Instructor: Ben Holland
Class Meets: M/W/F 12:10-1:00pm in Gilman 2354
Open Help Hours: M/W/F 1:10-2:00pm in Gilman 1810
Syllabus: Revision 1
Teaching Assistants:
Course Schedule
Week 01, 08/20 - 08/24: Course Introduction
- Monday, August 20, 2018
- Lecture: Welcome, SE421.java
- Review: Syllabus
- Reading: Reflections on Trusting Trust
- Assignment: Assignment 1, PDF (due
Monday, August 27, 2018Wednesday, August 29, 2018 at 12 PM noon)
- Wednesday, August 22, 2018
- Guest Lecture: Software Graph Models by Suresh Kothari (Richardson Professor - Iowa State University)
- Friday, August 24, 2018
- In Class Activity: ClassActivity1.pdf, ClassActivity1.java, Quine.java
Week 02, 08/27 - 08/31: Binary Exploitation Part 1
- Monday, August 27, 2018
- Announcement: Assignment 1 extended until Wednesday at 12PM noon
- Lecture: Buffer Overflows, Puzzle1.java
- Reading: Smashing The Stack For Fun And Profit
- Simulator: bomod
- Virtual Machine: HackingLive.ova (VirtualBox only)
- Suggested Reference: Hacking: The Art of Exploitation (2nd Edition)
- Wednesday, August 29, 2018
- Due: Assignment 1 at 12PM noon
- Assignment: Assignment 2, PDF (due Friday, September 7, 2018 at 12:00 PM noon)
- Lecture: Continuation of Buffer Overflows, Puzzle2.java
- Friday, August 31, 2018
- Lecture: Continuation of Buffer Overflows, CrackMe1.java
Week 03, 09/03 - 09/07: Binary Exploitation Part 2
- Monday, September 3, 2018
- Labor Day (No Class)
- Wednesday, September 5, 2018
- Lecture: Continuation of Buffer Overflows
- In Class Activity: ClassActivity2.pdf, Puzzle3.java
- Friday, September 7, 2018
- Due: Assignment 2 at 12:00 PM noon
- Lecture: Atlas Query Language, Puzzle4.java
- Resource: Atlas Installation Guide
- Assignment: Assignment 3, PDF (due Monday, September 17, 2018 at 12:00 PM noon)
Week 04, 09/10 - 09/14: Control Flow Graphs + Path Counting
- Monday, September 9, 2018
- Reading: Control Flow Analysis
- In Class Activity: ClassActivity3.pdf, Puzzle5.java
- Wednesday, September 12, 2018
- In Class Activity: Continuation of ClassActivity3.pdf, Puzzle6.java
- Friday, September 14, 2018
- Lecture: Path Counting, Puzzle7.java, Puzzle8.java
Week 05, 09/17 - 09/21: Data Flow Graphs + Points-to Analysis
- Monday, September 17, 2018
- Due: Assignment 3 at 12:00 PM noon
- Guest Lecture: Software Security in Practice by John Chargo (Senior Engineering Manager - Rockwell Collins)
- Reminder: Engineering Career Fair on September 18, 2018…go to it!
- Wednesday, September 19, 2018
- Lecture: Data Flow Graphs, Puzzle9.java
- Friday, September 21, 2018
- Readings: Pointer Analysis, Pointer Analysis: Haven’t We Solved This Problem Yet?
