Registry
Module Specifications
Archived Version 2011 - 2012
| |||||||||||||||||||||||||||||||||||||||||
Description This aim of this module is to introduce students to the field of secure software development. Common coding errors, vulnerabilities and exploits are first explored in order to understand the threat. The roles of security policies, models and assurance methodologies in producing secure software are subsequently covered. | |||||||||||||||||||||||||||||||||||||||||
Learning Outcomes 1. Explain how the stack supports procedure call and return, parameter passing and variable allocation 2. Identify and correct common coding flaws and security vulnerabilities 3. Demonstrate how an attacker creates and subsequently delivers a payload to a victim by exploiting vulnerabilities 4. Identify and correct vulnerabilities arising from insecure interaction between a process and its environment 5. Differentiate the roles of policies, models and mechanisms in secure software development 6. Apply models that implement confidentiality, integrity and hybrid security policies 7. Choose access control mechanisms to implement a given security policy 8. Summarise the role of software assurance methodologies and relate them to international software assurance standards | |||||||||||||||||||||||||||||||||||||||||
All module information is indicative and subject to change. For further information,students are advised to refer to the University's Marks and Standards and Programme Specific Regulations at: http://www.dcu.ie/registry/examinations/index.shtml |
|||||||||||||||||||||||||||||||||||||||||
Indicative Content and
Learning Activities The process address spaceLinux process layout in memory. Static and dynamic linking. The stack.VulnerabilitiesCommon vulnerabilities including buffer overflow, heap overflow, off-by-one errors, format string vulnerabilities, integer errors and race conditions.ExploitsHow vulnerabilities are exploited. Shellcode generation.Web securityClient-side tampering, SQL injection, cross-site scripting, web trojans, session hijacking and corresponding defences.Secure software developmentSecurity policy models: confidentiality policies, integrity policies, hybrid policies and non-interference. Access Control. Auditing. Software assurance: types of assurance, building systems with assurance. Introduction to software assurance standards such as TCSEC and the ISO Common Criteria. | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
Indicative Reading List
| |||||||||||||||||||||||||||||||||||||||||
Other Resources None | |||||||||||||||||||||||||||||||||||||||||
Programme or List of Programmes | |||||||||||||||||||||||||||||||||||||||||
Archives: |
|