School of Computer Science

Module 06-20010 (2017)

Secure Programming

Level 4/M

Christophe Petit Semester 1 10 credits
Co-ordinator: Christophe Petit
Reviewer: Tom Chothia

The Module Description is a strict subset of this Syllabus Page.

Outline

The module covers the basics of software security. Classic design principles for the protection of information in computer systems are introduced. Some of the most important vulnerabilities in current software systems and the corresponding attacks are reviewed. It is then shown how to defend code against these attacks, both by means of careful programming technique and automated machine support.


Aims

The aims of this module are to:

  • introduce the principles, risks and mechanisms that impact software security, with emphasis on programming and related technologies

Learning Outcomes

On successful completion of this module, the student should be able to:

  1. explain the fundamental principles and mechanisms of software security
  2. identify the main security defects and threats in current software systems
  3. describe and evaluate techniques of secure coding
  4. evaluate applications in relation to their security

Restrictions

None


Teaching methods

Lectures

Contact Hours: 23


Assessment

Sessional: 3 hr examination (80%), continuous assessment (20%)

Supplementary (where allowed): By examination only


Detailed Syllabus

  1. Introduction
  2. Basic principles of software security
  3. Overview of vulnerabilities and attacks
    • Buffer overflow and other memory corruptions
    • In-band signalling and malicious input
    • SQL command injection attacks
    • Race conditions
  4. Manual code auditing for software security
  5. Static analysis tools for security
  6. Programming language mechanisms and security
  7. Some directions in current research

Programmes containing this module