COSC424-17S2 (C) Semester Two 2017

Secure Software

15 points

Details:
Start Date: Monday, 17 July 2017
End Date: Sunday, 19 November 2017
Withdrawal Dates
Last Day to withdraw from this course:
  • Without financial penalty (full fee refund): Sunday, 30 July 2017
  • Without academic penalty (including no fee refund): Sunday, 15 October 2017

Description

This course provides students with skills to design and implement secure application programs, which are not vulnerable to malicious attacks.

This course provides students with skills to design and implement secure application programs, which are not vulnerable to malicious attacks. This course is concerned with designing and implementing secure application programs, that is, programs that are not vulnerable to malicious attacks. By the end of the course, students should be familiar with why security is important, what types of vulnerabilities can be present in software, how they can be exploited, and how to go about developing software that is sufficiently secure. The course involves significant practical work including a project.

Learning Outcomes

  • Students who successfully complete this course will be able to:
  • understand various types of vulnerabilities in software, how they can be exploited,
  • understand and explain how to develop sufficiently secure  software,
  • critique secure software design, implementation and evaluation in practice.
  • develop an ability to design, implement and test a secure software application

Prerequisites

Subject to approval of the Head of Department.

Course Coordinator

For further information see Computer Science and Software Engineering Head of Department

Assessment

Assessment Due Date Percentage 
Research Papers Review 10%
Individual Project 20%
Group Project 30%
Final Exam 40%


• The final exam will be used to evaluate a student’s overall understanding of the theoretical and technical aspects discussed in the course.
• You will be given 5-10 research papers to review.
• Your participation is essential in the lecture.
• Course project: You will decide on a research and/or practical topic, in consultation with the lecturer, early in the course. The project report will be evaluated by the quality of an IEEE conference style paper, 6 to 8 pages (not more than 4000 words), that describes the work. All the detailed information on research project will be introduced.

Textbooks / Resources

There is no official course text, but the following are useful sources.
• Mark Dowd, John McDonald, Justin Schuh, The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities,  Addison-Wesley, 2006
• Haralambos Mouratidis, Paolo Giorgini, Integrating Security and Software Engineering: Advances and Future Visions, IDEA Group Publishin, 2007
• Adam Shostack, Threat Modeling: Designing for Security , Wiley, 2014
• James A. Whittaker, Herbert H. Thompson, How to Break Software Security: Effective Techniques for Security Testing, Addison-Wesley Longman, 2004.
• William Stallings and Lawrie Brown, Computer Security: Principles and Practice, 2nd edition, Pearson, 2012.
• Michael Howard, David LeBlanc, John Viega, 19 Deadly Sins of Software Security: Programming Flaws and How to Fix Them, McGraw-Hill, 2005.
• Other books will be used in the course if necessary.
• Material (e.g., PowerPoint slides) from the course reader and lecture slides will be published on Learn as the course progresses.

Additional Course Outline Information

Grade moderation

The Computer Science department's grading policy states that in order to pass a course you must meet two requirements:
1. You must achieve an average grade of at least 50% over all assessment items.
2. You must achieve an average mark of at least 45% on invigilated assessment items.
If you satisfy both these criteria, your grade will be determined by the following University- wide scale for converting marks to grades: an average mark of 50% is sufficient for a C- grade, an average mark of 55% earns a C grade, 60% earns a B- grade and so forth. However if you do not satisfy both the passing criteria you will be given either a D or E grade depending on marks. Marks are sometimes scaled to achieve consistency between courses from year to year.

Students may apply for special consideration if their performance in an assessment is affected by extenuating circumstances beyond their control.

Applications for special consideration should be submitted via the Examinations Office website within five days of the assessment.

Where an extension may be granted for an assessment, this will be decided by direct application to the Department and an application to the Examinations Office may not be required.

Special consideration is not available for items worth less than 10% of the course.

Students prevented by extenuating circumstances from completing the course after the final date for withdrawing, may apply for special consideration for late discontinuation of the course. Applications must be submitted to the Examinations Office within five days of the end of the main examination period for the semester.

Tentative lecture schedule

Week 1 Security & Software Vulnerability Fundamentals
Week 2 Software Security Assessment (1)
Week 3 Software Security Assessment (2)
Week 4 Software vulnerabilities (1)
Week 5 Software vulnerabilities (2)
Week 6 Mid-term presentation/feedback
Semester Break
Week 7 Software Security Testing
Week 8 Integrating Security and Software Engineering (1)
Week 9 Integrating Security and Software Engineering (2)
Week 10 Other topics
Week 11 Project presentations
Week 12 Course review

Indicative Fees

Domestic fee $963.00

* All fees are inclusive of NZ GST or any equivalent overseas tax, and do not include any programme level discount or additional course-related expenses.

For further information see Computer Science and Software Engineering .

All COSC424 Occurrences

  • COSC424-17S2 (C) Semester Two 2017
Previous year Next year