, 2018
  • Q/A: Midterm 2 Results
  • Lecture: WebSecurity.pdf, Puzzle19.java
  • Assignment: Vulnerability Assessment Report (Project Part 1)
  • Assignment: Penetration Test Report + Presentation Slides (Project Part 2)
• Friday, October 26, 2018: Last day to drop
  • Class Activity: Security Escape Room by Nichole Dugan (Chief Information Security Officer - Iowa Department of Public Health)

Week 11, 10/29 - 11/02: Web Security + Algorithmic Complexity and Side Channel Attacks

• Monday, October 29, 2018
  • Lecture: Building Tools to Detect Algorithmic Complexity Vulnerabilities by Payas Awadhutkar
• Wednesday, October 31, 2018
  • Lecture: Continuation of WebSecurity.pdf, Puzzle20.java
• Friday, November 2, 2018
  • Lecture: Continuation of WebSecurity.pdf, Puzzle21.java

Week 12, 11/05 - 11/09: Threat Modeling + Secure Software Development

• Monday, November 5, 2018
  • Guest Lecture: Threat Modeling by Ben Schmitt (Vice President of Information Security - Dwolla) and Chen Cao (Information Security Analyst - Dwolla)
• Wednesday, November 7, 2018
  • Lecture: Requirements Traceability by Bryan Hall
• Friday, November 9, 2018
  • Lecture: Managed Code Rootkits

Week 13, 11/12 - 11/16: Penetration Testing + Privacy + IoT

• Monday, November 12, 2018
  • Guest Lecture: Penetration Testing by Ben Schmitt (Vice President of Information Security - Dwolla) and Chen Cao (Information Security Analyst - Dwolla)
• Wednesday, November 14, 2018
  • Lecture: GDPR and Privacy by Bryan Hall
• Friday, November 16, 2018
  • Lecture: IoT by Bryan Hall

Week 14, 11/19 - 11/23: Thanksgiving (No Classes)

Week 15, 11/26 - 11/30: Final Project Engagement (Attack Phase)

• Monday, November 26, 2018
  • Due: Extra Credit Assignment 1 at 11:59 PM (1 minute to midnight)
  • Due: Final Project Vulnerability Assessment Report at 11:59 PM (1 minute to midnight)

Week 16, 12/03 - 12/07 (Dead Week): Modern Trends in Program Analysis

• Wednesday, December 5, 2018
  • Due: Final Project Penetration Test Report at 12:00pm noon
  • Due: Optional Resubmission of Final Project Vulnerability Assessment Report at 12:00pm noon
  • First Set of Presentations (odd teams)
• Friday, December 7, 2018
  • Second Set of Presentations (even teams)

Week 17, 12/10 - 12/14: Final Exams

• Required Final Exam Activity during two hour period arranged by First Contact Hour (see https://www.registrar.iastate.edu/students/exams/fallexams#stand)
  • Final Exam Period: Wednesday Dec. 12 @ 2:15-4:15 PM