| |
Course Syllabus
Objective:
The objectives of this course are to expose students to techniques and practices related to secure
software development and integration. The focus is practical with discussions on why and how
mechanisms ensure security, what level of security is provided, and how hostile adversaries might
violate the mechanisms. There are three main topic areas: language-based security (focus on C and
Java), operating systems security (Windows, Linux), and network security.
Student Work:
- Students will be given several programming assignments throughout the course. The assignments will
include a final project to be done in teams. Some written assignments may also be given insofar as
they supplement the programming assignments. Graduate students are expect to perform more work and
are expected to write a report outlining a research topic.
- Tests: One mid-term and one final exam will be given (closed book, closed notes). Undergraduate
students will need to answer fewer questions for the same grade than graduate students.
Course Grade: The final course grade is calculated from scores received for assignments,
project, and tests
Topics
Week 1: Introduction. Security policies, mechanisms, and goals.
Week 2: Design principles for secure software systems
Week 3: Open vs. closed source. Trust management.
Week 4&5: Buffer overflows and associated countermeasures
Week 6&7: Security Mechanisms in Java™
Week 8&9: Access control theory and mechanisms
Week 10: Race conditions
Week 11: Randomness and determinism
Week 12: Review of cryptography
Week 13: Applied cryptography
Week 14: Using cryptographic toolkits
Week 15: Advanced or current topics
Basic Bibliography
Primary text:
- John Viega and Gary McGraw. Building Secure Software: How to Avoid Problems
the Right Way. Addison-Wesley, 2002.
- The primary text will be augmented with tutorials available for free on
the World Wide Web.
|
|
|