Registry
Module Specifications
Archived Version 2021 - 2022
| |||||||||||||||||||||||||||||||||||||||||
Description This aim of this module is to introduce students to the field of secure software development. Common coding errors, vulnerabilities and exploits are first explored in order to understand the threat. The roles of security policies, models and assurance methodologies in producing secure software are subsequently covered. | |||||||||||||||||||||||||||||||||||||||||
Learning Outcomes 1. Explain how the stack supports procedure call and return, parameter passing and variable allocation 2. Identify and correct common coding flaws and security vulnerabilities 3. Demonstrate how an attacker creates and subsequently delivers a payload to a victim by exploiting vulnerabilities 4. Identify and correct vulnerabilities arising from insecure interaction between a process and its environment 5. Differentiate the roles of policies, models and mechanisms in secure software development 6. Apply models that implement confidentiality, integrity and hybrid security policies 7. Choose access control mechanisms to implement a given security policy 8. Summarise the role of software assurance methodologies and relate them to international software assurance standards | |||||||||||||||||||||||||||||||||||||||||
All module information is indicative and subject to change. For further information,students are advised to refer to the University's Marks and Standards and Programme Specific Regulations at: http://www.dcu.ie/registry/examinations/index.shtml |
|||||||||||||||||||||||||||||||||||||||||
Indicative Content and
Learning Activities The process address spaceLinux process layout in memory. Static and dynamic linking. The stack.VulnerabilitiesCommon vulnerabilities including buffer overflow, heap overflow, off-by-one errors, format string vulnerabilities, integer errors and race conditions.ExploitsHow vulnerabilities are exploited. Shellcode generation.Web securityClient-side tampering, SQL injection, cross-site scripting, web trojans, session hijacking and corresponding defences.Secure software developmentSecurity policy models: confidentiality policies, integrity policies, hybrid policies and non-interference. Access Control. Auditing. Software assurance: types of assurance, building systems with assurance. Introduction to software assurance standards such as TCSEC and the ISO Common Criteria. | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
Indicative Reading List
| |||||||||||||||||||||||||||||||||||||||||
Other Resources None | |||||||||||||||||||||||||||||||||||||||||
Programme or List of Programmes |
CAPD | PhD |
CAPM | MSc |
CAPT | PhD-track |
ECSA | Study Abroad (Engineering & Computing) |
ECSAO | Study Abroad (Engineering & Computing) |
MCM | M.Sc. in Computing |
NAVNMU | Non Award Visitors- UCD/DCU |
- See the module specification for CA647 in 2003 - 2004
- See the module specification for CA647 in 2004 - 2005
- See the module specification for CA647 in 2005 - 2006
- See the module specification for CA647 in 2006 - 2007
- See the module specification for CA647 in 2007 - 2008
- See the module specification for CA647 in 2008 - 2009
- See the module specification for CA647 in 2009 - 2010
- See the module specification for CA647 in 2010 - 2011
- See the module specification for CA647 in 2011 - 2012
- See the module specification for CA647 in 2012 - 2013
- See the module specification for CA647 in 2013 - 2014
- See the module specification for CA647 in 2014 - 2015
- See the module specification for CA647 in 2015 - 2016
- See the module specification for CA647 in 2016 - 2017
- See the module specification for CA647 in 2017 - 2018
- See the module specification for CA647 in 2018 - 2019
- See the module specification for CA647 in 2019 - 2020
- See the module specification for CA647 in 2020 - 2021
- See the module specification for CA647 in 2021 - 2022
- See the module specification for CA647 in 2022 - 2023
- See the module specification for CA647 in 2023 - 2024
- See the module specification for the current year