Software Security
2014-2015 - IMT3501 - 10 ECTS

On the basis of

  • IMT1082 - Objekt-orientert programmering
  • IMT1121 - Innføring i informasjonssikkerhet
  • IMT2021 - Algoritmiske metoder
  • IMT2282 - Operativsystemer
  • IMT2431 - Datakommunikasjon og nettverkssikkerhet

Expected learning outcomes

Knowledge

  • The students have basic knowledge on how software can be created and maintained with security in mind, i.e. deviation from expected functionality owing to interaction with an adversary. 
  • They understand attack patterns, e.g. buffer overflows, format string  problems, command injection, and cross-site scripting.  
  • The students have an overview of existing techniques, classes of tools and the methods used in software development today.

Skills

  • Students can apply their knowledge to problem cases in an industrial or research setting. 
  • They are able to identify potential threats and vulnerabilities early in a program's lifecycle and apply measures that prevent or reduce vulnerabilities in software.

General competence

  • The students succeed in presenting their analyses and approaches to other developers, superiors and customers.

Topic(s)

  • Software Assurance
  • Secure Software Development Lifecycle
  • Coding Practices and Rules
  • Source Code Analysis
  • Security Testing
  • Attack Patterns

Teaching Methods

Lectures
Group works
Laboratory work
Mandatory assignments
Exercises
PBL (Problem Based Learning)
Tutoring

Form(s) of Assessment

Written exam, 3 hours

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

Evaluated by internal examiner, external examiner is used periodically (every four years, next time in 2017/2018)

Re-sit examination

Ordinary re-sit examination

Examination support

All self-produced hand-written paper-based support is allowed up to 2 pages A4. Support documents have to be turned in with the written examination and will not be returned to the student.

Coursework Requirements

At least 5 (five) obligatory exercises must be handed in. Hand-ins are marked by other students. Participants must mark as many exercises as they have handed in. If an exercise does not get a passing grade, the student can request that his exercise be marked by the lecturer.

Teaching Materials

  • Dowd, M., McDonald, J., and Schuh, J. (2006). The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. ISBN 0-321-44442-6. Library 005.8 Dow
  • Hoglund, G. and McGraw, G. (2004). Exploiting Software: How to Break Code. ISBN 0-201-78695-8. Library 005.8 Hog
  • McGraw, G. (2006). Software Security: Building Security in. ISBN 0-321-35670-5. Library 005.8 McG

Replacement course for

IMT3381 Applikasjonssikkerhet, IMT3571 Datasystemsikkerhet