Instructor: Stephen Checkoway, s@cs.jhu.edu
Lectures: Tuesday and Thursday. 13:30–14:45 in Shaffer Hall, room 2
Exam 1: October 18
Exam 2: December 6
This course will cover software vulnerabilities, exploitation techniques, and mitigation measures. It is designed as a projects-based course where you will get hands-on experience writing exploits.
2012-11-20 Homework 2 has been posted. It is due Thursday, November 29 at 23:59.
2012-11-08 Class canceled today.
2012-11-01 Class canceled today.
2012-10-31 Office hours canceled today.
2012-10-30 Project 2 has been posted.
2012-10-30 No class. JHU is closed due to Hurricane Sandy
2012-09-28 Homework 1 has been posted. It is due Tuesday, October 9 at 23:59.
2012-09-26 The Syllabus has been updated and the slides from Tuesday, September 25 have been posted.
There is a new Course Assistant, Muralidharan Vadivel. See the Course Staff page for Muralidharan's lab hours.
The first part of Project 1 is due Tuesday, September 18, at 23:59.
There is reading for the first lecture on Tuesday, September 4. See the syllabus.
Grades will be determined as follows:
Projects: 65%
Exams: 20%
Homework: 15%
Students are expected to enter this course with a basic knowledge of operating systems, data structures, and programming in C and (very basic) C++. Some knowledge of x86 assembly and compilers will be helpful, but the relevant information will be covered in the course.
The programming projects are meant as a way to get hands-on experience exploiting software vulnerabilities. You will find that there is quite a difference between conceptually understanding how to exploit a given vulnerability and actually producing a working exploit.
The programming projects are designed to be done in groups of 2. (Working alone is allowed, but discouraged.) Each project will have both programming and writing components. All group members are expected to participate fully in both the programming and writing.
Project 1: Memory Safety (25% of course grade)
Project 2: Reverse-engineering (20% of course grade)
Project 3: TBD (20% of course grade)
The homework assignments can be done solo or in groups of 2. As with the projects, all group members are expected to contribute to the end result.
Homework 1: Due Tuesday, October 9 at 23:59.
Homework 2: Due Thursday, November 29 at 23:59.
There will be two in-class exams which, together, are worth 20% of your grade. The first exam will cover material from the first half of the course whereas the second exam will cover material from the second half of the course.
There is no final exam.
The strength of the university depends on academic and personal integrity. In your studies, you must be honest and truthful. Ethical violations include cheating on exams, plagiarism, reuse of assignments, improper use of the Internet and electronic devices, unauthorized collaboration, alteration of graded assignments, forgery and falsification, lying, facilitating academic dishonesty, and unfair competition.
Academic honesty is required in all work you submit to be graded. Except where the instructor specifies group work, you must solve all homework and programming assignments without the help of others. For example, you must not look at any other solutions (including program code) to your homework problems or similar problems. However, you may discuss assignment specifications with others to be sure you understand what is required by the assignment.
If your instructor permits using fragments of source code from outside sources, such as your textbook or on-line resources, you must properly cite the source. Not citing it constitutes plagiarism. Similarly, your group projects must list everyone who participated.
Falsifying program output or results is prohibited.
Your instructor is free to override parts of this policy for particular assignments. To protect yourself: (1) Ask the instructor if you are not sure what is permissible. (2) Seek help from the instructor or TA, as you are always encouraged to do, rather than from other students. (3) Cite any questionable sources of help you may have received.
Students who cheat will suffer a serious course grade penalty in addition to being reported to university officials. You must abide by JHU's Ethics Code: Report any violations you witness to the instructor. You may consult the associate dean of students and/or the chairman of the Ethics Board beforehand. For more information, see the guide on “Academic Ethics for Undergraduates” and the Ethics Board web site.