中正大學課程大綱
課程名稱(中文): 系統和軟體安全 開課單位: 資訊工程研究所(Graduate Institute of Computer Science and Information Engineering)
課程名稱(英文) System and Software security 課程代碼 4105256_01
授課教師: Van-Linh Nguyen (阮文齡) 學分數 3
必/選修 選修 開課年級 Undergraduate/Graduate Students
先修科目或先備能力:
課程概述:
Viruses and malware infect millions of computers that some of you may see breaking news daily. In general, attackers often use these malicious programs to steal user data, blackmail businesses, and even bring down national networks, causing billions of dollars in damage per year. This course provides the basics of various security attacks and vulnerabilities (e.g., Buffer Overflow) in Windows and Linux systems and effective prevention methods. From understanding the basics of malicious programs and software security analysis such as assembly programming and reverse engineering, you can know how attackers build malware/viruses and propose a proper defense approach. You will also learn about system forensics through Kali Linux and advanced tools (e.g., Metasploit) to trace security vulnerabilities and corresponding attacks. Finally, DevSecOps and building security APIs, a critical software security development skill for network administrators and secure software developers, are introduced.
學習目標:
1. Acquire the basics of system and software security, assembly programming
2. Acquire malicious software, Window/Linux/Virtualization vulnerabilities
3. Acquire state-of-the-art techniques in secure programming
4. Create and build a secure software/API/DevKits following the DevSecOps standards
教科書:
Lecture notes compiled by the teacher
However, the following books may benefit the students
1. Computer Security: Principles and Practice 4th (William Stallings)
2. Gray Hat Hacking: The Ethical Hacker's Handbook 5th (Allen Harper)
3. Software Security: Building Security In (Gary McGraw)
4. Practical Reverse Engineering: x86, x64, ARM, Windows Kernel
5. https://owasp.org/www-community/Source_Code_Analysis_Tools

課程大綱 分配時數 核心能力 備註
單元主題 內容綱要 講授 示範 隨堂作業 其他
Introduction
Course Introduction
 1 12345678
System security overview
• Window/Linux/Unix vulnerabilities
• Virtualization vulnerabilities
• Malicious software (virus/malware/rootkit/worm/ransomware)
6 12345678
Reverse engineering
• Assembly programming
• Reverse engineering with
Ghidra and IDA (Disassembler)
 12345678
System forensics & incident response
• Syslog analysis
• Memory forensics
• Malware analysis
• Data recovery
• Kali Linux/Metasploit
 12345678
Software exploitation
• Buffer overflow
• FlawFinder/software vulnerability testing
• Open Web Application Security Project (OWASP)
 12345678
Secure coding
• Source code analysis
(Intel ControlFlag)
• Secure programming
 12345678
DevSecOps
• Agile Software development/Scrum
• CI/CD Pipeline
• Github/Docker/Container repository management
• SDK/DevKits/Security API
• Security standards for
software security
 12345678
Advanced topics
• IoT security (embedded systems, mobile devices)
• Industrial Control Systems security
• Web Application Security
 12345678

教育目標
1.具獨立從事學術研究或產品創新研發之人才
2.具團隊合作精神及科技整合能力,並在團隊中扮演領導、規劃、管理之角色
3.具自我挑戰與終身學習能力之人才
4.具有學術倫理、工程倫理、國際觀之人才

核心能力
1.具有資訊工程與科學領域之專業知識(Competence in computer science and computer engineering.)
2.具有創新思考、問題解決、獨立研究之能力(Be creative and be able to solve problems and to perform independent research.)
3.具有撰寫中英文專業論文及簡報之能力(Demonstrate good written, oral, and communication skills, in both Chinese and English.)
4.具策劃及執行專題研究之能力(Be able to plan and execute projects.)
5.具有溝通、協調、整合及進行跨領域團隊合作之能力(Have communication, coordination, integration skills and teamwork in multi-disciplinary settings.)
6.具有終身學習與因應資訊科技快速變遷之能力(Recognize the need for, and have the ability to engage in independent and life-long learning.)
7.認識並遵循學術與工程倫理(Understand and commit to academic and professional ethics.)
8.具國際觀及科技前瞻視野(Have international view and vision of future technology.)

請尊重智慧財產權,不得非法影印教師指定之教科書籍

教學要點概述:
1. 教材編選(可複選):自編簡報(ppt)教科書作者提供
2. 教學方法(可複選):講述板書講述
3. 評量工具(可複選):上課點名 10.00%, 隨堂測驗0%, 隨堂作業20.00%, 程式實作0%, 實習報告0%,
                       專案報告0%, 期中考40.00%, 期末考30.00%, 期末報告0%, 其他0%,
4. 教學資源:課程網站 教材電子檔供下載 實習網站
5. 教學相關配合事項:

課程目標與教育核心能力相關性        
請勾選:12345678