DCU Home | Our Courses | Loop | Registry | Library | Search DCU
<< Back to Module List

Module Specifications.

Current Academic Year 2024 - 2025

All Module information is indicative, and this portal is an interim interface pending the full upgrade of Coursebuilder and subsequent integration to the new DCU Student Information System (DCU Key).

As such, this is a point in time view of data which will be refreshed periodically. Some fields/data may not yet be available pending the completion of the full Coursebuilder upgrade and integration project. We will post status updates as they become available. Thank you for your patience and understanding.

Date posted: September 2024

Module Title Secure Programming
Module Code CA647 (ITS) / CSC1135 (Banner)
Faculty Engineering & Computing School Computing
Module Co-ordinatorDarragh O'Brien
Module Teachers-
NFQ level 9 Credit Rating 7.5
Pre-requisite Not Available
Co-requisite Not Available
Compatibles Not Available
Incompatibles Not Available
None
Reassessment involves both a repeat lab exam and a repeat written exam
Description

This aim of this module is to introduce students to the field of secure software development. Common coding errors, vulnerabilities and exploits are first explored in order to understand the threat. The roles of security policies, models and assurance methodologies in producing secure software are subsequently covered.

Learning Outcomes

1. Explain how the stack supports procedure call and return, parameter passing and variable allocation
2. Identify and correct common coding flaws and security vulnerabilities
3. Demonstrate how an attacker creates and subsequently delivers a payload to a victim by exploiting vulnerabilities
4. Identify and correct vulnerabilities arising from insecure interaction between a process and its environment
5. Differentiate the roles of policies, models and mechanisms in secure software development
6. Apply models that implement confidentiality, integrity and hybrid security policies
7. Choose access control mechanisms to implement a given security policy
8. Summarise the role of software assurance methodologies and relate them to international software assurance standards



Workload Full-time hours per semester
Type Hours Description
Lecture36Online lecture
Lecture36Online lecture
Tutorial12In class discussion
Tutorial12In class discussion
Laboratory24Computer lab exercises
Laboratory24Computer lab exercises
Independent Study96Independent learning
Assignment Completion20Vulnerability detection and exploiting
Assignment Completion20Vulnerability detection and exploiting
Independent Study96Independent learning
Total Workload: 376

All module information is indicative and subject to change. For further information,students are advised to refer to the University's Marks and Standards and Programme Specific Regulations at: http://www.dcu.ie/registry/examinations/index.shtml

Indicative Content and Learning Activities

The process address space
Linux process layout in memory. Static and dynamic linking. The stack.

Vulnerabilities
Common vulnerabilities including buffer overflow, heap overflow, off-by-one errors, format string vulnerabilities, integer errors and race conditions.

Exploits
How vulnerabilities are exploited. Shellcode generation.

Web security
Client-side tampering, SQL injection, cross-site scripting, web trojans, session hijacking and corresponding defences.

Secure software development
Security policy models: confidentiality policies, integrity policies, hybrid policies and non-interference. Access Control. Auditing. Software assurance: types of assurance, building systems with assurance. Introduction to software assurance standards such as TCSEC and the ISO Common Criteria.

Assessment Breakdown
Continuous Assessment30% Examination Weight70%
Course Work Breakdown
TypeDescription% of totalAssessment Date
ProjectExploiting vulnerabilities project15%Week 7
Practical/skills evaluationLab exam15%Week 10
Reassessment Requirement Type
Resit arrangements are explained by the following categories:
Resit category 1: A resit is available for both* components of the module.
Resit category 2: No resit is available for a 100% continuous assessment module.
Resit category 3: No resit is available for the continuous assessment component where there is a continuous assessment and examination element.
* ‘Both’ is used in the context of the module having a Continuous Assessment/Examination split; where the module is 100% continuous assessment, there will also be a resit of the assessment
This module is category 1
Indicative Reading List

  • Robert Seacord: 0, Secure Coding in C and C++, 0321335724
  • Sverre Huseby: 0, Innocent Code, 0470857447
  • Matt Bishop: 0, Introduction to Computer Security, 0321247442
  • Michael Howard & David LeBlanc: 0, Writing Secure Code, 0585486689
  • John Viega & Gary McGraw: 0, Building Secure Software, 020172152
  • Ross Anderson: 0, Security Engineering: A Guide To Building Secure Distributed Systems, 9780470068526
Other Resources

None

<< Back to Module List