Enterprise and IT Security

Der fortgeschrittene Master-Studiengang Enterprise and IT Security (ENITS) öffnet Türen und hilft auf dem Weg zur Führungsposition im Bereich IT-Sicherheit.
Bewerbung
Fakultät M

Modulhandbuch

 Zurück 

Software Security

Prerequisite

The course stands on its own. Prior knowledge of Assembly and C is beneficial, but not required.
Teaching methods Lecture/Lab
Learning target / Competences

After successful participation in the course students shall have

  • knowledge and application skills with selected tools for “reverse engineering”
  • familiarity with basic considerations of security for software components and ability to evaluate them
  • understanding of the impact of security vulnerabilities within software components and competence in hardening/mitigating them
Duration 1
Hours per week 4.0
Overview
Classes 60
Individual / Group work:
Workload 360
ECTS 6.0
Credits and grades

written exam, 90 min. (K90, Software Security) and report (BE, Lab Software Security)
Responsible person

Prof. Dr. Dirk Westhoff
Recommended semester 1
Frequency Every 2nd sem.
Usability

Comprehensive knowledge of “reverse engineering” approaches and the capability to judge the security of software-components are increasingly required by potential employers of computer-science graduates.
Lectures

Software Security

Type Lecture
Nr. M+I809
Hours per week 2.0
Content

Introduction

  • historical considerations of “reverse engineering” and software security assessment

Reverse engineering

  • overview of reverse engineering tools (system tools, disassemblers, debuggers, decompilers)
  • detailed introduction to different tools, such as gdb and radare2
  • introduction to Assembly and C, with practical examples of reverse engineering
  • architecture-specific differences of reverse engineering of software components
  • introduction of obfuscation methods for hardening

Software security assessment

  • overview of security-critical vulnerabilities in software components (e.g. memory-corruption vulnerability, format-string vulnerability)
  • impact of vulnerabilities with practical examples of “exploitation”
  • detection of vulnerabilities by means of reverse engineering
  • introduction to various security mechanisms for mitigation of such vulnerabilities (data execution prevention, address space layout randomization, stack canaries, etc.)
Literature
  • Mark Dowd, John McDonald, Justin Schuh, The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities, 2006.
  • Eldad Eilam, Reversing: Secrets of Reverse Engineering, 2005.
  • Bruce Dang, Alexandre Gazet, Elias Bachaalany, Sébastien Josse, Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation, 2014.

Software Security Lab

Type Lab
Nr. M+I810
Hours per week 2.0
Content

See M+I809 Software Security
Literature

See M+I809 Software Security
 Zurück