Course Description

This course will offer to the students the defense and offense techniques of software security. The expected outcome of the course is a good understanding of software security knowledge, so that the students will be able to identify potential software security issues and defend against them.

The course will cover the following topics:

• Fundamental Reverse Engineering and Binary Analysis
• Vulnerability Analysis
• Ethical Hacking
• Vulnerability Mitigation and Defense
• Software Testing
• State-of-the-art Vulnerability Discovery Techniques

Recommended Textbook

This course does not have a textbook

How this course works

This course is a hybrid course with self learning and in-class teaching.

• Self Learning: We will post self-learning materials (videos + slides) each week, and the students need to learn the materials before the next online class.

• In-class Teaching: We will work on a lab task together. Students need to follow the steps and solve a challenge during the class. The progress that students made during or shortly after the class will be counted as in-class milestone points.

Prerequisites

This course expect the students know the following techniques in prior:

• Operate Linux OS with bash commands
• Write programs in Python and bash
• Understand C programs
• Understand x86/x86-64 assembly

We will go over most of the prerequisites in the second week of the class. If you come across significant difficulties in the second week’s lecture, you would want to consider to not to take this course.

Communication

We will use Discord for discussions outside of class. Rather than emailing general questions to a professor or TA, we encourage you to ask your questions through CSE545 Discord, so everyone can benefit from the answer and any discussions around it. Leveraging the skills from How to Ask Questions the Smart Way will increase the chances of getting your question answered fast.

Grading

The total points are allocated as follows:

• 85% Assignments
• 15% Final CTF
• 10% In-class milestone points

We will have 3-7 assignments in this course.

We translate a percentage into a letter grade as follows:

• 100 and above: A+
• 93 – 99.9: A
• 90 - 92.9: A-
• 86 – 89.9: B+
• 83 – 85.9: B
• 80 – 82.9: B-
• 74 – 79.9: C+
• 70 – 73.9: C
• 60 – 69.9: D
• 59.5 and below: F

We may adjust the letter grade based on the score distribution.

Y Grade

Per ASU Policy: Y grades will satisfy C minimum requirements. However, grad students still need B grades in the following:

• Deficiency courses
• Core/Area courses
• Portfolio courses (except RAS-AI students)
• Culminating experience courses

If you want to request a Y grade, please contact the instructor.

Ethics, and Cheating

The course staff will treat all students ethically and fairly. We, in turn, expect the same from all students.

Any lapse in ethical behavior will immediately result in −1,000,000 points, as well as be immediately reported to the appropriate university disciplinary unit. Really. No matter what. The course staff looks at students who cheat or plagiarize as far beneath someone who fails the course.

This course will follow ASU’s Academic Integrity Policy. Note that the policy gives several examples of what constitutes cheating and plagiarism. If you have any questions, you should contact the instructors.

Students should behave ethically. This means obeying the law, but that is not enough. Behaving ethically means you avoid activities that do harm or may do harm to people, the environment, or other computers. In short, don’t be a nuisance.

Note just because you can do something (or you read about others doing it) does not make it OK. For example, scanning a network may not be illegal (I am not a lawyer, so I shy away from definitive statements). However, scanning can crash computers. For example, we know of several very popular commodity-grade IP cameras that crash when you scan them. Sure, the camera software is buggy. But is there any reason for you, not being a professional, to crash a camera monitoring a baby? Launching exploits, “testing” the security of a system without explicit permission from all necessary parties, and so on are all unethical for the purpose of this course.

Collaboration. Students are encouraged to talk to each other, to the course staff, or to anyone else about any of the assignments. Assistance should be limited to discussion of the problem and sketching general approaches to a solution. Each student must turn in his or her own solution, derived from his or her own thoughts. Course staff may verify a student did the prescribed work by asking for a verbal explanation, and failure to correctly re-explain a submitted solution is considered a strong indication of cheating.

Work-life Balance

Take care of yourself. Do your best to maintain a healthy lifestyle this semester by eating well, exercising, avoiding drugs and alcohol, getting enough sleep and taking some time to relax. This will help you achieve your goals and cope with stress.

All of us benefit from support during times of struggle. You are not alone. There are many helpful resources available on campus and an important part of the college experience is learning how to ask for help. Asking for support sooner rather than later is often helpful.

If you or anyone you know experiences any academic stress, difficult life events, or feelings like anxiety or depression, we strongly encourage you to seek support. ASU Counseling Services offers help 24/7. Consider reaching out to a friend, faculty or family member you trust for help getting connected to the support that can help.

If you have questions about this or your coursework, please let us know.