DCU Home | Our Courses | Loop | Registry | Library | Search DCU

Registry

Module Specifications

Archived Version 2008 - 2009

Module Title Secure Programming
Module Code CA647
School School of Computing

Online Module Resources

Module Co-ordinatorDr Darragh O'BrienOffice NumberL2.35
Level 1 Credit Rating 7.5
Pre-requisite None
Co-requisite None
Module Aims
To introduce the students to the issues involved in developing secure software and to the different approaches and guidelines associated with the development of secure software. This course aims to cover advanced programming topics in assembly language and C/C++. The course also explores how programming language semantics and implementation techniques impact the security of software. The course is built around the text Writing Secure Code (see below).

Learning Outcomes
The student will have exposure to advanced programming techniques, and will have learned to program defensively, to be aware of potential security issues that may arise, and to produce more robust code. As a result of this course the student will be to: understand the issues involved in developing secure software, be familiar with different security models, understand the issues involved in software assurance with respect to different security models, be familiar with the different approaches to software assurance, their advantages and disadvantages.. and understand the management issues relating to secure software development.

Indicative Time Allowances
Hours
Lectures 36
Tutorials 12
Laboratories 12
Seminars
Independent Learning Time 52.5

Total 112.5
Placements
Assignments
NOTE
Assume that a 7.5 credit module load represents approximately 112.5 hours' work, which includes all teaching, in-course assignments, laboratory work or other specialised training and an estimated private learning time associated with the module.

Indicative Syllabus
Multi-Threaded programming in Unix and Windows. Avoiding race conditions. Developing in Visual C++. Mixing C++/C and assembler. Examining and understanding Compiler output.Memory Management. Memory allocation. The stack, Heap and garbage collection. Stack Frames.Distributed systems. Parallel programmingBuffers, Stacks and Heaps: the dangers of overflow. Defending against buffer overflow.Access control methods. Running with least Privilege.Protecting secret data. Locking Memory. Building Privacy into an applicationInput Validation. Security Testing. Performing a Security Code Review.Code obfuscation. Open Source Vs Closed source. Introduction to secure software development and its importance - Security policy models: confidentiality policies, integrity policies, hybrid policies and non-interference-Software assurance: types of assurance building systems with assurance. Formal verification model checking - evaluating software assurance TCSEC (the Orange Book) ITSEC Common Criteria Auditing
Assessment
Continuous Assessment30% Examination Weight70%
Indicative Reading List
Essential:Writing Secure Code, M.Howard & D.LeBlanc, Microsoft Press. Matt Bishop, Computer Security: Art and Science, Addison Wesley, ISBN 0291440997 Supplementary: Building Secure Software, John Viega, Gary McGraw, Addison Wesley. Security Engineering: A guide to building secure distributed systems, Ross Anderson, Wiley. Dieter Gollman, Computer Security, Wiley, ISBN 0-471-97844-2
Programme or List of Programmes
BSSAStudy Abroad (DCU Business School)
BSSAOStudy Abroad (DCU Business School)
ECSAStudy Abroad (Engineering & Computing)
ECSAOStudy Abroad (Engineering & Computing)
HMSAStudy Abroad (Humanities & Soc Science)
HMSAOStudy Abroad (Humanities & Soc Science)
MSEMSc in Software Engineering
MSSFMSc in Security & Forensics
SHSAStudy Abroad (Science & Health)
SHSAOStudy Abroad (Science & Health)
Archives: