COMP6236 Software Security
Module Overview
This module focuses on both theoretical and practical perspectives in the security of software and software systems, by exploring software analysis and reverse engineering. The aims of the module at a high level are to: - Explore common threats to the secure operation of software systems - Give students exposure to software system analysis and penetration of software systems - Provide practical skills in malware analysis and reverse engineering
Aims and Objectives
Learning Outcomes
Knowledge and Understanding
Having successfully completed this module, you will be able to demonstrate knowledge and understanding of:
- Common issues affecting the security of software systems
- Software analysis
- Reverse Engineering of Software
Subject Specific Intellectual and Research Skills
Having successfully completed this module you will be able to:
- Describe specific methods for exploiting software systems
Transferable and Generic Skills
Having successfully completed this module you will be able to:
- Recognise software vulnerabilities and protection in a range of application domains
Subject Specific Practical Skills
Having successfully completed this module you will be able to:
- Identify security weaknesses in software systems and applications
- Undertake basic reverse engineering of software
Syllabus
The syllabus includes the following topics: - Understanding software threats and hazards, types of attack and attacker - Software Vulnerabilities (memory violation, input validation, privilege escalation) - OS vulnerabilities: patch management, rootkits and viruses - Penetration testing of software systems - Malware analysis - Static/dynamic analysis of software systems - Reverse engineering of suspicious code
Learning and Teaching
Teaching and learning methods
The module will be delivered through up to 36 lectures, which will include at least two regular lectures each week, in addition to tutorial and practical sessions. The tutorial and practical sessions are designed to support students and prepare them to take the assignment.
| Type | Hours |
|---|---|
| Follow-up work | 18 |
| Completion of assessment task | 46 |
| Preparation for scheduled sessions | 18 |
| Wider reading or practice | 22 |
| Revision | 10 |
| Teaching | 36 |
| Total study time | 150 |
Resources & Reading list
Dieter Gollman (2011). Computer Security.
Eldad Eilam (2005). Reversing: Secrets of Reverse Engineering.
Assessment
Summative
| Method | Percentage contribution |
|---|---|
| Continuous Assessment | 100% |
Repeat
| Method | Percentage contribution |
|---|---|
| Set Task | 100% |
Referral
| Method | Percentage contribution |
|---|---|
| Set Task | 100% |
Repeat Information
Repeat type: Internal & External