Coursebooks

Software security

CS-412

Lecturer(s) :

Payer Mathias Josef

Language:

English

Summary

This course focuses on software security fundamentals, secure coding guidelines and principles, and advanced software security concepts. Students learn to assess and understand threats, learn how to design and implement secure software systems, and get hands-on experience with security pitfalls.

Content

This course focuses on software security fundamentals, secure coding guidelines and principles, and advanced software security concepts. Students will learn to assess and understand threats, learn how to design and implement secure software systems, and get hands-on experience with common security pitfalls.

Software running on current systems is exploited by attackers despite many deployed defence mechanisms and best practices for developing new software. In this course students will learn about current security threats, attack vectors, and defence mechanisms on current systems. The students will work with real world problems and technical challenges of security mechanisms (both in the design and implementation of programming languages, compilers, and runtime systems).

 

 

Keywords

Software security, mitigation, software testing, sanitization, fuzzing

Learning Prerequisites

Required courses

 

Important concepts to start the course

Basic computer literacy like system administration, build systems, basic C/C++ programming skills, debugging, and development skills. Understanding of virtual machines and operating systems.

 

Learning Outcomes

By the end of the course, the student must be able to:

Transversal skills

Teaching methods

The lectures are denser early in the semester, then tapering off before the end. They may be peppered with occasional short surprise quizzes that are not mandatory but may earn points for successful participants. They are backed up by PDF files of all the lecture material, as well as a few textbook recommendations.

The exercises sessions start slowly early in the semester but pick up and occupy all time towards the end. They consist mostly of paper questions involving the analysis, critical review, and occasional correction of software. They include a reading, writing, and presentation assignment.

 

Expected student activities

Students are encouraged to attend lectures and exercise sessions. In addition to normal studying of the lecture and practice of the exercises, the reading assignment consists of analyzing a few suggested scientific papers on a large selection of topics; the presentation assignment consists of holding a 15-minute presentation on the selected topic; and the writing assignment of documenting what was learned in a term paper due at the end of the semester.

 

Assessment methods

The grade will continuously be evaluated through (i) an online portal where students can solve challenges in given time frames to gain points, (ii) a semester long project broken into three parts, and (iii) written midterm/final exams to cover concepts.

Supervision

Office hours Yes
Assistants Yes
Forum No

Resources

Notes/Handbook

Software Security: Principles, Policies, and Protection (SS3P, by Mathias Payer)

http://nebelwelt.net/SS3P/

In the programs

Reference week

 MoTuWeThFr
8-9     
9-10     
10-11     
11-12     
12-13     
13-14     
14-15     
15-16     
16-17     
17-18     
18-19     
19-20     
20-21     
21-22     
Under construction
 
      Lecture
      Exercise, TP
      Project, other

legend

  • Autumn semester
  • Winter sessions
  • Spring semester
  • Summer sessions
  • Lecture in French
  • Lecture in English
  • Lecture in German