The student will acquire:
- A good understanding of the nature of security vulnerabilities in software systems
- A basic understanding of principles for secure software development and language-based security concepts
- A good understanding of static and dynamic program analysis techniques and security testing
The course studies the nature of security vulnerabilities in software systems, the techniques to detect and prevent these problems by proper programming and programming languages, and their embedding in a security-aware software development process.
- Software Security Vulnerabilities (buffer and integer overflows, return oriented programming, code injection (SQL, XSS), race conditions, information exposure);
- Principles of Secure Programming (threat modeling, small/simple trusted computing base, coding standards for secure defaults & failures, least privilege, preventing injection attacks by input validation);
- Language-Based Security (memory & type safety, access control, static and dynamic semantics, type soundness);
- Static Analysis Techniques (control, data & information flow analysis, fuzzing and penetration testing, symbolic execution).
Book: “Software Security: Building Security In” by Gary McGraw
Papers & online-material
Assumed previous knowledge
Previous knowledge can be gained by
|Basic knowledge of programming in C; basic knowledge of operating systems/compilers|
Resources for self study
|BSc courses, like the modules on software systems and computer systems|
|Basic tutorial, like https://www.cprogramming.com/tutorial/c-tutorial.html||Required materials-Recommended materials-Instructional modesTests|
RemarkWritten exam and homework (programming and program analysis) assignments.