《软件安全》教学大纲

课程代码

045102771

课程名称

软件安全

英文名称

Software Security

课程类别

专业基础课

课程性质

必修

学时

总学时:48 实验学时:16 实习学时:0 其他学时:0

学分

2.5

开课学期

第五学期

开课单位

计算机科学与工程学院

适用专业

信息安全

授课语言

中文

先修课程

高级语言程序设计、计算机网络、操作系统、汇编语言程序设计

课程对毕业要求的支撑

本课程对学生达到如下毕业要求有如下贡献:

1)设计/开发解决方案:能够设计针对信息安全复杂工程问题的解决方案,设计满足特定需求的信息安全解决方案,并能够在设计环节中体现创新意识,考虑社会、健康、安全、法律、文化以及环境等因素。

2)使用现代工具:能够针对信息安全复杂工程问题,开发、选择与使用恰当的技术、资源、现代工具和信息技术工具,包括对信息安全复杂工程问题的预测与模拟,并能够理解其局限性。

3)工程与社会:能够基于信息安全工程相关背景知识进行合理分析,评价信息安全专业工程实践和复杂工程问题解决方案对社会、健康、安全、法律以及文化的影响,并理解应承担的责任。

4)职业规范:具有人文社会科学素养、社会责任感,能够在工程实践中理解并遵守工程职业道德和规范,履行责任。

课程目标

完成课程后,学生将具备以下能力:

1)培养学生采用系统的设计方法,将安全性设计思想贯穿于系统设计、开发、测试过程。

2)使学生掌握最常见的、最新的软件安全技术,能够掌握恶意软件防范技术,能够掌握安全的信息系统设计与实现技术。

3)提高学生的专业素质,拓展知识面,强化信息安全意识。

课程简介

本课程的知识模块按顺序由软件安全概述、软件安全基础、恶意软件及防范、软件漏洞及防范4个方面组成。

教学内容与学时分配

(一)软件安全概述                               4学时

含思政教学学时,将结合我们国家在航天军工电子等方面先进技术面临敌对势力黑客攻击威胁的形势,一方面讲述软件安全学习的目的和意义,另一方面也增强学生爱国责任感、对国家先进技术的民族自豪感以及勤奋学习的动力。

(二)软件安全基础                              7学时

1) 磁盘管理和80x86处理器工作模式       2学时

2) 内存管理                             2学时

3PE文件格式                          3学时

(三)恶意软件与防范                             12学时

1)恶意软件概述                          2学时

2Windows PE病毒                       2学时

3)宏病毒和脚本病毒                      2学时

4)网络蠕虫                              2学时

5)木马                                  1学时

6)恶意软件检测技术                      2学时

7)恶意软件样本捕获与分析                1学时

(四)软件漏洞与防范                            9学时

1)软件漏洞机理概述                      2学时

2)缓冲区溢出漏洞                        3学时

3)软件漏洞利用与发现                    2学时

4)软件漏洞防范技术                      2学时

实验教学(包括上机学时、实验学时、实践学时)

上机学时:16学时,包括三个实验模块:

(一) windows PE病毒(设计性实验)  6学时

(二) 缓冲区溢出(设计性实验)      6学时

(三) 宏病毒(验证性+设计性实验)  4学时

教学方法

课程教学以课堂教学、课外作业、上机实验、网络综合讨论等共同实施。

考核方式

本课程注重理论和实践结合考核,成绩比例为:

平时作业和课堂表现:10%

上机实验:30%

期末考试(闭卷):60%

教材及参考书

参考教材:

[1]彭国军等著,软件安全(高等学校信息安全专业十二五规划教材),武汉大学出版社,2015

[2]Michael Hicks, Software Security, Cousera.com上在线课程

制定人及制定时间

李家春,2019827

 “Software Security” Syllabus

Course Code

045102771

Course Title

Software Security

Course Category

Specialty Basic Course

Course Nature

Compulsory Course

Class Hours

Total :48, Lab hours:16, Practice hours:0, Other hours:0

Credits

2.5

Semester

5th Semester

Institute

School of Computer Science and Engineering

ProgramOriented

Information Security

Teaching Language

Chinese

Prerequisites

Advanced Language Programming, Computer Networks, Operating Systems, Assembly Language and Programming

Student Outcomes

 (Special Training Ability)

1)Designing and Developing Solutions: with the ability to design the solutions to complex and specific engineering problems in information security, to have an innovative sense in the design phase by considering the factors of society, health, safety, law and culture.

2)Applying the Modern Tools: with the ability to develop, select and use the appropriate techniques, resources, and modern tools and IT tools, including prediction and simulation, to solve the complex engineering activities in information security and understand the limitations.

3)Engineering and Society: with the ability to reasonably analyze and evaluate the impacts of professional engineering practice and solutions to the complex engineering problems to society, health, safety, law and culture issues by using the background knowledge of information security engineering, to understand the consequent responsibility.

4)Professional Regulations: to understand the humanity science and have the sense of social responsibility, be able to responsibly understand and abide the professional ethics and regulations in engineering practice.

Course Objectives

1)To train students to adopt systematic design method, and pass safety design idea through system design, development and test process.

2) Enable students to master the most common, the latest software security technology, able to master malicious software prevention method and the security design & implementation technology for information system.

3)To improve students’ professional quality, broaden their knowledge and strengthen their awareness of information security.

Course Description

The course of knowledge module according to the order of security overview by software, foundation of software security, malware code and prevention, and software vulnerability and prevention consists of 4 aspects.

Teaching Content and Class Hours Distribution

  1. Overview of software security                    4 hours

 Ideological and political education is given 1 hour, including: to enhance the sense of patriotism, national pride and learning motive of students, and be aware of the importance of software security, the threats of advanced technology in space,military and electronic from the enemy combatants and terrorist are introduced.

2. Foundation of software security                    7 hours

(1) Disk management and 80x86 working mode     2 hours

(2) Memory management                       2 hours

(3) PE file format                             3 hours

3. Malware software and prevention                  12 hours

(1) Overview of malware software        2 hours

(2) Windows PE virus                  2 hours

(3) Micro virus and VBS virus           2 hours

(4) Worm                            2 hours

(5) Trojan horse backdoor                1 hour

(6) Detection technology for malware code   2 hours

(7) Malware code analysis                1 hour

4. Software vulnerability and prevention              9 hours

(1) Overview of software vulnerability          2 hours

(2) Buffer overflows                        3 hours

(3) Exploit of software vulnerability            2 hours

(4) prevention technology for software vulnerability 2 hours

Experimental Teaching

Computer-aided Class Hours:16, including three modules:

 1)Windows PE virus  6 hours(design)

2)Buffer overflow    6hours (design)

3)Macro virus       4 hours(verification+design)

Teaching Method

The course teaching is carried out by classroom teaching, homework, computer experiment, network synthesis discussion and so on

Examination Method

This course focuses on the combination of theory and practice, like homework and classroom performance: 10%, lab: 30% ,final exam:60%

Teaching Materials and Reference Books

Reference book:

[1] Peng,Guojun et al., software security,wuhanuniversity press, 2015

[2] Michael Hicks, Software Security, Cousera.com

Prepared by Whom and When

Li,Jiachun   Aug. 2019

《软件安全》实验教学大纲

课程代码

045102771

课程名称

软件安全

英文名称

Software Security

课程类别

专业基础课

课程性质

必修

学时

总学时16:实验:16 实习:0 其他:0

学分

2.5

开课学期

第五学期

开课单位

计算机科学与工程学院实验教学中心

适用专业

信息安全

授课语言

中文

先修课程

高级语言程序设计、计算机网络、操作系统、汇编语言程序设计

毕业要求(专业培养能力)

本课程对学生达到如下毕业要求有如下贡献:

1)设计/开发解决方案:能够设计针对信息安全复杂工程问题的解决方案,设计满足特定需求的信息安全解决方案,并能够在设计环节中体现创新意识,考虑社会、健康、安全、法律、文化以及环境等因素。

2使用现代工具:能够针对信息安全复杂工程问题,开发、选择与使用恰当的技术、资源、现代工具和信息技术工具,包括对信息安全复杂工程问题的预测与模拟,并能够理解其局限性。

3工程与社会:能够基于信息安全工程相关背景知识进行合理分析,评价信息安全专业工程实践和复杂工程问题解决方案对社会、健康、安全、法律以及文化的影响,并理解应承担的责任。

4职业规范:具有人文社会科学素养、社会责任感,能够在工程实践中理解并遵守工程职业道德和规范,履行责任。

课程培养学生的能力(教学目标)

完成课程后,学生将具备以下能力:

