CS 460: Software Vulnerability Analysis
Fall 2013

Instructor: Stephen Checkoway, s@cs.jhu.edu
Lectures: Tuesday and Thursday. 13:30–14:45 in Shaffer Hall, room 2
Exam 1: Thursday, October 17
Exam 2: Thursday, December 5


This course will cover software vulnerabilities, exploitation techniques, and mitigation measures. It is designed as a projects-based course where you will get hands-on experience writing exploits.



Grades will be determined as follows:


Students are expected to enter this course with a basic knowledge of operating systems, data structures, and programming in C and (very basic) C++. Some knowledge of x86 assembly and compilers will be helpful, but the relevant information will be covered in the course.

Programming Projects

The programming projects are meant as a way to get hands-on experience exploiting software vulnerabilities. You will find that there is quite a difference between conceptually understanding how to exploit a given vulnerability and actually producing a working exploit.

The programming projects are designed to be done in groups of 3. (Working alone is allowed, but discouraged.) Each project will have both programming and writing components. All group members are expected to participate fully in both the programming and writing.

Homework Assignments

The homework assignments can be done solo or in groups of 2. As with the projects, all group members are expected to contribute to the end result.


There will be two in-class exams which, together, are worth 20% of your grade. The first exam will cover material from the first half of the course whereas the second exam will cover material from the second half of the course.

There is no final exam.

Computer Science Department Academic Integrity

The strength of the university depends on academic and personal integrity. In your studies, you must be honest and truthful. Ethical violations include cheating on exams, plagiarism, reuse of assignments, improper use of the Internet and electronic devices, unauthorized collaboration, alteration of graded assignments, forgery and falsification, lying, facilitating academic dishonesty, and unfair competition.

Academic honesty is required in all work you submit to be graded. Except where the instructor specifies group work, you must solve all homework and programming assignments without the help of others. For example, you must not look at any other solutions (including program code) to your homework problems or similar problems. However, you may discuss assignment specifications with others to be sure you understand what is required by the assignment.

If your instructor permits using fragments of source code from outside sources, such as your textbook or on-line resources, you must properly cite the source. Not citing it constitutes plagiarism. Similarly, your group projects must list everyone who participated.

Falsifying program output or results is prohibited.

Your instructor is free to override parts of this policy for particular assignments. To protect yourself: (1) Ask the instructor if you are not sure what is permissible. (2) Seek help from the instructor or TA, as you are always encouraged to do, rather than from other students. (3) Cite any questionable sources of help you may have received.

Students who cheat will suffer a serious course grade penalty in addition to being reported to university officials. You must abide by JHU's Ethics Code: Report any violations you witness to the instructor. You may consult the associate dean of students and/or the chairman of the Ethics Board beforehand. For more information, see the guide on “Academic Ethics for Undergraduates” and the Ethics Board web site.