- Assignment: Assignment 4, PDF (due Monday, October 1, 2018 at 12:00 PM noon)
- Lecture: Points-to Analysis, Puzzle10.java
Week 06, 09/24 - 09/28: Midterm 1
- Monday, September 24, 2018
- In Class Activity: ClassActivity4.pdf, Puzzle11.java
- Wednesday, September 26, 2018
- Review: MidtermExam1Review.pdf, Puzzle12.java
- Friday, September 28, 2018
- Midterm Exam 1
Week 07, 10/01 - 10/05: Call Graph Construction
- Monday, October 1, 2018
- Due: Assignment 4 at 12:00 PM noon
- Assignment: Assignment 5, PDF (due Monday, October 8, 2018 at 12:00 PM noon)
- Readings: Optimization of Object-Oriented Programs Using Static Class Hierarchy Analysis, Fast Static Analysis of C++ Virtual Function Calls, Scalable Propagation-Based Call Graph Construction Algorithms
- Q/A: Midterm 1 Results
- Lecture: CallGraphConstruction.pdf, Puzzle13.java
- Wednesday, October 3, 2018
- Continuation of CallGraphConstruction.pdf
- Friday, October 5, 2018
- Class Activity: Work on Assignment 5
- Extra Credit: Extra Credit Assignment 1, PDF (due on Monday, November 26, 2018 at 12:00 PM noon)
- Anonymous Feedback
Week 08, 10/08 - 10/12: Program Slicing + Taint Analysis + Projected Control Graphs
- Monday, October 8, 2018
- Due: Assignment 5 at 12:00 PM noon
- Reading: Program slicing, The program dependence graph and its use in optimization, Interprocedural slicing using dependence graphs, A Survey of Program Slicing Techniques
- Lecture: ProgramSlicing.pdf, Puzzle14.java
- Wednesday, October 10, 2018
- Assignment: Assignment 6, PDF (due Friday, October 19, 2018 at 12:00 PM noon)
- Lecture: ProjectedControlGraphs.pdf, Puzzle15.java
- Friday, October 12, 2018
- Lecture: Building Tools to Verify Linux by Payas Awadhutkar, puzzle16.c
Week 09, 10/15 - 10/19: Dynamic Analysis
- Monday, October 15, 2018
- Lecture: DynamicAnalysis.pdf, Puzzle17.java
- Class Activity: Work on Assignment 6
- Wednesday, October 17, 2018
- Guest Lecture: Machine Learning in Security by Benjamin Blakely (Cyber Security Researcher - Argonne National Laboratory)
- Friday, October 19, 2018
- Due: Assignment 6 at 12:00 PM noon
- Review: MidtermExam2Review.pdf, Puzzle18.java
Week 10, 10/22 - 10/26: Web Security
- Monday, October 22, 2018
- Midterm Exam 2
- Wednesday, October 24, 2018
- Q/A: Midterm 2 Results
- Lecture: WebSecurity.pdf, Puzzle19.java
- Assignment: Vulnerability Assessment Report (Project Part 1)
- Assignment: Penetration Test Report + Presentation Slides (Project Part 2)
- Friday, October 26, 2018: Last day to drop
- Class Activity: Security Escape Room by Nichole Dugan (Chief Information Security Officer - Iowa Department of Public Health)
Week 11, 10/29 - 11/02: Web Security + Algorithmic Complexity and Side Channel Attacks
- Monday, October 29, 2018
- Lecture: Building Tools to Detect Algorithmic Complexity Vulnerabilities by Payas Awadhutkar
- Wednesday, October 31, 2018
- Lecture: Continuation of WebSecurity.pdf, Puzzle20.java
- Friday, November 2, 2018
- Lecture: Continuation of WebSecurity.pdf, Puzzle21.java
Week 12, 11/05 - 11/09: Threat Modeling + Secure Software Development
- Monday, November 5, 2018
- Guest Lecture: Threat Modeling by Ben Schmitt (Vice President of Information Security - Dwolla) and Chen Cao (Information Security Analyst - Dwolla)
- Wednesday, November 7, 2018
- Lecture: Requirements Traceability by Bryan Hall
- Friday, November 9, 2018
- Lecture: Managed Code Rootkits
Week 13, 11/12 - 11/16: Penetration Testing + Privacy + IoT
- Monday, November 12, 2018
- Guest Lecture: Penetration Testing by Ben Schmitt (Vice President of Information Security - Dwolla) and Chen Cao (Information Security Analyst - Dwolla)
- Wednesday, November 14, 2018
- Lecture: GDPR and Privacy by Bryan Hall
- Friday, November 16, 2018
- Lecture: IoT by Bryan Hall
Week 14, 11/19 - 11/23: Thanksgiving (No Classes)
Week 15, 11/26 - 11/30: Final Project Engagement (Attack Phase)
- Monday, November 26, 2018
- Due: Extra Credit Assignment 1 at 11:59 PM (1 minute to midnight)
- Due: Final Project Vulnerability Assessment Report at 11:59 PM (1 minute to midnight)
Week 16, 12/03 - 12/07 (Dead Week): Modern Trends in Program Analysis
- Wednesday, December 5, 2018
- Due: Final Project Penetration Test Report at 12:00pm noon
- Due: Optional Resubmission of Final Project Vulnerability Assessment Report at 12:00pm noon
- First Set of Presentations (odd teams)
- Friday, December 7, 2018
- Second Set of Presentations (even teams)
Week 17, 12/10 - 12/14: Final Exams
- Required Final Exam Activity during two hour period arranged by First Contact Hour (see https://www.registrar.iastate.edu/students/exams/fallexams#stand)
- Final Exam Period: Wednesday Dec. 12 @ 2:15-4:15 PM