CloseHelpPrint
Kies de Nederlandse taal
Course module: NWI-ISOFSE
NWI-ISOFSE
Software Security
Course infoSchedule
Course moduleNWI-ISOFSE
Credits (ECTS)6
CategoryMA (Master)
Language of instructionEnglish
Offered byRadboud University; Faculty of Science; Informatica en Informatiekunde;
Lecturer(s)
Cursuscoördinator
dr. ir. E. Poll
Other course modules lecturer
Examiner
dr. ir. E. Poll
Other course modules lecturer
Contactperson for the course
dr. ir. E. Poll
Other course modules lecturer
Lecturer
dr. ir. E. Poll
Other course modules lecturer
Academic year2018
Period
KW1-KW2  (03/09/2018 to 27/01/2019)
Starting block
KW1
Course mode
full-time
RemarksThis is the 6EC course. For students taking the TRU/e Security master there is a 5 EC version of this course, NWI-IMC051
Registration using OSIRISYes
Course open to students from other facultiesYes
Pre-registrationNo
Waiting listNo
Placement procedure-
Aims
At the end of the course students
  • can explain the common ways in which software security fails;
  • are able to identify security objectives of applications and identify likely places where they might fail;
  • can explain methods and technologies that can help in the development of secure software;
  • can apply some of these techniques in practice.
Concrete examples of attacks and countermeasures are often specific to a certain setting (a programming language and/or type of application); the aim provide enough insight to be able to assess problems and proposed solutions in other situations.

Content
Bad software is probably the most important cause of computer security problems. This course is about the challenges in developing secure software and the technologies that can be used to improve software security, at the various stages in the software development life-cycle, and at various "levels", eg. specific to an individual application or at the level of the programming language.

Additional comments
This is the 6 EC course. For students taking the TRU/e Security master there is a 5EC version of this course, NWI-IMC051.
Topics
• Common security vulnerabilities, such as input validation problems (buffer overflows, SQL injections, etc.), race conditions, broken access control, XSS, CSRF, etc.
• Security measures in the software development life cycle: architecture, language/platform, implementation, testing, code review
• Language-based security: typing, (Java) sandboxing, untrusted code security
• Language-theoretic security (LangSec)
• Information flow
• (Tool-supported) Static Analysis
• Examples of advanced type systems, e.g. for alias control or information flow
• Program Verification and Proof-Carrying Code (PCC)
• Security testing
Test information
The final grade is based on a written exam and marks for the project assignments.
Prerequisites
Programming skills, in particular basic knowledge of C(++) and Java.
Required materials
Reader
Lecture notes are available for part of the course
Articles
Selected articles on other topics treated in the course are made available via the course webpage
Instructional modes
Course occurrence

Lecture

Presentation

Project

Zelfstudie

Tests
Exam
Test weight5
Test typeExam
OpportunitiesBlock KW2, Block KW3

Group assignment
Test weight4
Test typeAssignment
OpportunitiesBlock KW2

Individual assignment
Test weight1
Test typeAssignment
OpportunitiesBlock KW2

CloseHelpPrint
Kies de Nederlandse taal