COMS W4995: Program Analysis for Security
Lecture Details
Instructor: Suman Jana
Office: Mudd 412
Office hours: Friday (3:40-4:40 pm)
Classroom: Mudd 644
Class hours: Friday (1:10-3:40 pm)
Description
Writing secure code is notoriously hard! Security vulnerabilities resulting from software bugs
cost companies billions of dollars every year. Program analysis is a key technique for automatically
finding security vulnerabilities. In this course you will learn about principles, algorithms, challenges,
and limitations of program anlaysis in the context of security testing. You will also work on a semester-long
group project.
We will use the fuzzing book as reference.
Prerequisite
Security 1 or equivalent. You should also be generally comfortable to deal with complex large source code (> 1000 lines of C/C++ code) and have basic knowledge of testing/debugging tools like gdb, gcov, etc. Feel free to send me an email if you have any specific questions.
Grading
- Midterm project reports - 25%
- Group Project (3-4 students) - 40%
- Group Project Presentation - 30%
- List of group members due - Feb 10th before class
- Project proposal (1 page) due - Feb 24th before class
- Midterm project status report (3 pages) due - Mar 31st before class
- Final report (6-12 double-column pages with 10pt font) due - May 12th (11:59 pm ET)
- Class participation - 5%