1)培养学生采用系统的设计方法,将安全性设计思想贯穿于系统设计、开发、测试过程。

2)使学生掌握最常见的、最新的软件安全技术,能够掌握恶意软件防范技术,能够掌握安全的信息系统设计与实现技术。

3)提高学生的专业素质,拓展知识面,强化信息安全意识。

课程简介

本课程的知识模块按顺序由软件安全概述、软件安全基础、恶意软件及防范、软件漏洞及防范四个方面组成。

主要仪器设备与软件

电脑、Visual Studio 2012、虚拟机、Microsoft OfficeStu_PEWinHexOllydbg

实验报告

包括实验目的、实验内容(提供截图,对于设计和综合性实验要给出配置和调试运行过程中的必要截图)、实验中困难和探索、实验建议等内容,设计和综合性实验还要提供源代码

考核方式

提交的实验报告和源代码(35%)、实验完成情况(60%)、考勤(5%)共同给出实验成绩

教材、实验指导书及教学参考书目

  1. 自编实验指南

  2. 张焕国、王丽娜,《信息安全综合实验教程》,武汉大学出版社,2006

  3. 张基温,《信息安全实验与实践教程》,清华大学出版社,2005

制定人及发布时间

李家春,2019827

《软件安全》实验教学内容与学时分配

实验项目编号

实验项目名称

实验学时

实验内容提要

实验类型

实验要求

每组人数

主要仪器设备与软件

1

Windows PE病毒

6

分析PE文件格式,实现windows PE病毒,能在正常程序运行前弹出信息框,也能改变源程序执行内容

设计性

必做

2

电脑、stu_PEWinHEXOllydbg

2

缓冲区溢出

6

编程实现缓冲区溢出攻击,并能获得root权限

设计性

必做

2

电脑、Visual Studio 2012

3

宏病毒

4

在虚拟机环境中演示宏病毒发作效果,并编制一个小程序实现简单的宏病毒

验证+设计性

必做

2

电脑、word2010以上、虚拟机


 “Software Security” Syllabus

Course Code

045102771

Course Title

Software Security

Course Category

Specialty Basic Course

Course Nature

Compulsory Course

Class Hours

Total :48, Lab hours:16, Practice:0, other:0

Credits

2.5

Semester

5th Semester

Institute

Experimental Teaching Center, School of Computer Science and Engineering

Program Oriented

Information Security

Teaching Language

Chinese

Prerequisites

Advanced Language Programming, Computer Networks, Operating Systems, Assembly Language and Programming

Student Outcomes (Special Training Ability)

1) Designing and Developing Solutions: with the ability to design the solutions to complex and specific engineering problems in information security, to have an innovative sense in the design phase by considering the factors of society, health, safety, law and culture.

2) Applying the Modern Tools: with the ability to develop, select and use the appropriate techniques, resources, and modern tools and IT tools, including prediction and simulation, to solve the complex engineering activities in information security and understand the limitations.

3) Engineering and Society: with the ability to reasonably analyze and evaluate the impacts of professional engineering practice and solutions to the complex engineering problems to society, health, safety, law and culture issues by using the background knowledge of information security engineering, to understand the consequent responsibility.

4) Professional Regulations: to understand the humanity science and have the sense of social responsibility, be able to responsibly understand and abide the professional ethics and regulations in engineering practice.

Teaching Objectives

1)To train students to adopt systematic design method, and pass safety design idea through system design, development and test process.

2) Enable students to master the most common, the latest software security technology, able to master malicious software prevention method and the security design & implementation technology for information system.

3)To improve students’ professional quality, broaden their knowledge and strengthen their awareness of information security.

Course Description

The course of knowledge module according to the order of security overview by software, foundation of software security, malware code and prevention, and software vulnerability and prevention consists of 4 aspects.

Instruments and Equipments

Computers, visual studio 2012, virtual machines, word 2010, Stu_PE,WinHex,Ollydbg,etc.

Experiment Report

Including the purpose of the experiment, the experiment content (provide screenshots, especially ,for the design and comprehensive experiments to give necessary screenshots of configuration and debugging in the operation process), the difficulties in the experiment  and experimental proposals. In addition, providing the source code for design and comprehensive experiments

Assessment

the experiment report and the source code (35%), the completion of the experiment (60%), attendance (5%), together with experimental results

Teaching Materials and Reference Books

1. Self edited experiment guide

2. Huanguo Zhang, Lina Wang. Comprehensive Experimental Course on Information Security. Wuhan University Press,2006

3. Jiwen Zhang. Information Security Experiment and Practice Course. Tsinghua University Press, 2005

Prepared by Whom and When

Li,Jiachun   Aug 2019

 “Software Security” Experimental Teaching Arrangements

No.

Experiment Item

Class Hours

Content Summary

Category

Requirements

Number of StudentsEach Group

Instruments, Equipments and Software

1

Windows PE Virus

6

Analysis of PE file, programming and design PE virus

Design

Compulsory

2

Computers, Stu_PE,WinHex,Ollydbg

2

Buffer overflow

6

Programming buffer overflow attack to access to root privileges

Design

Compulsory

2

Computers, visual studio 2012

3

Macro virus

4

Demonstrates the effect of macro virus attack in a virtual machine environment, and compiles a small program to realize a simple macro virus

Verification+Design

Compulsory

2

Computers, WORD2010, virtual machine