CAP6135: Malware and Software Vulnerability Analysis
(Spring 2010)

Home                      Schedule notes                        Assignment

The "written notes" are what the instructor writes on Tablet PC "Windows Journal" in each class. They can be read directly by Internet Explorer. If you use Firefox, you need to first install "unMHT" add-on to view them.

Class 1 (01/12):  Course introduction, how to give a good presentation
Class 2 (01/14):  Give good presentation (continue); software security introduction
Class 3 (01/19):  Software security intro (continue); basic network security introduction
Class 4 (01/21):  basic network security (continue)
                        reading materials: "Smashing The Stack For Fun And Profit", Alpha One
                                                  "Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade," Crispin Cowan, et al.
Class 5 (01/26):  Term project descriptionStack Overflow I: Attack Introduction
Class 6 (01/28):  Stack Overflow I: Attack Introduction (continue), Stack Overflow example using GDB, (written notes) Project 1 is assigned and due Feb. 11th via Webcourse
Class 7 (02/02):  Stack Overflow II: Defense
Class 8 (02/04):  Find Software Bugs
Class 9 (02/09):    Some explaination on project 1; Find Software Bugs (continue); Introduce instructor's ACSAC'07 best student award paper on fuzzing (written notes)
Class 10 (02/11): Program Verification & Other Types of Vulnerabilities
Class 11 (02/16): Email Spam (homework 1 is assigned and due Feb. 23rd)
Class 12 (02/18): Viruses
Class 13 (02/23): Worms
Class 14 (02/25): Botnets
Class 15 (03/02): Paper presentation and summary; Peer-to-peer botnets
Class 16 (03/04): Term project proposal presentation
          Spring Break
Class 17 (03/16):  Paper presentation:
                           (Jonathan Brant) "A Multifaceted Approach to Understanding the Botnet Phenomenon"
                           (Joshua Cox) "BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection"
Class 18 (03/18):  Paper presentation:
                           (Omar Hemmali) "An Inside Look at Botnets"
                           (Ryan Gates) "Polygraph: Automatic Signature Generation for Polymorphic Worms"
Class 19 (03/23):  Paper presentation:
                           (Arnold Perez) "Spamming Botnet: Signatures and Characteristics"
                           (Jaime Flores) "Dynamic Taint Analysis: Automatic Detection, Analysis, and Signature Generation of Exploit Attacks on Commodity Software"
Class 20 (03/25):  Paper presentation:
                           (Clayton Andrews) "EXE: automatically generating inputs of death"
                           (Meenakshi Lakshmikanthan) "Beyond stack smashing: recent advances in exploiting buffer overruns"
Class 21 (03/30):  Paper presentation:
                           (Jeremy Weinstein) "Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds"
                           (Mahadevan Vasudevan) "Automated Whitebox Fuzz Testing"
Class 22 (04/01):  Paper presentation:
                          (Abirami Poonkundran) "A Low-cost Attack on a Microsoft CAPTCHA"
                          (Vara Sriboonlue) "Countering Kernel Rootkits with Lightweight Hook Protection"
Class 23 (04/06):  Paper presentation:
                          (Kathryn McBride) "VMwatcher: Detecting Stealthy Malware Through Hypervisor-Based "Out-of-the-Box" Semantic View Reconstruction"
                          (Vignesh Saravanaperumal) "All Your iFRAMEs Point to Us"
Class 24 (04/08): Paper presentation:
                          (Joey Thompson) "Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers"
                          (Brett Hodges) "Non-control-data attacks are realistic threats"
Class 25 (04/13): Tegrity video lecture: Modeling of Internet worms and botnets
Class 26 (04/15): Tegrity video lecture: Honeypot, DDoS, and Rootkit
Class 27 (04/20): No lecture
Class 28 (04/22): No lecture, finishing your term project for submission
Research papers for in-class presentation:

Software Security:
1. (Ryan Gates) "Polygraph: Automatic Signature Generation for Polymorphic Worms",  James Newsome, Brad Karp, Dawn Song. In IEEE Security and Privacy Symposium, May 2005.
2. (Jaime Flores) "Dynamic Taint Analysis: Automatic Detection, Analysis, and Signature Generation of Exploit Attacks on Commodity Software", James Newsome and Dawn Song. In Network and Distributed Systems Security Symposium, Feb 2005.
3. (Clayton Andrews) "EXE: automatically generating inputs of death", Cadar, Cristian and Ganesh, Vijay and Pawlowski, Peter M. and Dill, David L. and Engler, Dawson R.,  13th ACM conference on Computer and communications security (CCS), 2006.
4. (Meenakshi Lakshmikanthan) "Beyond stack smashing: recent advances in exploiting buffer overruns", J. Pincus and B. Baker, IEEE Security & Privacy Magazine, 2004.
5.  (Brett Hodges) "Non-control-data attacks are realistic threats", Chen, Shuo and Xu, Jun and Sezer, Emre C. and Gauriar, Prachi and Iyer, Ravishankar K.,  14th conference on USENIX Security Symposium, 2005.
6. (Mahadevan Vasudevan) "Automated Whitebox Fuzz Testing", P. Godefroid, M.Y. Levin, D. Molnar, Annual Network & Distributed System Security Symposium (NDSS) 2008.

Botnets:
1.  (Omar Hemmali) "An Inside Look at Botnets", Barford, Paul and Yegneswaran, Vinod.In Series: Advances in Information Security, Springer, 2006, ISBN ISBN-10: 0-387-32720-7.
2. (Jonathan Brant) "A Multifaceted Approach to Understanding the Botnet Phenomenon". Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis,  Internet Measurement Conference, IMC'06, Brazil, October 2006.
3. (Joshua Cox) "BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection." Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee. 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008.
4.  (Arnold Perez) "Spamming Botnet: Signatures and Characteristics". Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten, and Ivan Osipkov. SIGCOMM, 2008.

Web Security:
1. (Vignesh Saravanaperumal) "All Your iFRAMEs Point to Us." Niels Provos and Panayiotis Mavrommatis, Moheeb Abu Rajab, Fabian Monrose. 17th USENIX Security Symposium, San Jose, CA, 2008.
2. "Protecting Browsers from Extension Vulnerabilities", Adam Barth, Adrienne Porter Felt, Prateek Saxena, and Aaron Boodman. 17th Network and Distributed System Security Symposium (NDSS), 2010.
3. (Joey Thompson) "Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers", IEEE Symposium on Security and Privacy (Oakland'09), Oakland, CA, May 2009.
4. (Jeremy Weinstein) "Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds", Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage, Proceedings of the ACM Conference on Computer and Communications Security, Chicago, IL, November 2009.

Others:
1. (Abirami Poonkundran) "A Low-cost Attack on a Microsoft CAPTCHA", Jeff Yan, Ahmad Salah El Ahmad, ACM conference on Computer and communications security (CCS), 2008.
2. (Kathryn McBride) "VMwatcher: Detecting Stealthy Malware Through Hypervisor-Based "Out-of-the-Box" Semantic View Reconstruction". Xuxian Jiang, Xinyuan Wang, Dongyan Xu. 14th ACM Conference on Computer and Communications Security (CCS), 2007.
3. (Vara Sriboonlue) "Countering Kernel Rootkits with Lightweight Hook Protection," Zhi Wang, Xuxian Jiang, Weidong Cui, Peng Ning, Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS 2009).