Skip to navigation | Skip to main content | Skip to footer
Menu
Menu

COMP63342 Software Security syllabus 2021-2022

COMP63342 Software Security

Level 6
Credits: 15
Enrolled students: 30

Course leader: Lucas Cordeiro


Additional staff: view all staff

Additional requirements

  • Fundamental programming skills, including familiarity with C and Python 3. In more detail:

    • For C, the student should at least know how pointers and dynamic memories work.
    • For Python, the student should know how to develop basic algorithms/data structures and interact with the host system.

    Basic notions in Linux System Administration:

    • Create a web server.
    • Understand the difference between user space and kernel space.

    Some interest/knowledge of logic and modelling:

    • Understand propositional and first-order logic.
    • Understand linear-time temporal logic.
       

Assessment methods

  • 30% Written exam
  • 70% Coursework
Timetable
SemesterEventLocationDayTimeGroup
Sem 2 w26,31-32 Lab 2.25B Fri 13:00 - 17:00 -
Sem 2 w26 Lecture 2.19 Wed 09:00 - 17:00 -
Sem 2 w27,31-33 ONLINE DROP-IN Wed 11:00 - 12:00 -
Sem 2 w27,31-32 Lecture 2.19 Fri 09:00 - 12:00 -
Sem 2 w33 SEMINAR Roscoe 4.2 Fri 09:00 - 12:00 -
Sem 2 w33 Lab 2.25 (A+B) Fri 13:00 - 17:00 -
Themes to which this unit belongs
  • Software Security and Automated Reasoning

Overview

This course unit detail provides the framework for delivery in 20/21 and may be subject to change due to any additional Covid-19 impact. Current students should see Blackboard/course unit related emails for any further updates.

Software is subject to numerous forms of attack such as memory corruption, buffer overflows and injection; these flaws are often too complex or expressive to be manually detected by the software developer. Techniques and tools exist to prevent and detect software flaws, which are typically too hard to be manually found, e.g., modelling, code reviews, fuzzing, static and dynamic code analyses, program verification and code tainting.

This course unit introduces students to basic and advanced approaches to formally build verified trustworthy software systems, where trustworthy comprise five attributes: reliability, availability, safety, resilience and security.

Syllabus

Part I: Software Security Fundamentals

  • Defining a Discipline
  • A Risk Management Framework
  • Vulnerability Assessment and Management
  • Overview on Traffic, Vulnerability and Malware Analysis


Part II: Software Security

  • Code Inspection for Finding Security Vulnerabilities and Exposures (ref: Mitre’s CVE)
  • Architectural Risk Analysis
  • Penetration Testing, Concolic Testing, Fuzzing, Automated Test Generation
  • Model Checking, Abstract Interpretation, Symbolic Execution
  • Risk-Based Security Testing and Verification
  • Software Security Meets Security Operations


Part III: Software Security Grows Up

  • Withstanding adversarial tactics and techniques defined in Mitre’s ATT&CK™ knowledge base
  • An Enterprise Software Security Program

Teaching methods

  • Lectures
  • Workshops
  • Tutorials
  • Labs/Practicals

Feedback methods

  • Lectures
  • Workshops
  • Tutorials
  • Labs/Practicals

Study hours

  • Assessment written exam (2 hours)
  • Lectures (20 hours)
  • Practical classes & workshops (20 hours)

Learning outcomes

On successful completion of this unit, a student will be able to:

On successful completion of this course unit, a student will be able to

  • Explain computer security problem and why broken software lies at its heart.
  • Explain continuous risk management and how to put it into practice to ensure software security.
  • Introduce security properties into the software development lifecycle.
  • Use software validation and verification techniques to detect software vulnerabilities and mitigate against them.
  • Relate security testing and verification to risk analysis to address continued resilience when a cyber-attack takes place.
  • Develop case studies to think as an attacker and mitigate them using software verification and testing.

 

Reading list

No reading list found for COMP63342.

Additional notes

Links to course unit teaching materials can be found on the Department of Computer Science website for current students.