The course covers state-of-the-art techniques to produce software that has fewer security vulnerabilities.
Text book: Building Secure Software
Prerequisites: Extensive programming experience following a systematic software development process. Basic knowledge of software engineering and programming language techniques and/or ability to learn this technology quickly. Programming homeworks will be in Java and AspectJ. Regarding courses, you should have taken CSG110 (Managing Software Development) or an equivalent course. Recommended, but not required is CSG 111 (Principles of Programming Languages). If you have time before the course starts, it is recommended that you learn the basics of AspectJ. But this material is covered as part of the course. A good recommended book for AspectJ is "AspectJ in Action": AspectJ in Action Home Page.
Teaching Assistant: Robbie Ye
I further agree to hold the instructor and the university harmless for any and all damage that may result from the use of the knowledge in The Course. Any further use of the material presented in The Course is subject to all local laws and customs.
The attack patterns presented in the course are shown to demonstrate what you are up against when you need to design secure software, i.e., software that is difficult to attack.
Model driven architecture as a technique to generate code from models. Generated code is of higher quality and has fewer vulnerabilities. Model driven security. Security as an aspect. Reliability is more important than performance: a significant investment in checking and recovery programming is needed. Because software developers are under pressure, they don't practice defensive programming. Defensive programming: be skeptical against any input. May lead to three times more code. How aspects can help with defensive programming. Lopes ICSE paper. To avoid vulnerabilities, a program must be correct and defensive with respect to inputs from outside (both from above and below). To avoid vulnerabilities with middleware, the programmers that use the middleware must follow rules. Aspect-oriented techniques can help to enforce those rules. Websphere example. Policy languages Chinese Wall, Binder Automata theory for checking policies, Low water mark Software security: generate application-specific firewalls from software security policy Design automation conference 2004: Security for embedded software
What the course is NOT about: Network security: we have a separate course: CSG 254. It is NOT about CSG252 Cryptography and Communication Security. While all three: network, cryptography and communication security are essential for secure software (and therefore we will touch those topics too), they are not sufficient. You can have a system with perfect network, cryptography and communication security, but an application-level vulnerability will make it insecure.
Schedule: Monday, 6-9pm 108 West Village H. Office Hours: Karl Lieberherr see my home page I am inside the lab 308 in WVH in 308A. Robbie Ye: Wednesday, 2-4 pm, Office 208 in WVH (in the discussion room area.)
Mailinglist (archive, sign-up, etc.)
CSG 379 Resources
First assignment: answer a questionnaire, and send your answers by noon on Monday of second week of classes to firstname.lastname@example.org.
Course Directories .
Course description and syllabus.
Links to individual project pages (under construction) .
Lecture Notes .
New DAJ home page.
Viega on aspects and security.
NewAspects: Application Security Technologies .
Instructor's Home page.