CS-412 / 6 credits

Teacher: Payer Mathias Josef

Language: English


Summary

This course focuses on software security fundamentals, secure coding guidelines and principles, and advanced software security concepts. Students learn to assess and understand threats, learn how to design and implement secure software systems, and get hands-on experience with security pitfalls.

Content

Keywords

Software security, mitigation, software testing, sanitization, fuzzing

Learning Prerequisites

Required courses

  • COM-402 Information security and privacy

 

Important concepts to start the course

Basic computer literacy like system administration, build systems, basic C/C++ programming skills, debugging, and development skills. Understanding of virtual machines and operating systems.

 

Learning Outcomes

By the end of the course, the student must be able to:

  • Explain the top 20 most common weaknesses in software security and understand how such problems can be avoided in software.
  • Identify common security threats, risks, and attack vectors for software systems.
  • Assess / Evaluate current security best practices and defense mechanisms for current software systems. Become aware of limitations of existing defense mechanisms and how to avoid them.
  • Identify security problems in source code and binaries, assess the associated risks, and reason about their severity and exploitability.
  • Assess / Evaluate the security of given source code or applications.

Transversal skills

  • Identify the different roles that are involved in well-functioning teams and assume different roles, including leadership roles.
  • Keep appropriate documentation for group meetings.
  • Summarize an article or a technical report.
  • Access and evaluate appropriate sources of information.
  • Write a scientific or technical report.
  • Make an oral presentation.

Teaching methods

The lectures are denser early in the semester, then tapering off before the end. They may be peppered with occasional short surprise quizzes that are not mandatory but may earn points for successful participants. They are backed up by PDF files of all the lecture material, as well as a few textbook recommendations.

The exercises sessions start slowly early in the semester but pick up and occupy all time towards the end. They consist mostly of paper questions involving the analysis, critical review, and occasional correction of software. They include a reading, writing, and presentation assignment.

 

Expected student activities

Students are encouraged to attend lectures and exercise sessions. In addition to normal studying of the lecture and practice of the exercises, the reading assignment consists of analyzing a few suggested scientific papers on a large selection of topics; the presentation assignment consists of holding a 15-minute presentation on the selected topic; and the writing assignment of documenting what was learned in a term paper due at the end of the semester.

 

Assessment methods

The grade will continuously be evaluated through a combination of pracitcal assignments in the form of several labs and theoretical quizzes and assignments throughout the semester. The labs will account for 70%, the quizzes and assignments to 30%.

Supervision

Office hours Yes
Assistants Yes
Forum No

Resources

Notes/Handbook

Software Security: Principles, Policies, and Protection (SS3P, by Mathias Payer)

http://nebelwelt.net/SS3P/

In the programs

  • Semester: Spring
  • Exam form: During the semester (summer session)
  • Subject examined: Software security
  • Lecture: 3 Hour(s) per week x 14 weeks
  • Exercises: 2 Hour(s) per week x 14 weeks
  • Practical work: 1 Hour(s) per week x 14 weeks
  • Semester: Spring
  • Exam form: During the semester (summer session)
  • Subject examined: Software security
  • Lecture: 3 Hour(s) per week x 14 weeks
  • Exercises: 2 Hour(s) per week x 14 weeks
  • Practical work: 1 Hour(s) per week x 14 weeks
  • Semester: Spring
  • Exam form: During the semester (summer session)
  • Subject examined: Software security
  • Lecture: 3 Hour(s) per week x 14 weeks
  • Exercises: 2 Hour(s) per week x 14 weeks
  • Practical work: 1 Hour(s) per week x 14 weeks
  • Semester: Spring
  • Exam form: During the semester (summer session)
  • Subject examined: Software security
  • Lecture: 3 Hour(s) per week x 14 weeks
  • Exercises: 2 Hour(s) per week x 14 weeks
  • Practical work: 1 Hour(s) per week x 14 weeks
  • Semester: Spring
  • Exam form: During the semester (summer session)
  • Subject examined: Software security
  • Lecture: 3 Hour(s) per week x 14 weeks
  • Exercises: 2 Hour(s) per week x 14 weeks
  • Practical work: 1 Hour(s) per week x 14 weeks
  • Semester: Spring
  • Exam form: During the semester (summer session)
  • Subject examined: Software security
  • Lecture: 3 Hour(s) per week x 14 weeks
  • Exercises: 2 Hour(s) per week x 14 weeks
  • Practical work: 1 Hour(s) per week x 14 weeks
  • Semester: Spring
  • Exam form: During the semester (summer session)
  • Subject examined: Software security
  • Lecture: 3 Hour(s) per week x 14 weeks
  • Exercises: 2 Hour(s) per week x 14 weeks
  • Practical work: 1 Hour(s) per week x 14 weeks

Reference week

 MoTuWeThFr
8-9     
9-10     
10-11     
11-12     
12-13     
13-14     
14-15     
15-16     
16-17     
17-18     
18-19     
19-20     
20-21     
21-22