Topics and Goals: The instructor will cover topics including shellcode disassembly, memory protection, debugging, sandboxing (isolation & virtualization), reverse engineering, and intrusion recovery. We stress to students that this course is not solely a ``How-To'' training guide for a particular tool chest. This course relies on underlying principles for thinking about how systems can be made to fail, and its central aim is to help students understand the following abstract concepts:
The course will start with an overview of the ethical considerations
involved in adopting a security analysis mindset. Additional ethical
considerations will be introduced as necessary. Students will be
required to adhere to the Agreement and Policy documents posted at:
Prerequisites and Related Coursework: The course assumes some familiarity with computer architecture and basic OS concepts. A background in writing C programs may help. CPSC 625: ``Principles of Computer Security'' is recommended but not required. CPSC 325 may supply background knowledge on Intel machine architecture. Students may find the course useful in conjunction with CPSC 627 and CPSC 628 for understanding related topics like code injection, rootkits, spam, botnets, spyware, and malware creation and operations.
|Michael E. Locasto||Instructor||locasto at ucalgary||by appointment|
Class Time: Wed/Fri 11:00 -- 12:15
Class Duration: 10 Jan to 15 April
Final Exam: no final exam
Class Location: ENA 235 [map]
There is no required text for this course. Instead, you may find the book "Hacking: The Art of Exploitation" (2nd Edition) by Jon Erickson to be a useful reference.
Supplemental Texts: (not required, but helpful C and systems programming references)
|Lecture Notes and Course Schedule:|
This course is a graduate seminar, and it differs drastically from an undergraduate course. The point of this course is your intellectual enlightenment and enjoyment. I want the course to run as smoothly as possible, so I encourage feedback on both positive and negative aspects. Feel free to drop by my office, send email, or leave a note. Note that the Instructor reserves the right to modify the schedule and topics as needed.
Students should emerge from the course with an appreciation for the principles and skills of the informal ``Hacker Curriculum''. The instructor will assess student proficiency through (1) two hands-on investigative assignments, (2) a brief midterm exam, and (3) an evaluation of scientific literature. Your grade is based on 1000 points and is split according to the following partition:
I typically DO NOT scale or curve grades unless there is a classwide epidemic of failure. Plan your work and effort based on the assumption that there will be no curve. I also DO NOT typically accept late work.
You can contact me via email, but please start your email's subject
with the string
[CPSC601.29]; it helps me filter my email. Short
(one or two paragraphs) emails are appreciated. Short emails are more likely
to get a response.
I encourage collaboration in every aspect of the course but the actual assignments and midterm. Your answers to these exercises must be your original work.
Cheating and Plagiarism are absolutely forbidden. I assume that you have read U of C's policies on academic honesty. This is the Faculty of Science boilerplate text on this topic: "ACADEMIC MISCONDUCT: (cheating, plagiarism, or any other form) is a very serious offence that will be dealt with rigorously in all cases. A single offence may lead to disciplinary probation or suspension or expulsion. The Faculty of Science follows a zero tolerance policy regarding dishonesty. Please read the sections of the University Calendar under K. Student Misconduct http://www.ucalgary.ca/pubs/calendar/current/k.html to inform yourself of definitions, processes and penalties."
Disability Statement: If you have a documented learning disability or other condition that may affect academic performance, you should make sure this documentation is on file with the Disability Resource Center. Please talk with me to discuss your accommodation needs.