Embedded Computer Systems
Vulnerabilities, Intrusions and Protection Mechanisms

CS 650.433 (JHUISI)

On-line Course Syllabus

Instructor: George E. Kalb

Email: kalb@cs.jhu.edu

Objectives

  1. To distinguish the characteristics of embedded computer systems and network-centric computer systems.
  2. To examine the various vulnerabilities of embedded computer systems.
  3. To investigate intrusions, attack scenarios, and exploitation methods.
  4. To evaluate/critique various protection methodologies as to their effectiveness to deter, detect, and respond to exploitation activities.

Course Schedule

The course is partitioned into a set of Case Studies and Study Modules that are to be completed at a rate of about one per week. Each Case Study and Study Module has its own Discussion Area wherein students may participate to gather further insight, pose questions, and contribute findings.

Week # Topic/Task Study Module Purpose/Activities
1 Course Information Introduction Short introduction to orient the student as to the structure, content, and schedule for the course.
1 Case Study #1 --- Simple exercise to introduce Case Study format, gather student information, and collect survey information that will be used in Case Study #3.
2 What are Embedded Systems 1 Light introduction to introduce Study Module format. Compare and contrast embedded computer systems to network-based processing systems.
3 Hacking Defined 2 More extensive Study Module. Discuss the who, what, where and why behind computer hacking.
4 Threats, Vulnerabilities, and Risks 3 Conduct a vulnerability and risk analysis pertaining to the selection of protection mechanisms.
5 Programmability 4 Examination of the translation process from human readable source-level code to machine readable code. Discussion of software patching process. Examination of tools used for testing embedded computer systems.
6 Case Study #2 --- Debugger, Hex Editor, and software patching experiment
7 Product Development Process 5 Examine the hardware manufacturing process from internal chip architecture to board-level designs, through final product assembly.
8 Mid-Term Exam --- 10 questions
9 Safeguarding Embedded Systems (part 1) 6 Explore the techniques commonly employed to protect product hardware and software assets.
10 Case Study #3
Case Study #4
--- Easter Egg experiment
Legal Issues investigation
11 Case Study #5
Case Study #6
--- Checksum experiment
CRC experiment
12 Safeguarding Embedded Systems (part 2) 7 Continuation of Module #6 with additional product protection mechanisms.
13 Case Study #7 --- Encryption experiment
Code Obfuscation experiment
14 Embedded System Software Threats 8 Examine techniques used to bypass protection mechanisms and to exploit embedded computer hardware and software assets.
15 Final Exam --- 10 questions

Case Studies

Students are to perform the Case Study during the week assigned. Case Study instructions, all executable programs, and all associated input files are provided. Students follow the instructions and may enter experimental findings in the space provided within the instructions document. Students are required to write a short summary of their overall findings & lessons learned regarding the Case Study that have been performed. The completed Case Study instructions document is then transmitted the instructor prior to the end of the week that the Case Study is assigned.
   The Discussion Area (asynchronous online participation) that pertains to the assigned Case Study will become active from the beginning of the week that the Case Study is assigned and remains active throughout the week such that all student may contribute following completion of the Case Study assignment. A set of Instructor's Notes pertaining to the assigned Case Study will then be released for students to read at the beginning of the week following assignment of the Case Study after the Discussion Area has closed. Students are expected to read the Instructor's Notes document to verify results and receive a better understanding of the Case Study content.
   Periodic in-class sessions (about one per month) will be scheduled a few days after the Instructor's Notes document has been released to directly interact with the Instructor online in a discussion pertaining to the Case Study.


Study Modules

Students are to read the Study Module materials during the week assigned. The Study Modules consist of a series of webpages with associated voice annotations. Students are encouraged to take notes and record questions that will be used during participation in the Discussion Area that accompanies the assigned Study Modules. The associated Discussion Area remains active throughout the week that the Study Module is assigned such that all students may contribute.


Grading Policy

The final grade is based on successful completion of all Case Studies, Mid-Term Exam, Final Exam and participation in the various Discussion Areas. The Mid-Term and Final Exam questions are derived from the Study Modules, Case Studies, and topics discussed within the Discussion Areas. There are 16 Discussion Areas (8 Study Modules + 8 Case Study experiments) that become active during the week that the associated Study Module or Case Study is assigned. On average, a student is expected to contribute at least four substantive entries during each Discussion Area. The final grade is computed as per the table that follows.

Mid-Term Exam 100 10 questions - in class
Final Exam 100 10 questions - in class
Case Studies (8) 180 Case Studies 1 through 4 - 20 Pts each (10 pts for performing experiment - 10 pts for overall findings summary)
Case Studies 5 through 8 - 25 Pts each (15 pts for performing experiment - 10 pts for overall findings summary)
Discussion Forum Participation 120 16 Discussion Areas - 7.5 Pts each
On average, at least 4 substantive entries each.
Total points = 120 pts x (total substatiative posts / (16 DAs x 4 posts each))
Total Points 500  

The Final Letter Grade is based on the table that follows and is assigned based on total points accumulated by the student at the completion of the course.

Final Letter Grade Point Spread Percentage Against 500 Pts Possible
A 450 through 500 90% to 100%
B 400 through 449 80% to 89%
C 350 through 399 70% to 79%
D 300 through 349 60% to 69%
F below 300 below 60%

Recommended Text: None

Recommended Computing Environment

Hardware
  • IBM-compatible PC incorporating an Intel-based processor (486 or higher) required to execute Case Study executable images
  • Software
  • Browsers
    • Netscape 4.76, 6.2.1, 6.2.2, and 6.2.3 (PC & Mac)
    • Preferred: Internet Explorer 5.0 to 6.0, except 5.5 Service Pack 1 (PC)
    • Internet Explorer 5.0 and 5.1 (Mac OS 9.x)
    • Internet Explorer 5.1 (Mac OS 10.1)
    • Internet Explorer 6.0
    • Internet Explorer 6.0 Service Pack 1
    • AOL 7.0 (PC & Mac)
  • Microsoft Windows97 (or higher) required to access Notepad and MS-DOS environment per Case Study experiments.
  • Microsoft Word97 (or higher) required
  • Microsoft Excel97 (or higher) required
  • Microsoft PowerPoint97 (or higher) required
  • email capability required
  • Fax capability (if email is not accessible)
  • Winhex (Hex editor) available at this location: www.winhex.com
  • PDF Viewer
  • Zip software

  • Return to previous page

    Page design (version 2.5-01.12.06) Copyright 2006, George E. Kalb