《软件安全》实验教学大纲
课程代码 | 045102771 |
课程名称 | 软件安全 |
英文名称 | SoftwareSecurity |
课程类别 | 专业基础课 |
课程性质 | 必修 |
学时 | 总学时16:实验:16实习:0其他:0 |
学分 | 2.5 |
开课学期 | 第五学期 |
开课单位 | 计算机科学与工程学院实验教学中心 |
适用专业 | 信息安全 |
授课语言 | 中文 |
先修课程 | 高级语言程序设计、计算机网络、操作系统、汇编语言程序设计 |
毕业要求(专业培养能力) | 本课程对学生达到如下毕业要求有如下贡献: 1)设计/开发解决方案:能够设计针对信息安全复杂工程问题的解决方案,设计满足特定需求的信息安全解决方案,并能够在设计环节中体现创新意识,考虑社会、健康、安全、法律、文化以及环境等因素。 2)使用现代工具:能够针对信息安全复杂工程问题,开发、选择与使用恰当的技术、资源、现代工具和信息技术工具,包括对信息安全复杂工程问题的预测与模拟,并能够理解其局限性。 3)工程与社会:能够基于信息安全工程相关背景知识进行合理分析,评价信息安全专业工程实践和复杂工程问题解决方案对社会、健康、安全、法律以及文化的影响,并理解应承担的责任。 4)职业规范:具有人文社会科学素养、社会责任感,能够在工程实践中理解并遵守工程职业道德和规范,履行责任。 |
课程培养学生的能力(教学目标) | 完成课程后,学生将具备以下能力: 1)培养学生采用系统的设计方法,将安全性设计思想贯穿于系统设计、开发、测试过程。 2)使学生掌握最常见的、最新的软件安全技术,能够掌握恶意软件防范技术,能够掌握安全的信息系统设计与实现技术。 3)提高学生的专业素质,拓展知识面,强化信息安全意识。 |
课程简介 | 本课程的知识模块按顺序由软件安全概述、软件安全基础、恶意软件及防范、软件漏洞及防范四个方面组成。 |
主要仪器设备与软件 | 电脑、VisualStudio 2012、虚拟机、MicrosoftOffice、Stu_PE、WinHex、Ollydbg等 |
实验报告 | 包括实验目的、实验内容(提供截图,对于设计和综合性实验要给出配置和调试运行过程中的必要截图)、实验中困难和探索、实验建议等内容,设计和综合性实验还要提供源代码 |
考核方式 | 提交的实验报告和源代码(35%)、实验完成情况(60%)、考勤(5%)共同给出实验成绩 |
教材、实验指导书及教学参考书目 |
|
制定人及发布时间 | 李家春,2019年8月27日 |
《软件安全》实验教学内容与学时分配
实验项目编号 | 实验项目名称 | 实验学时 | 实验内容提要 | 实验类型 | 实验要求 | 每组人数 | 主要仪器设备与软件 |
1 | Windows PE病毒 | 6 | 分析PE文件格式,实现windowsPE病毒,能在正常程序运行前弹出信息框,也能改变源程序执行内容 | 设计性 | 必做 | 2 | 电脑、stu_PE、WinHEX、Ollydbg |
2 | 缓冲区溢出 | 6 | 编程实现缓冲区溢出攻击,并能获得root权限 | 设计性 | 必做 | 2 | 电脑、VisualStudio 2012 |
3 | 宏病毒 | 4 | 在虚拟机环境中演示宏病毒发作效果,并编制一个小程序实现简单的宏病毒 | 验证+设计性 | 必做 | 2 | 电脑、word2010以上、虚拟机 |
………… | ………… | ………… |
“SoftwareSecurity” Syllabus
Course Code | 045102771 |
Course Title | SoftwareSecurity |
Course Category | Specialty Basic Course |
Course Nature | Compulsory Course |
Class Hours | Total :48, Labhours:16, Practice:0,other:0 |
Credits | 2.5 |
Semester | 5thSemester |
Institute | ExperimentalTeaching Center, School of Computer Science and Engineering |
Program Oriented | InformationSecurity |
Teaching Language | Chinese |
Prerequisites | Advanced Language Programming, Computer Networks,Operating Systems, Assembly Language and Programming |
Student Outcomes (SpecialTraining Ability) | 1)Designing and Developing Solutions: with the ability to design thesolutions to complex and specific engineering problems ininformation security, to have an innovative sense in the designphase by considering the factors of society, health, safety, lawand culture. 2)Applying the Modern Tools: with the ability to develop, select anduse the appropriate techniques, resources, and modern tools and ITtools, including prediction and simulation, to solve the complexengineering activities in information security and understand thelimitations. 3)Engineering and Society: with the ability to reasonably analyzeand evaluate the impacts of professional engineering practice andsolutions to the complex engineering problems to society, health,safety, law and culture issues by using the background knowledgeof information security engineering, to understand the consequentresponsibility. 4)Professional Regulations: to understand the humanity science andhave the sense of social responsibility, be able to responsiblyunderstand and abide the professional ethics and regulations inengineering practice. |
Teaching Objectives | 1)Totrain students to adopt systematic design method, and pass safetydesign idea through system design, development and test process. 2)Enable students to master the most common, the latest softwaresecurity technology, able to master malicious software preventionmethod and the security design & implementation technology forinformation system. 3)To improvestudents’ professional quality, broaden their knowledge andstrengthen their awareness of information security. |
Course Description | The course of knowledge module according to theorder of security overview by software, foundation of softwaresecurity, malware code and prevention, and software vulnerabilityand prevention consists of 4 aspects. |
Instruments and Equipments | Computers,visual studio 2012, virtual machines, word 2010,Stu_PE,WinHex,Ollydbg,etc. |
Experiment Report | Including thepurpose of the experiment, the experiment content (providescreenshots, especially ,for the design and comprehensiveexperiments to give necessary screenshots of configuration anddebugging in the operation process), the difficulties in theexperiment and experimental proposals. In addition, providing thesource code for design and comprehensive experiments |
Assessment | the experimentreport and the source code (35%), the completion of the experiment(60%), attendance (5%), together with experimental results |
Teaching Materials andReference Books | 1.Self edited experiment guide 2.Huanguo Zhang, Lina Wang. Comprehensive Experimental Course onInformation Security. Wuhan University Press,2006 3. Jiwen Zhang.Information Security Experiment and Practice Course. TsinghuaUniversity Press, 2005 |
Prepared by Whomand When | Li,Jiachun Aug2019 |
“SoftwareSecurity” Experimental Teaching Arrangements
No. | ExperimentItem | Class Hours | ContentSummary | Category | Requirements | Number ofStudentsEach Group | Instruments,Equipments and Software |
1 | Windows PE Virus | 6 | Analysis of PE file,programming and design PE virus | Design | Compulsory | 2 | Computers,Stu_PE,WinHex,Ollydbg |
2 | Buffer overflow | 6 | Programming buffer overflowattack to access to root privileges | Design | Compulsory | 2 | Computers, visual studio2012 |
3 | Macro virus | 4 | Demonstrates the effect ofmacro virus attack in a virtual machine environment, and compilesa small program to realize a simple macro virus | Verification+Design | Compulsory | 2 | Computers, WORD2010,virtual machine |
…… | …… |
