ISOFSE (ISOFSE)
Software Security*
< 2006/2007 > 05-02-2007 t/m 01-07-2007 () L
Informatica - Master variant C (2003) Thematische specialisatie Security (6 ec) Keuze informatica (6 ec)
Informatica - Master variant E (2003) Keuze informatica (6 ec)
Informatica - Master variant MT (2003) Thematische specialisatie Security (6 ec) Security (6 ec) Keuze informatica (6 ec) (6 ec)
Informatica - Master variant O (2003) Thematische specialisatie Security (6 ec) Keuze informatica (6 ec)
Informatica - Master variant O (2005) Thematische specialisatie Security (6 ec) Keuze informatica (6 ec)
Informatica - Master na HBO Artificial Intelligence variant MT (2004) Keuze informatica (6 ec)
Informatica - Master na HBO Artificial Intelligence variant O (2004) Keuze informatica (6 ec)
Informatica - Master na HBO Computer Security variant MT (2003) Thematische specialisatie Security (6 ec)
Informatica - Master na HBO Computer Security variant O (2004) Thematische specialisatie (6 ec) Keuze informatica (6 ec)
Informatica - Master na HBO Embedded Systems variant MT (2003) Keuze informatica (6 ec)
Informatica - Master na HBO Embedded Systems variant O (2004) Keuze informatica (6 ec)
Informatica - Master na HBO Information Systems variant MT (2003) Keuze informatica (6 ec)
Informatica - Master na HBO Information Systems variant O (2004) Keuze informatica (6 ec)
Informatica - Master na HBO Software Construction variant MT (2003) Keuze informatica (6 ec)
Informatica - Master na HBO Software Construction variant O (2004) Keuze informatica (6 ec)
omvang
6 ec (168 uur) : 30 uur plenair college, 4 uur groepsgewijs college, 4 uur computerpracticum, 0 uur 'droog' practicum, 2 uur gesprekken met de docent, 40 uur onderling overleg met medestudenten (werkgroepen, projectwerk e.d.), 88 uur zelfstudie
investering
6 ec * 28 u/ec + #std * (1 + 6ec * 0.15 u/student/ec)
inzet tentatief

examinator
afdeling
tijdbesteding

dr.ir. Erik Poll
dis
105u.

speciale web-site
http://www.cs.ru.nl/~erikpoll/SoftwareSecurity

 

Bad software is an important - if not the most important - cause of security problems. This course is about the challenges in developing secure software and the technologies that can be used to improve software security.

Leerdoelen

After the course students

  • are able to identify security objectives of software applications;
  • understand typical ways in which software fails to be secure;
  • know methods and technologies that can help in the development of secure software, and are able to select and apply these.
  • Onderwerpen

    1. What is software security?
    2. Common software vulnerabilities: lack of input validation (buffer overflows, SQL injections, etc.), race conditions, broken access control, etc. Design flaws. Implementation flaws. Deployment flaws. Case studies.
    3. Guiding principles.
    4. Architecture. Design. Implementation
    5. Access control.
    6. Language level security: typing; tainting input data; untrusted code security.
    7. Application level security: runtime monitoring; static analysis; verification; JML, Spec#.
    8. Software evaluation.
    9. Case studies.

    Werkvormen

    Lectures and work on project assignments.

    Vereiste voorkennis

    Basic programming skills, in particular knowledge of Java (enough to write a non-trivial application for the project work) and basic knowledge about C/C++.

    Tentaminering

    Project assignments.

    Literatuur

    Course notes "Developing Secure Software Applications", by Frank Piessens.

    Interesting background material to read are the books

    • Building Secure Software, by John Viega and Gary McGraw. Addison-Wesley, 2002.
    • Secure Coding: Principles & Practices, by Mark G. Graff and Kenneth R. van Wyk. O'Reilly, 2003.
    both of which are available in the library.


Evaluatie: studentenquêtes http://www.cs.ru.nl/~erikpoll/ss2007/Evaluatie2007.html; docentevaluatie
Rendement: 24 begonnen, 20 echt meegedaan, 18 geslaagd met 1e kans, 19 geslaagd totaal
Q: