Practice of software security, with focus in particular on common software security risks, including buffer overflows, race conditions, random number generation, and on the identification of probable threats and vulnerabilities early in the design cycle are the focus of this course. The methodologies and tools for identifying and eliminating security vulnerabilities, techniques to verify the absence of vulnerabilities, and ways to avoid security holes in new software and on essential guidelines for building secure software are covered such as how to design software with security in mind from the ground up and to integrate analysis and risk management throughout the software life cycle.
- Security objectives (CIA):
- Confidentiality: “No unauthorized read”
- Integrity: “No unauthorized modification (write/delete)”
- Availability: “Keeps operating during presence of attack”
- Make harder to take down, recover quickly when stop
- Identity & identity authentication (I&A), authorization
- Proving the identity of a user or program
- Authentication as basis of an authorization decision
- Authentication approaches (first 3 traditional):
- Something you know (passwords)
- Something you have (key, token)
- Something you are (biometrics)
- Somebody you know (vouching)
Contact hours: 45
Lecture hours: 35
Lab hours: 10
Faculty office hours: faculty is available outside class hours by appointment, via email, and at scheduled times.
Advising: faculty and career counselors are available to assist students with their career directions and questions.