Course Syllabus

The table below gives the planned syllabus for the course. This syllabus will be changed as needed. When it becomes necessary to revise the schedule, this page will be updated to reflect the changes.

Material describing the course, its objectives and outcomes and its grading policies is available elsewhere.

Readings should be done before the "lecture" meeting on the given date. Optional readings are optional, and can be used for background or enrichment. References are given in the bibliography below.

Dates Topics Readings Optional Readings Homework Due
Aug. 25 Introduction Handouts, Grading Policy    
Aug. 27 Background and Threat Modeling [Myagmar-Lee-Yurcik05]   HW 0
Sep. 1 Background and Threat Modeling [Myagmar-Lee-Yurcik05]    
Sep. 3 Common Criteria [Roubik03] [CC12] HW1
Sep. 8 Specification and UMLSec [Juerjens05]    
Sep. 10 Specification and UMLSec [Juerjens05]    
Sep. 15 Secure Web Implmentation   [Howard-LeBlanc-Viega10], part 1  
Sep. 17 Secure Web Implmentation   [Howard-LeBlanc-Viega10], part 1 Sept. 18: HW2,p1,p2
Sep. 22 Exam 1 [Myagmar-Lee-Yurcik05]    
Sep. 24 Legal and Ethical Issues     Sept. 28: HW2,p3,p4
Sep. 29 Secure Coding Chapter 7, [Viega-McGraw02] [Howard-LeBlanc-Viega10], part 2  
Oct. 1 Secure Coding   [Howard-LeBlanc-Viega10], part 2  
Oct. 6 Secure Coding   [Howard-LeBlanc-Viega10], part 2  
Oct. 8 Secure Coding [Viega-McGraw02], ch. 5 [Howard-LeBlanc-Viega10], part 2 Oct. 9: HW3,p1 Oct. 12: HW3,p2
Oct. 13 Secure Coding [Viega-McGraw02], ch. 5 [Howard-LeBlanc-Viega10], part 2 Oct. 14: HW3,p3
Oct. 15 Secure Crypto Coding [Viega-McGraw02], ch. 10-11 [Howard-LeBlanc-Viega10], part 3  
Oct. 20 Secure Networking   [Howard-LeBlanc-Viega10], part 4 Oct. 21: HW4,p1-4
Oct. 22 Analysis Overview     Oct. 23: HW4,p5-8
Oct. 27 Exam 2 [Juerjens05], Chapters 5,7,10-11 [Viega-McGraw02] [Roubik03] [CC12] [Howard-LeBlanc-Viega10]  
Oct 29 Static Analysis Chapter 6 [Viega-McGraw02]    
Nov. 3 Static Analysis, Dynamic Analysis Chapter 1 of [Sikorski-Honig12]    
Nov. 5 Dynamic Analysis Chapters 2-3 of [Sikorski-Honig12]    
Nov. 10 Dynamic Analysis Chapters 1,3 of [Sikorski-Honig12]    
Nov. 12 Dynamic Analysis Chapters 1,3 of [Sikorski-Honig12]   Nov. 13: HW5,p1
Nov. 17 Reversing Overview Chapter 4 of [Sikorski-Honig12]   Nov. 18: HW5,p2-3
Nov. 19 Static Reversing Chapter 4 of [Sikorski-Honig12]   Nov. 20: HW5,p4
Nov. 24 Static Reversing Chapters 5-6 of [Sikorski-Honig12]    
Nov. 26 No class, Thanksgiving holiday      
Dec. 1 Static Reversing Chapters 5-6 of [Sikorski-Honig12] Chapters 4-8 of [Eagle11]  
Dec. 3 Dynamic Reversing Chapters 8-9 of [Sikorski-Honig12]   Dec. 7: final

Return to top

Bibliography

[CC12]
Common Criteria for Information Technology Security Evaluation, Version 3.1, revision 4, September 2012. URL https://www.commoncriteriaportal.org/cc/, fetched September 2, 2015.
[Eagle11]
Chris Eagle. The Ida Pro Book: The Unofficial Guide to the World's Most Popular Disassembler, 2nd Edition. No Starch Press, San Francisco, 2011. ISBN 1593272898.
[Howard-LeBlanc-Viega10]
Michael Howard, David LeBlanc, and John Viega. 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them. McGraw-Hill, 2010. ISBN: 978-0-07-162676-7.
[Juerjens05]
Jan Jürjens. Secure Systems Development with UML. Springer-Verlag, Berlin, 2005. http://www.springer.com/us/book/9783540007012.
[Myagmar-Lee-Yurcik05]
Suvda Myagmar, Adam J. Lee, and William Yurcik. "Threat modeling as a basis for security requirements." In IEEE Symposium on requirements engineering for information security (SREIS). Vol. 2005, 2005. https://people.cs.pitt.edu/~adamlee/pubs/2005/sreis-05.pdf
[Roubik03]
Arthur F. Roubik, Jr. "Applying the Common Criteria to the Certification & Accreditation of Department of Defense Unclassified Information Technology Systems", version 1.4b, 2003. URL http://www.sans.org/reading-room/whitepapers/country/applying-common-criteria-certification-accreditation-department-defense-unclass-1171, fetched Sept. 2, 2015.
[Sikorski-Honig12]
Michael Sikorski and Andrew Honig. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. No Starch Press, San Francisco, 2012. ISBN-13: 978-1-59327-290-6.
[Viega-McGraw02]
John Viega and Gary McGraw. Building Secure Software: How to Avoid Security Problems the Right Way. Addison-Wesley Professional, 2002. ISBN-13: 978-0321774958.

Return to top

Course Content and Policies

The course's content and grading polices are described on separate web pages. See the links on the top left of this page.

Return to top

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

Last modified Tuesday, December 15, 2015.

This web page is for CIS 4615 at the University of Central Florida. The details of this course are subject to change as experience dictates. You will be informed of any changes. Please direct any comments or questions to Gary T. Leavens at leavens@eecs.ucf.edu. Some of the policies and web pages for this course are quoted or adapted from other courses I have taught, in particular, Com S 342 and COP4020.