CMPS 451 Vulnerability Analysis
Catalog Description
CMPS 451 Vulnerability Analysis (4)
Identification and quantification of security weaknesses in programs, systems and networks. Topics include professional ethics, static binary analysis, dynamic binary analysis, anti-analysis techniques, risk assessment, penetration testing, vulnerability classification and mitigation techniques. Prerequisite: CMPS 350
Prerequisites by Topic
Knowledge of programming languages
Basics of computer language translation
Units and Contact Time
5 quarter units. 4 units lecture (200 minutes), 1 unit lab (150 minutes).
Selected elective for CS
Required Textbook
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. Mark Dowd, John McDonald, Justin Schuh. Addison-Wesley, 2007, ISBN-13: 978-0-321-44442-4.
Recommended Textbook and Other Supplemental Materials
Melissa Danforth
Student Learning Outcomes
This course covers the following ACM/IEEE CS2013 (Computer Science) Body of Knowledge student learning outcomes:

CS-IAS/Foundational Concepts in Security
CS-IAS/Principles of Secure Design
CS-IAS/Defensive Programming
CS-IAS/Threats and Attacks
CS-PL/Static Analysis
CS-SE/Software Construction

ABET Outcome Coverage
The course maps to the following performance indicators for Computer Science (CAC/ABET):
3e. An understanding of professional, ethical, legal, security, and social issues and responsibilities.
3j. An ability to apply mathematical foundations, algorithmic principles, and computer science theory in the modeling and design of computer-based systems in a way that demonstrates comprehension of the tradeoffs involved in design choices.
Lecture Topics and Rough Schedule
1Chapters 1, 2, and 3 Classic security goals (confidentiality, integrity, etc.), Threats, Vulnerabilities, Audits, Threat exposure
2Chapter 5 Memory corruption: buffer overflows, heap overflows, global and static data
3Chapter 5 Memory corruption: shellcode, protection mechanisms
4Chapters 6 and 8 C/C++ language issues; String and character handling issues
5Chapter 4 Auditing tools for source code and binary analysis
6 and 7Chapter 7 Auditing techniques for source code and binary analysis
8 and 9Chapters 9 and 10 Vulnerabilities and analysis for Unix/Linux systems
10n/a Project presentations and/or Interactive tutorials
Design Content Description
Not applicable to this course.
Prepared By
Melissa Danforth on 24 March 2015
Approved by CEE/CS Department on [date]
Effective Spring 2015