University of Malta
 

Study-Unit Description
UOM Main Page
 
 
 
Apply - Admissions 2016
Newspoint
Campus Map button
Facebook
Twitter


CODE CPS5123

 
TITLE Systems Security

 
LEVEL 05 - Postgraduate Modular Diploma or Degree Course

 
ECTS CREDITS 5

 
DEPARTMENT Computer Science

 
DESCRIPTION This study-unit takes a 'hands-on' approach to computer security, specifically focusing on analyzing the adversaries targeting system software in the form of malware and their launchers. The techniques necessary to understand the functioning of such adversaries is fundamental in hardening systems and configure intrusion detection systems to prevent and/or detect future security violations, as well as in recovering from past successful ones. This study-unit touches on aspects of systems/low-level programming and debugging, reverse engineering and digital forensics, and therefore an aptitude to carry out practical tasks using these techniques is a must. Given their current popularity and the opportunities provided to attackers to reach their malicious intent, this study-unit currently focuses primarily on malware that targets the Microsoft Windows family of operating systems.

Study-unit Aims:

The main aims of the study-unit is to provide a hands-on experience on:

- A number of static and dynamic analysis techniques to be conducted on compiled code binaries, mainly binary disassembly and debugging, with the intent of understanding any malicious behavior. and use tThe derived information is intended to disinfect any affected hosts and protect them against future re-infection;
- Recognizing typical malware behavior - back-doors, key loggers, credential stealing, rootkits, covert launching, detection evasion, shellcode – during analysis;
- Configuring Network intrusion detection systems (NIDS) and other security mechanisms as a follow-up step to malware analysis; and
- Unpacking obfuscated malware through which students are familiarized with low-level programming constructs necessary for any type of work/research in systems security, as well as be also fully prepared to start conducting malware analysis which is currently a highly sought skill per se.

Learning Outcomes:

1. Knowledge & Understanding:
By the end of the study-unit the student will be able to:

Given the binaries of a potential malware:
- Set up an isolated environment for its safe analysis;
- Statically analyze it using a disassembler, and from the recovered assembly code recognize common programming constructs and any accessed system services;
- Dynamically analyze it through the use of memory debugging (user-space only); assembly-level and kernel debugging;
- Use a combination of the above to look our for common malware behavior, including that to evade detection;
- Configure network intrusion detection systems to detect its presence;
- Recognize any techniques it uses to thwart its analysis (unpacking only).

2. Skills:
By the end of the study-unit the student will be able to:

Carry out static and dynamic disassembly of malware through which:
- Identify its actions in order to guide a thorough system disinfection procedure;
- Identify the system services used and by which recommend possible system hardening steps;
- Create IDS signatures in order to detect its future presence Build malware analysis tools and platform-level security defenses by leveraging the acquired low-level programming skills.

Main Text/s and any supplementary readings:

Text book:

- Michael Sikorski and Andrew Honig. "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software", No Starch Press, 2012. ISBN:78-1593272906

Reference:

- Michael Ligh, Steven Adair, Blake Hartstein, Matthew Richard. "Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code", Wiley, 2010. ISBN: 978-0470613030
- Eldad Eilam. "Reversing: Secrets of Reverse Engineering", Wiley, 2005. ISBN:978-0764574818
- Jon Erickson. "Hacking: The Art of Exploitation", 2nd Edition, No Starch Press, 2008. ISBN: 978-1593271442

 
STUDY-UNIT TYPE Lecture and Practical

 
METHOD OF ASSESSMENT
Assessment Component/s Resit Availability Weighting
Presentation Yes 20%
Practical Yes 25%
Practical Yes 25%
Project Yes 30%

 
LECTURER/S Mark J. Vella

 
The University makes every effort to ensure that the published Courses Plans, Programmes of Study and Study-Unit information are complete and up-to-date at the time of publication. The University reserves the right to make changes in case errors are detected after publication.
The availability of optional units may be subject to timetabling constraints.
Units not attracting a sufficient number of registrations may be withdrawn without notice.
It should be noted that all the information in the study-unit description above applies to the academic year 2017/8, if study-unit is available during this academic year, and may be subject to change in subsequent years.
Calendar
Notices
Study-unit Registration Forms 2017/8

Register

For Undergraduate (Day) and Postgraduate students.

 

Faculty of ICT Timetables

Timetables

ICT Timetables are available from Here.

Health and Safety Regulations for Laboratories Form

The Faculty of ICT Health and Safety Regulations for Laboratories form can be found here

 HealthAndSafety

13th Edition of EY’s Annual Attractiveness Event

 Logo

 

 

The 13th Edition of EY’s Annual Attractiveness event will be held on 25th October 2017 at the InterContinental Hotel,

St. Julians. It is titled "Thinking without the box: disruption, technology and FDI".

 

The  students' invitation and more information can be found here

The conference programme can be found here

 

 
 

Log In back to UoM Homepage