DCU Home | Our Courses | Loop | Registry | Library | Search DCU

Registry

Module Specifications

Archived Version 2011 - 2012

Module Title Secure Programming
Module Code CA647
School School of Computing

Online Module Resources

Module Co-ordinatorDr Darragh O'BrienOffice NumberL2.35
NFQ level 9 Credit Rating 7.5
Pre-requisite None
Co-requisite None
Compatibles None
Incompatibles None
Description

This aim of this module is to introduce students to the field of secure software development. Common coding errors, vulnerabilities and exploits are first explored in order to understand the threat. The roles of security policies, models and assurance methodologies in producing secure software are subsequently covered.

Learning Outcomes

1. Explain how the stack supports procedure call and return, parameter passing and variable allocation
2. Identify and correct common coding flaws and security vulnerabilities
3. Demonstrate how an attacker creates and subsequently delivers a payload to a victim by exploiting vulnerabilities
4. Identify and correct vulnerabilities arising from insecure interaction between a process and its environment
5. Differentiate the roles of policies, models and mechanisms in secure software development
6. Apply models that implement confidentiality, integrity and hybrid security policies
7. Choose access control mechanisms to implement a given security policy
8. Summarise the role of software assurance methodologies and relate them to international software assurance standards



Workload Full-time hours per semester
Type Hours Description
Lecture36Online lecture
Lecture36Online lecture
Tutorial12In class discussion
Tutorial12In class discussion
Laboratory24Computer lab exercises
Laboratory24Computer lab exercises
Assignment Completion20Vulnerability detection and exploiting
Independent Study96Independent learning
Assignment Completion20Vulnerability detection and exploiting
Independent Study96Independent learning
Total Workload: 376

All module information is indicative and subject to change. For further information,students are advised to refer to the University's Marks and Standards and Programme Specific Regulations at: http://www.dcu.ie/registry/examinations/index.shtml

Indicative Content and Learning Activities

The process address space
Linux process layout in memory. Static and dynamic linking. The stack.

Vulnerabilities
Common vulnerabilities including buffer overflow, heap overflow, off-by-one errors, format string vulnerabilities, integer errors and race conditions.

Exploits
How vulnerabilities are exploited. Shellcode generation.

Web security
Client-side tampering, SQL injection, cross-site scripting, web trojans, session hijacking and corresponding defences.

Secure software development
Security policy models: confidentiality policies, integrity policies, hybrid policies and non-interference. Access Control. Auditing. Software assurance: types of assurance, building systems with assurance. Introduction to software assurance standards such as TCSEC and the ISO Common Criteria.

Assessment Breakdown
Continuous Assessment30% Examination Weight70%
Course Work Breakdown
TypeDescription% of totalAssessment Date
Reassessment Requirement
Resit arrangements are explained by the following categories;
1 = A resit is available for all components of the module
2 = No resit is available for 100% continuous assessment module
3 = No resit is available for the continuous assessment component
Unavailable
Indicative Reading List

  • Robert Seacord: 0, Secure Coding in C and C++, 0321335724
  • Sverre Huseby: 0, Innocent Code, 0470857447
  • Matt Bishop: 0, Introduction to Computer Security, 0321247442
  • Michael Howard & David LeBlanc: 0, Writing Secure Code, 0585486689
  • John Viega & Gary McGraw: 0, Building Secure Software, 020172152
  • Ross Anderson: 0, Security Engineering: A Guide To Building Secure Distributed Systems, 9780470068526
Other Resources

None
Programme or List of Programmes
ECSAStudy Abroad (Engineering & Computing)
ECSAOStudy Abroad (Engineering & Computing)
GCSEGraduate Cert in Software Engineering
GCSFGrad Cert in Security & Forensics
GDSFGraduate Diploma in Security & Forensics
GSEGraduate Diploma in Software Engineering
MCMM.Sc. in Computing
NAVNMUNon Award Visitors- UCD/DCU
Archives: