DCU Home | Our Courses | Loop | Registry | Library | Search DCU

Module Specifications..

Current Academic Year 2023 - 2024

Please note that this information is subject to change.

Module Title Secure Programming
Module Code CA647
School School of Computing
Module Co-ordinatorSemester 1: Darragh O'Brien
Semester 2: Darragh O'Brien
Autumn: Darragh O'Brien
Module TeachersDarragh O'Brien
NFQ level 9 Credit Rating 7.5
Pre-requisite None
Co-requisite None
Compatibles None
Incompatibles None
None
Reassessment involves both a repeat lab exam and a repeat written exam
Description

This aim of this module is to introduce students to the field of secure software development. Common coding errors, vulnerabilities and exploits are first explored in order to understand the threat. The roles of security policies, models and assurance methodologies in producing secure software are subsequently covered.

Learning Outcomes

1. Explain how the stack supports procedure call and return, parameter passing and variable allocation
2. Identify and correct common coding flaws and security vulnerabilities
3. Demonstrate how an attacker creates and subsequently delivers a payload to a victim by exploiting vulnerabilities
4. Identify and correct vulnerabilities arising from insecure interaction between a process and its environment
5. Differentiate the roles of policies, models and mechanisms in secure software development
6. Apply models that implement confidentiality, integrity and hybrid security policies
7. Choose access control mechanisms to implement a given security policy
8. Summarise the role of software assurance methodologies and relate them to international software assurance standards



Workload Full-time hours per semester
Type Hours Description
Lecture36Online lecture
Lecture36Online lecture
Tutorial12In class discussion
Tutorial12In class discussion
Laboratory24Computer lab exercises
Laboratory24Computer lab exercises
Independent Study96Independent learning
Assignment Completion20Vulnerability detection and exploiting
Assignment Completion20Vulnerability detection and exploiting
Independent Study96Independent learning
Total Workload: 376

All module information is indicative and subject to change. For further information,students are advised to refer to the University's Marks and Standards and Programme Specific Regulations at: http://www.dcu.ie/registry/examinations/index.shtml

Indicative Content and Learning Activities

The process address space
Linux process layout in memory. Static and dynamic linking. The stack.

Vulnerabilities
Common vulnerabilities including buffer overflow, heap overflow, off-by-one errors, format string vulnerabilities, integer errors and race conditions.

Exploits
How vulnerabilities are exploited. Shellcode generation.

Web security
Client-side tampering, SQL injection, cross-site scripting, web trojans, session hijacking and corresponding defences.

Secure software development
Security policy models: confidentiality policies, integrity policies, hybrid policies and non-interference. Access Control. Auditing. Software assurance: types of assurance, building systems with assurance. Introduction to software assurance standards such as TCSEC and the ISO Common Criteria.

Assessment Breakdown
Continuous Assessment30% Examination Weight70%
Course Work Breakdown
TypeDescription% of totalAssessment Date
ProjectExploiting vulnerabilities project15%Week 7
Practical/skills evaluationLab exam15%Week 10
Reassessment Requirement Type
Resit arrangements are explained by the following categories;
1 = A resit is available for all components of the module
2 = No resit is available for 100% continuous assessment module
3 = No resit is available for the continuous assessment component
This module is category 1
Indicative Reading List

  • Robert Seacord: 0, Secure Coding in C and C++, 0321335724
  • Sverre Huseby: 0, Innocent Code, 0470857447
  • Matt Bishop: 0, Introduction to Computer Security, 0321247442
  • Michael Howard & David LeBlanc: 0, Writing Secure Code, 0585486689
  • John Viega & Gary McGraw: 0, Building Secure Software, 020172152
  • Ross Anderson: 0, Security Engineering: A Guide To Building Secure Distributed Systems, 9780470068526
Other Resources

None
Programme or List of Programmes
CAPDPhD
CAPMMSc
CAPTPhD-track
MCMM.Sc. in Computing
Date of Last Revision29-JAN-09
Archives:

My DCU | Loop | Disclaimer | Privacy Statement