Established by: Faculty Board of Science and Technology, 2023-09-06
Contents
This course focuses on software reverse engineering. It presents the fundamental concepts of static program analysis (basic blocks, call graphs, inter-procedural analysis, etc.) and dynamic program analysis (dynamic instrumentation, execution environment, etc.). The course also discusses program analysis challenges such as code obfuscation. The course describes multiple reverse engineering applications such as malware analysis, patch analysis to identify vulnerabilities and analysis of an embedded system's firmware.
Expected learning outcomes
Knowledge and understanding After completing the course, the student should be able to:
(FSR 1) understand static and dynamic program analysis concepts and terminology
(FSR 2) understand the steps to reverse engineer software
(FSR 3) understand mechanisms which makes reverse engineering tasks more challenging
Competence and skills After completing the course, the student should be able to:
(FSR 4) reverse engineer a malware to extract its structure and behavior
(FSR 5) reverse engineer a patch to identify a vulnerability
(FSR 6) reverse engineer a firmware to understand its structure
Judgement and approach After completing the course, the student should be able to:
(FSR 7) have a critical mind when analyzing unknown software, understand which parts of the software to focus on, identify the potential challenges and be able to devise a list of concrete steps to successfully reverse engineer the target software
Required Knowledge
At least 90 ECTS, including 60 ECTS Computing Science. At least 7.5 ECTS introductory programming; 7.5 ECTS data structures and algorithms; 7.5 ECTS discrete mathematics. 7.5 ECTS systems programming.
Form of instruction
The course is taught by lectures and computer labs. In addition to scheduled activities, independent work with the material is required.
Examination modes
The grade scale is Fail (U), Pass (G), or Pass with distinction (VG). The examination consists of written assignments, oral presentations, and a written exam in halls.
Adapted examination The examiner can decide to deviate from the specified forms of examination. Individual adaptation of the examination shall be considered based on the needs of the student. The examination is adapted within the constraints of the expected learning outcomes. A student that needs adapted examination shall no later than 10 days before the examination request adaptation from the Department of Computing Science. The examiner makes a decision of adapted examination and the student is notified.
Other regulations
If the syllabus has expired or the course has been discontinued, a student who at some point registered for the course is guaranteed at least three examinations (including the regular examination) according to this syllabus for a maximum period of two years from the syllabus expiring or the course being discontinued.
Literature
Valid from:
2024 week 1
Articles and material provided by the department or available online.