Enterprise and IT Security (ENITS)

Do you aspire to a leadership position in the field of IT security? The advanced, comprehensive Master’s degree program Enterprise and IT Security (ENITS) of Offenburg University will open the doors for you and help you to achieve your goal.
Application
Media Department

Modul manual

 Zurück 

Software Security

Prerequisite

The course stands on its own. Prior knowledge of Assembly and C is beneficial, but not required.
Teaching methods Lecture/Lab
Learning target / Competences

After successful participation in the course students shall have

  • knowledge and application skills with selected tools for “reverse engineering”
  • familiarity with basic considerations of security for software components and ability to evaluate them
  • understanding of the impact of security vulnerabilities within software components and competence in hardening/mitigating them
Duration 1
SWS 4.0
Overview
Classes 60
Individual / Group work:
Workload 360
ECTS 6.0
Credits and grades

written exam, 90 min. (K90, Software Security) and report (BE, Lab Software Security)
Responsible person

Prof. Dr. Dirk Westhoff
Recommended semester 1
Frequency Every 2nd sem.
Usability

Comprehensive knowledge of “reverse engineering” approaches and the capability to judge the security of software-components are increasingly required by potential employers of computer-science graduates.
Lectures

Software Security

Type Vorlesung
Nr. M+I809
SWS 2.0
Content

Introduction

  • historical considerations of “reverse engineering” and software security assessment

Reverse engineering

  • overview of reverse engineering tools (system tools, disassemblers, debuggers, decompilers)
  • detailed introduction to different tools, such as gdb and radare2
  • introduction to Assembly and C, with practical examples of reverse engineering
  • architecture-specific differences of reverse engineering of software components
  • introduction of obfuscation methods for hardening

Software security assessment

  • overview of security-critical vulnerabilities in software components (e.g. memory-corruption vulnerability, format-string vulnerability)
  • impact of vulnerabilities with practical examples of “exploitation”
  • detection of vulnerabilities by means of reverse engineering
  • introduction to various security mechanisms for mitigation of such vulnerabilities (data execution prevention, address space layout randomization, stack canaries, etc.)
Literature
  • Mark Dowd, John McDonald, Justin Schuh, The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities, 2006.
  • Eldad Eilam, Reversing: Secrets of Reverse Engineering, 2005.
  • Bruce Dang, Alexandre Gazet, Elias Bachaalany, Sébastien Josse, Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation, 2014.

Software Security Labor

Type Labor
Nr. M+I810
SWS 2.0
Content

See M+I809 Software Security
Literature

See M+I809 Software Security
 Zurück