|
Module Title |
Secure Programming
|
|
Module Code |
CA647
|
|
School |
School of Computing
|
Online Module Resources
|
| Module Co-ordinator | Dr Darragh O'Brien | Office Number | L2.35 |
|
Level |
1
|
Credit Rating |
7.5
|
|
Pre-requisite |
None
|
|
Co-requisite |
None
|
|
|
Module Aims
|
To introduce the students to the issues involved in developing secure software and to the different approaches and guidelines associated with the development of secure software. This course aims to cover advanced programming topics in assembly language and C/C++. The course also explores how programming language semantics and implementation techniques impact the security of software. The course is built around the text Writing Secure Code (see below).
|
|
Learning Outcomes
|
The student will have exposure to advanced programming techniques, and will have learned to program defensively, to be aware of potential security issues that may arise, and to produce more robust code. As a result of this course the student will be to: understand the issues involved in developing secure software, be familiar with different security models, understand the issues involved in software assurance with respect to different security models, be familiar with the different approaches to software assurance, their advantages and disadvantages.. and understand the management issues relating to secure software development.
|
|
Indicative Time Allowances
|
|
|
Hours
|
|
Lectures |
36
|
|
Tutorials |
12
|
|
Laboratories |
12
|
|
Seminars |
|
|
Independent Learning Time |
52.5
|
|
|
|
|
Total |
112.5
|
|
Placements |
|
|
Assignments |
|
|
|
NOTE
|
Assume that a 7.5 credit module load represents approximately 112.5 hours' work, which includes all teaching, in-course assignments, laboratory work or other specialised training and an estimated private learning time associated with the module.
|
|
Indicative Syllabus
|
|
Multi-Threaded programming in Unix and Windows. Avoiding race conditions. Developing in Visual C++. Mixing C++/C and assembler. Examining and understanding Compiler output.Memory Management. Memory allocation. The stack, Heap and garbage collection. Stack Frames.Distributed systems. Parallel programmingBuffers, Stacks and Heaps: the dangers of overflow. Defending against buffer overflow.Access control methods. Running with least Privilege.Protecting secret data. Locking Memory. Building Privacy into an applicationInput Validation. Security Testing. Performing a Security Code Review.Code obfuscation. Open Source Vs Closed source. Introduction to secure software development and its importance - Security policy models: confidentiality policies, integrity policies, hybrid policies and non-interference-Software assurance: types of assurance building systems with assurance. Formal verification model checking - evaluating software assurance TCSEC (the Orange Book) ITSEC Common Criteria Auditing
|
| Assessment | | Continuous Assessment | 30% | Examination Weight | 70% |
|
|
Indicative Reading List
|
|
Essential:Writing Secure Code, M.Howard & D.LeBlanc, Microsoft Press. Matt Bishop, Computer Security: Art and Science, Addison Wesley, ISBN 0291440997 Supplementary: Building Secure Software, John Viega, Gary McGraw, Addison Wesley. Security Engineering: A guide to building secure distributed systems, Ross Anderson, Wiley. Dieter Gollman, Computer Security, Wiley, ISBN 0-471-97844-2
|
|
|
|
Programme or List of Programmes
|
| BSSA | Study Abroad (DCU Business School) |
| BSSAO | Study Abroad (DCU Business School) |
| ECSA | Study Abroad (Engineering & Computing) |
| ECSAO | Study Abroad (Engineering & Computing) |
| HMSA | Study Abroad (Humanities & Soc Science) |
| HMSAO | Study Abroad (Humanities & Soc Science) |
| MSE | MSc in Software Engineering |
| MSSF | MSc in Security & Forensics |
| SHSA | Study Abroad (Science & Health) |
| SHSAO | Study Abroad (Science & Health) |
| Archives: | |
