Registry

Module Specifications

Archived Version 2010 - 2011

Module Title	Secure Programming
Module Code	CA647
School	School of Computing
Online Module Resources
Module Co-ordinator	Dr Darragh O'Brien	Office Number	L2.35
NFQ level	9	Credit Rating	7.5
Pre-requisite	None
Co-requisite	None
Compatibles	None
Incompatibles	None

Description

This aim of this module is to introduce students to the field of secure software development. Common coding errors, vulnerabilities and exploits are first explored in order to understand the threat. The roles of security policies, models and assurance methodologies in producing secure software are subsequently covered.

Learning Outcomes

1. Explain how the stack supports procedure call and return, parameter passing and variable allocation
2. Identify and correct common coding flaws and security vulnerabilities
3. Demonstrate how an attacker creates and subsequently delivers a payload to a victim by exploiting vulnerabilities
4. Identify and correct vulnerabilities arising from insecure interaction between a process and its environment
5. Differentiate the roles of policies, models and mechanisms in secure software development
6. Apply models that implement confidentiality, integrity and hybrid security policies
7. Choose access control mechanisms to implement a given security policy
8. Summarise the role of software assurance methodologies and relate them to international software assurance standards

*Type*	*Hours*	*Description*
Workload	Full-time hours per semester
Lecture	36	Online lecture
Lecture	36	Online lecture
Tutorial	12	In class discussion
Tutorial	12	In class discussion
Laboratory	24	Computer lab exercises
Laboratory	24	Computer lab exercises
Assignment Completion	20	Vulnerability detection and exploiting
Independent Study	96	Independent learning
Assignment Completion	20	Vulnerability detection and exploiting
Independent Study	96	Independent learning
Total Workload: 376

All module information is indicative and subject to change. For further information,students are advised to refer to the University's Marks and Standards and Programme Specific Regulations at: http://www.dcu.ie/registry/examinations/index.shtml

Indicative Content and Learning Activities

The process address space
Linux process layout in memory. Static and dynamic linking. The stack.

Vulnerabilities
Common vulnerabilities including buffer overflow, heap overflow, off-by-one errors, format string vulnerabilities, integer errors and race conditions.

Exploits
How vulnerabilities are exploited. Shellcode generation.

Web security
Client-side tampering, SQL injection, cross-site scripting, web trojans, session hijacking and corresponding defences.

Secure software development
Security policy models: confidentiality policies, integrity policies, hybrid policies and non-interference. Access Control. Auditing. Software assurance: types of assurance, building systems with assurance. Introduction to software assurance standards such as TCSEC and the ISO Common Criteria.

Assessment Breakdown
Continuous Assessment	30%	Examination Weight	70%

Type	Description	% of total	Assessment Date
Course Work Breakdown

Reassessment Requirement
Resit arrangements are explained by the following categories; 1 = A resit is available for all components of the module 2 = No resit is available for 100% continuous assessment module 3 = No resit is available for the continuous assessment component
Unavailable

Indicative Reading List

Robert Seacord: 0, Secure Coding in C and C++, 0321335724
Sverre Huseby: 0, Innocent Code, 0470857447
Matt Bishop: 0, Introduction to Computer Security, 0321247442
Michael Howard & David LeBlanc: 0, Writing Secure Code, 0585486689
John Viega & Gary McGraw: 0, Building Secure Software, 020172152
Ross Anderson: 0, Security Engineering: A Guide To Building Secure Distributed Systems, 9780470068526

Other Resources

None

Programme or List of Programmes

BSSA	Study Abroad (DCU Business School)
BSSAO	Study Abroad (DCU Business School)
CAPD	PhD
CAPM	MSc
CAPT	PhD-track
ECSA	Study Abroad (Engineering & Computing)
ECSAO	Study Abroad (Engineering & Computing)
EEPD	PhD
EEPM	MEng
EEPT	PhD-track
GCSE	Graduate Cert in Software Engineering
GCSF	Grad Cert in Security & Forensics
GDSF	Graduate Diploma in Security & Forensics
GSE	Graduate Diploma in Software Engineering
HMSA	Study Abroad (Humanities & Soc Science)
HMSAO	Study Abroad (Humanities & Soc Science)
MEPD	PhD
MEPM	MEng
MEPT	PhD-track
MSE	MSc in Software Engineering
MSSF	MSc in Security & Forensics
NAVNMU	Non Award Visitors- UCD/DCU
SHSA	Study Abroad (Science & Health)
SHSAO	Study Abroad (Science & Health)

Archives: