695.744.81 - Reverse Engineering and Vulnerability Analysis

Course Structure

The course materials are divided into modules which can be accessed by clicking Modules on the left menu. A module will have several sections including the overview, content, readings, discussions, and assignments. You are encouraged to preview all sections of the module before starting. Most modules run for a period of seven (7) days, exceptions are noted in the Course Outline. You should regularly check Teams, the Calendar and Announcements for assignment due dates and any relevant changes. Please note that I make frequent announcements to help facilitate the class material.

Course Topics

• Intro to Intel Assembly
• Disassembly Process and Algorithms
• Integer Errors
• Source Code Analysis
• Binary Analysis
• Stripped Binary Analysis
• Debugging Demystified
• ASLR/DEP/CFG
• ROP/SEH
• OS Internals
• Malware
• Advanced Malware Analysis
• Fuzzing
• Advanced RE Topics

Course Goals

To develop critical thinking skills required to analyze and protect against vulnerabilities in both source code and executable binaries. To analyze and detect malicious code running on systems. To better prepare students for the ever-evolving threat of vulnerabilities, exploits and malicious software in a real-world environment.

Course Learning Outcomes (CLOs)

• Identify and describe major programming errors and ways to mitigate the impact of discovered vulnerabilities.
• Analyze binary data and identify key characteristics and patterns of the data.
• Become proficient at debugging programs, identifying misbehaving code, and understanding ways vulnerabilities can be exploited.
• Identify key characteristics of malware and ways to mitigate the threat of malware.

Textbooks

Please check the Course Outline for Sheridan Library access to some of the following resources.

Recommended

Dowd, M., McDonald, J., & Schuh, J. (2007). The art of software security assessment identifying and preventing software vulnerabilities. Addison-Wesley. 

ISBN-10: 0-321-44442-6

ISBN-13: 978-0-321-44442-4

Other Materials & Online Resources

Additional Reading Resources

The Art of Software Security Assessment. Mark Dowd, John McDonald, Justin Schuh
(https://learning.oreilly.com/library/view/the-art-of/0321444426/)

Practical Malware Analysis. Michael Sikorski
(https://learning.oreilly.com/library/view/practical-malware-analysis/9781593272906/)

The Art of Mac Malware. Patrick Wardle
(https://learning.oreilly.com/library/view/the-art-of/9781098130206/)

Reversing: Secrets of Reverse Engineering. Eldad Eilam
(https://learning.oreilly.com/library/view/reversing-secrets-of/9780764574818/)

Fuzzing: Brute Force Vulnerability Discovery. Michael Sutton, Adam Greene, Pedram Amini
(https://learning.oreilly.com/library/view/fuzzing-brute-force/9780321446114/)

Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools and Obfuscation. Bruce Dang, Alexandre Gazet, Elias Bachaalany, Sebastien Josse.
(https://learning.oreilly.com/library/view/practical-reverse-engineering/9781118787397/)

A Bug Hunter’s Diary. Tobias Klein
(https://learning.oreilly.com/library/view/a-bug-hunters/9781593273859/)

Malware Data Science. Joshua Sax, Hillary Sanders
(https://learning.oreilly.com/library/view/malware-data-science/9781492067672/)

Intel 64 and IA-32 Architectures Software Developer’s Manuals. (http://www.intel.com/products/processor/manuals/)
X86 Assembly Language and C Fundamentals. Joseph Cavanagh
(https://learning.oreilly.com/library/view/x86-assembly-language/9781466568259/)

Computer Systems: A Programmer’s Perspective, 2nd ed. Randal Bryant.
A Guide to Kernel Exploitation: Attacking the Core. Enrico Perla and Massimiliano Oldani.
(https://learning.oreilly.com/library/view/a-guide-to/9781597494861/)

The IDA Pro Book: Second Edition. Chris Eagle
(https://learning.oreilly.com/library/view/the-ida-pro/9781593273750/)

Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection. Jasvir Nagra
(https://learning.oreilly.com/library/view/surreptitious-software/9780321591258/)

Secure Programming with Static Analysis. Brian Chess, Jacob West
(https://learning.oreilly.com/library/view/secure-programming-with/9780321424778/)

Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats. Alex Matrosov, Eugene Rodionov, Sergey Bratus.
(https://learning.oreilly.com/library/view/rootkits-and-bootkits/9781492071259/)

Smashing the stack for fun and profit. Aleph One.
(http://insecure.org/stf/smashstack.html)

Nathan E. Rosenblum, Xiaojin Zhu, Barton P. Miller, and Karen Hunt, "Learning to Analyze Binary Computer Code", 23rd Conference on Artificial Intelligence (AAAI-08), Chicago, Illinois, July 2008.
(https://ftp.cs.wisc.edu/paradyn/papers/Rosenblum08aaai.pdf)

Nathan E. Rosenblum, Xiaojin Zhu, Barton P. Miller, and Karen Hunt, "Machine Learning-Assisted Binary Code Analysis" NIPS 2007 Workshop on Machine Learning in Adversarial Environments for Computer Security, Vancouver, British Columbia, Canada, December 2007.
(https://ftp.cs.wisc.edu/paradyn/papers/nips07-abs.pdf)


Various research papers related to binary code auditing, source code auditing, fuzzing, and protection mechanisms to prevent exploitation.

Required Software

You will have access to VMWare's "D2L Learning” and “Microsoft Azure Tools” accounts which provide the ability to download the software listed below. You will not need to purchase any software, as your course fee covers the cost of these accounts and software. Instructions for creating these accounts can be found within the first module. If you have any questions regarding which software to download or install, or how to install it, please don’t hesitate to ask.

This course heavily relies on running virtual machines in order to provide a safe sandbox for performing malware analysis. There are many additional pieces of software which will be installed within your virtual machine environments, please see the VM Environments PDF, located in Canvas, for further information (including links to the software). In addition, be sure to check Canvas frequently for the most up-to-date information as software installation instructions or operating system settings may change over time.

VMWare Workstation/Fusion

You will need access to virtualization software, and I recommend you use these as they are the industry standard (VMWare Workstation for Windows and Linux, and VMWare Fusion for macOS). A license for each is provided at no cost to you and details for obtaining the license key are provided in the first module. Course materials, such as setup guides and configuration, have been written assuming one of these products is being used. If you are more comfortable with an alternative (e.g. VirtualBox), you are free to use it with the understanding that you may run into issues since I have not tested the integration of course materials with all virtualization products.

Microsoft Windows

You will need a virtual machine running Microsoft Windows. A license for this is provided at no cost to you and details for obtaining the license key are provided in the first module. Specific software packages that should be installed within the virtual machine can be found in the VM Environments PDF.

Ubuntu Linux

You will need a virtual machine running the Ubuntu distribution of Linux. This operating system is free and does not require a license - a link to where it can be obtained will be provided in the first module. Specific software packages that should be installed within the virtual machine can be found in the VM Environments PDF.

Student Coursework Requirements

Assignments are due according to the dates posted in the Canvas course site. You may check these due dates in the Course Calendar or the Assignments in the corresponding modules. I will post grades within the week after assignment due dates.

I generally do not directly grade spelling and grammar. However, egregious violations of the rules of the English language will be noted without comment. Consistently poor performance in either spelling or grammar is taken as an indication of poor written communication ability that may detract from your grade.

A grade of A indicates achievement of consistent excellence and distinction throughout the course—that is, conspicuous excellence in all aspects of assignments and discussion in every week.

A grade of B indicates work that meets all course requirements on a level appropriate for graduate academic work. These criteria apply to both undergraduates and graduate students taking the course.

It is expected that each module will take approximately 7-10 hours per week to complete. Here is an approximate breakdown: reading the assigned sections of the texts (approximately 3-4 hours per week) as well as some outside reading, listening to the audio annotated slide presentations (approximately 2-3 hours per week), and writing assignments (approximately 2-3 hours per week).

Late Policy

Throughout the semester, there may be external circumstances that make it difficult to submit assignments on time. You will get 4 “free” late days for the semester.
☞ A late assignment is any one that is submitted after the posted due date.
☞ You may use the “free” late days on Assignments only.
☞ “Free” late days may not be applied to any Discussions, Projects or Exams.
☞ You may use multiple late days per assignment.
☞ It is your responsibility to track the number of remaining “free” late days.
☞ Once you run out of “free” late days, assignments will be deducted points as per this syllabus’ guidelines.
☞ Any missed assignment will result in the forfeiture of all remaining “free” late days.

Outside this late policy, late assignments will be deducted 5 pts each day it is late. At the beginning of the 5th late day, the assignment will become a 0.
Please reach out to me soonest with any questions or concerns regarding late assignments.

Assignment Submission Details

All file submissions should include a cover page with the following information:

In addition, you must show and submit all supporting work. Correct answers without supporting work will be marked as incorrect. If you wrote a program to solve the problem, please submit your source code along with your solution document. Please do not paste your source code into the PDF; please submit it as a separate document.

Grading Policy

Course Evaluation

This course will consist of the following basic student requirements:

Preparation and Participation (15% of Final Grade Calculation)

You are responsible for carefully reading all assigned material and being prepared for discussion. The majority of readings are from the course notes. Additional reading may be assigned to supplement text readings.

Post your initial response to the discussion questions by the evening of day 4 for that module week. Posting an initial response to the discussion question is part one of your grade for module discussions (i.e., Timeliness).

Part two of your grade for module discussion is your interaction (i.e., responding to classmate postings with thoughtful responses) with at least two (2) classmates (i.e., Critical Thinking). Just posting your response to a discussion question is not sufficient; I want you to interact with your classmates. Be detailed in your postings and in your responses to your classmates' postings. Feel free to agree or disagree with your classmates. Please ensure that your postings are civil and constructive.

I will monitor module discussions and will respond to some of the discussions as discussions are posted. You are responsible for responding to questions raised by me or fellow students within any threads you participate in. Keep in mind, all discussion content is part of the course and thus may appear on exams.

Evaluation of preparation and participation is based on contribution to discussions.

Preparation and participation is evaluated by the following grading elements:

1. Timeliness (50%)
2. Critical Thinking (50%)

Preparation and participation is graded as follows:

• 100–90 = A—Timeliness [regularly participates; all required postings; early in discussion; throughout the discussion]; Critical Thinking [rich in content; full of thoughts, insight, and analysis].
• 89–80 = B—Timeliness [frequently participates; all required postings; some not in time for others to read and respond]; Critical Thinking [substantial information; thought, insight, and analysis has taken place].
• 79–70 = C—Timeliness [infrequently participates; all required postings; most at the last minute without allowing for response time]; Critical Thinking [generally competent; information is thin and commonplace].

Assignments (20% of Final Grade Calculation)

Assignments will include a mix of qualitative assignments (e.g. literature reviews, model summaries), quantitative problem sets, and case study updates. Include your name and JHED ID within the assignment itself, either on a cover page or within a header/footer. All Figures and Tables should be captioned and labeled appropriately.

All assignments are due according to the dates in the Calendar or Course Outline.

Late submissions will be deducted 5 points each day the assignment is late. Submissions beyond 5 days will be accepted for a max score of 50%.

If, after submitting a written assignment you are not satisfied with the grade received, you are encouraged to reach out to the instructor(s) to discuss the deductions. Allowing resubmission for partial credit will be determined on a case-by-case basis.

Qualitative assignments are evaluated by the following grading elements:

1. Each part of question is answered (20%)
2. Writing quality and technical accuracy (30%) (Writing is expected to meet or exceed accepted graduate-level English and scholarship standards. That is, all assignments will be graded on grammar and style as well as content.)
3. Rationale for answer is provided (20%)
4. Examples are included to illustrate rationale (15%) (If you do not have direct experience related to a particular question, then you are to provide analogies versus examples.)
5. Outside references are included (15%)

Qualitative assignments are graded as follows:

• 100–90 = A—All parts of question are addressed; Writing Quality/ Rationale/ Examples/ Outside References [rich in content; full of thought, insight, and analysis].
• 89–80 = B—All parts of the question are addressed; Writing Quality/ Rationale/ Examples/ Outside References [substantial information; thought, insight, and analysis has taken place].
• 79–70=C—Majority of parts of the question are addressed; Writing Quality/ Rationale/ Examples/ Outside References [generally competent; information is thin and commonplace].
• <70=F—Some parts of the question are addressed; Writing Quality/ Rationale/ Examples/ Outside References [rudimentary and superficial; no analysis or insight displayed].

Quantitative assignments are evaluated by the following grading elements:

1. Each part of question is answered (20%)
2. Assumptions are clearly stated (20%)
3. Intermediate derivations and calculations are provided (25%)
4. Answer is technically correct and is clearly indicated (25%)
5. Answer precision and units are appropriate (10%)

Quantitative assignments are graded as follows:

• 100–90 = A—All parts of question are addressed; All assumptions are clearly stated; All intermediate derivations and calculations are provided; Answer is technically correct and is clearly indicated; Answer precision and units are appropriate.
• 89–80 = B—All parts of question are addressed; All assumptions are clearly stated; Some intermediate derivations and calculations are provided; Answer is technically correct and is indicated; Answer precision and units are appropriate.
• 79–70=C—Most parts of question are addressed; Assumptions are partially stated; Few intermediate derivations and calculations are provided; Answer is not technically correct but is indicated; Answer precision and units are indicated but inappropriate.
• <70=F—Some parts of the question are addressed; Assumptions are not stated; Intermediate derivations and calculations are not provided; The answer is incorrect or missing; The answer precision and units are inappropriate or missing.

Course Project (30% of Final Grade Calculation)

There will be two (2) course projects assigned throughout the course.

Late projects will be deducted 10 points each day the project is late.

The course project is evaluated by the following grading elements:

1. Student preparation and participation (as described in Course Project Description) (40%)
2. Student technical understanding of the course project topic (as related to individual role that the student assumes and described in the Course Project Description) (20%)
3. Team preparation and participation (as described in Course Project Description) (20%)
4. Team technical understanding of the course project topic (as related to the Customer Team roles assumed by the students and the Seller Team roles assumed by the students and described in the Course Project Description) (20%)

Course Project is graded as follows:

• 100–90 = A—Student Preparation and Participation/ Team Preparation and Participation [individual/ team roles and responsibilities well defined and understood; individual/ team well versed in use of video conferencing software; individual/ team work product(s) agreed to, well prepared and available to all team members/ instructors]; Student Understanding/ Team Understanding [rich in content; full of thought, insight, and analysis].
• 89–80 = B—Student Preparation and Participation/ Team Preparation and Participation [individual/ team roles and responsibilities well defined and understood; individual/ team well versed in use of Adobe Connect; individual/ team work product(s) agreed to and prepared]; Student Understanding/ Team Understanding [substantial information; thought, insight, and analysis has taken place].
• 79–70 = C—Student Preparation and Participation/ Team Preparation and Participation [individual/ team roles and responsibilities agreed to; individual/ team well versed in use of Adobe Connect; individual/ team work product(s) prepared]; Student Understanding/ Team Understanding [generally competent; information is thin and commonplace].

Exams (30% of Final Grade Calculation, combined from 15% for Midterm and 15% for Final)

The midterm exam will be available around Module 7 and the final exam will be available in the next-to-last Module. You will have one week to complete the exams and they will be due by 11:59 PM exactly one week from their release. You may use the course text and any notes to complete the exams.

Late submission of exams are not accepted without prior coordination. Failure to cite sources will result in a full letter grade reduction.

The exams are evaluated by the following grading elements:

1. Each part of question is answered (20%)
2. Writing quality and technical accuracy (30%) (Writing is expected to meet or exceed accepted graduate-level English and scholarship standards. That is, all assignments will be graded on grammar and style as well as content.)
3. Rationale for answer is provided (20%)
4. Examples are included to illustrate rationale (15%) (If a student does not have direct experience related to a particular question, then the student is to provide analogies versus examples.)
5. Outside references are included (15%)

Exams are graded as follows:

• 100–90 = A—All parts of question are addressed; Writing Quality/ Rationale/ Examples/ Outside References [rich in content; full of thought, insight, and analysis].
• 89–80 = B—All parts of the question are addressed; Writing Quality/ Rationale/ Examples/ Outside References [substantial information; thought, insight, and analysis has taken place].
• 79–70 = C—Majority of parts of the question are addressed; Writing Quality/ Rationale/ Examples/ Outside References [generally competent; information is thin and commonplace].

Course Policies

Please be sure to reach out with any questions that you may have. I am always willing to help out and elaborate on some topics. Please do not wait until the last day of the module to start the homework assignments.

Academic Policies

Deadlines for Adding, Dropping and Withdrawing from Courses

Students may add a course up to one week after the start of the term for that particular course. Students may drop courses according to the drop deadlines outlined in the EP academic calendar (https://ep.jhu.edu/student-services/academic-calendar/). Between the 6th week of the class and prior to the final withdrawal deadline, a student may withdraw from a course with a W on their academic record. A record of the course will remain on the academic record with a W appearing in the grade column to indicate that the student registered and withdrew from the course.

Academic Misconduct Policy

All students are required to read, know, and comply with the Johns Hopkins University Krieger School of Arts and Sciences (KSAS) / Whiting School of Engineering (WSE) Procedures for Handling Allegations of Misconduct by Full-Time and Part-Time Graduate Students.

This policy prohibits academic misconduct, including but not limited to the following: cheating or facilitating cheating; plagiarism; reuse of assignments; unauthorized collaboration; alteration of graded assignments; and unfair competition. Course materials (old assignments, texts, or examinations, etc.) should not be shared unless authorized by the course instructor. Any questions related to this policy should be directed to EP’s academic integrity officer at ep-academic-integrity@jhu.edu.

Students with Disabilities - Accommodations and Accessibility

Johns Hopkins University values diversity and inclusion. We are committed to providing welcoming, equitable, and accessible educational experiences for all students. Students with disabilities (including those with psychological conditions, medical conditions and temporary disabilities) can request accommodations for this course by providing an Accommodation Letter issued by Student Disability Services (SDS). Please request accommodations for this course as early as possible to provide time for effective communication and arrangements.

For further information or to start the process of requesting accommodations, please contact Student Disability Services at Engineering for Professionals, ep-disability-svcs@jhu.edu.

Student Conduct Code

The fundamental purpose of the JHU regulation of student conduct is to promote and to protect the health, safety, welfare, property, and rights of all members of the University community as well as to promote the orderly operation of the University and to safeguard its property and facilities. As members of the University community, students accept certain responsibilities which support the educational mission and create an environment in which all students are afforded the same opportunity to succeed academically. 

For a full description of the code please visit the following website: https://studentaffairs.jhu.edu/policies-guidelines/student-code/

Classroom Climate

JHU is committed to creating a classroom environment that values the diversity of experiences and perspectives that all students bring. Everyone has the right to be treated with dignity and respect. Fostering an inclusive climate is important. Research and experience show that students who interact with peers who are different from themselves learn new things and experience tangible educational outcomes. At no time in this learning process should someone be singled out or treated unequally on the basis of any seen or unseen part of their identity. 
 
If you have concerns in this course about harassment, discrimination, or any unequal treatment, or if you seek accommodations or resources, please reach out to the course instructor directly. Reporting will never impact your course grade. You may also share concerns with your program chair, the Assistant Dean for Diversity and Inclusion, or the Office of Institutional Equity. In handling reports, people will protect your privacy as much as possible, but faculty and staff are required to officially report information for some cases (e.g. sexual harassment).

Course Auditing

When a student enrolls in an EP course with “audit” status, the student must reach an understanding with the instructor as to what is required to earn the “audit.” If the student does not meet those expectations, the instructor must notify the EP Registration Team [EP-Registration@exchange.johnshopkins.edu] in order for the student to be retroactively dropped or withdrawn from the course (depending on when the "audit" was requested and in accordance with EP registration deadlines). All lecture content will remain accessible to auditing students, but access to all other course material is left to the discretion of the instructor.