中正大學課程大綱
課程名稱(中文): 系統和軟體安全 開課單位: 前瞻製造系統博士學位學程(Ph. D. Program in Advanced Manufacturing Systems)
課程名稱(英文) System and Software security 課程代碼 4458005_01
授課教師: Van-Linh Nguyen (阮文齡) 學分數 3
必/選修 選修 開課年級 Undergraduate/Graduate Students
先修科目或先備能力:
課程概述:
Viruses and malware infect millions of computers that some of you may see breaking news daily. In general, attackers often use these malicious programs to steal user data, blackmail businesses, and even bring down national networks, causing billions of dollars in damage per year. This course provides the basics of various security attacks and vulnerabilities (e.g., Buffer Overflow) in Windows and Linux systems and effective prevention methods. From understanding the basics of malicious programs and software security analysis such as assembly programming and reverse engineering, you can know how attackers build malware/viruses and propose a proper defense approach. You will also learn about system forensics through Kali Linux and advanced tools (e.g., Metasploit) to trace security vulnerabilities and corresponding attacks. Finally, DevSecOps and building security APIs, a critical software security development skill for network administrators and secure software developers, are introduced.
學習目標:
1. Acquire the basics of system and software security, assembly programming
2. Acquire malicious software, Window/Linux/Virtualization vulnerabilities
3. Acquire state-of-the-art techniques in secure programming
4. Create and build a secure software/API/DevKits following the DevSecOps standards
教科書:
Lecture notes compiled by the teacher
However, the following books may benefit the students
1. Computer Security: Principles and Practice 4th (William Stallings)
2. Gray Hat Hacking: The Ethical Hacker's Handbook 5th (Allen Harper)
3. Software Security: Building Security In (Gary McGraw)
4. Practical Reverse Engineering: x86, x64, ARM, Windows Kernel
5. https://owasp.org/www-community/Source_Code_Analysis_Tools

課程大綱 分配時數 核心能力 備註
單元主題 內容綱要 講授 示範 隨堂作業 其他
Introduction
Introduction
System security overview
• Window/Linux/Unix vulnerabilities
• Virtualization vulnerabilities
• Malicious software (virus/malware/rootkit/worm/ransomware)
Reverse engineering
• Assembly programming
• Reverse engineering with
Ghidra and IDA (Disassembler)
System forensics & incident response
• Syslog analysis
• Memory forensics
• Malware analysis
• Data recovery
• Kali Linux/Metasploit
Software exploitation
• Buffer overflow
• FlawFinder/software vulnerability testing
• Open Web Application Security Project (OWASP)
Secure coding
• Source code analysis
(Intel ControlFlag)
• Secure programming
DevSecOps
• Agile Software development/Scrum
• CI/CD Pipeline
• Github/Docker/Container repository management
• SDK/DevKits/Security API
• Security standards for
software security
Advanced topics
• IoT security (embedded systems, mobile devices)
• Industrial Control Systems security
• Web Application Security


請尊重智慧財產權,不得非法影印教師指定之教科書籍

教學要點概述:
1. 教材編選(可複選):自編簡報(ppt)教科書作者提供
2. 教學方法(可複選):講述板書講述
3. 評量工具(可複選):上課點名 0%, 隨堂測驗0%, 隨堂作業20.00%, 程式實作0%, 實習報告0%,
                       專案報告0%, 期中考40.00%, 期末考30.00%, 期末報告0%, 其他0%,
4. 教學資源:課程網站 教材電子檔供下載 實習網站
5. 教學相關配合事項:

課程目標與教育核心能力相關性        
請勾選: