Software Security 2020/2021

Lucas Cordeiro will teach this course for post-graduate students in Computer Science and Engineering. This page contains information about the course.

Overview

Software is subject to numerous forms of attack such as memory corruption, buffer overflows and injection; these flaws are often too complex or expressive to be manually detected by the software developer. Techniques and tools exist to prevent and detect software flaws, which are typically too hard to be manually found, e.g., modelling, code reviews, fuzzing, static and dynamic code analyses, program verification and code tainting.

This course unit introduces students to basic and advanced approaches to formally build verified trustworthy software systems, where trustworthy comprise five attributes: reliability, availability, safety, resilience and security.

Relationship to other courses

Software Security involves people and practices, to build software systems to ensure confidentiality, integrity and availability. Therefore, this course has connections to other disciplines: cyber-security, cryptography, automated reasoning and verification, logic and modelling, agile and test-driven development, software engineering concepts and systems governance.

Prerequisites

Fundamental programming skills, including familiarity with C and Python 3. In more detail:

Basic notions in Linux System Administration:

Some interest/knowledge of logic and modelling:

Syllabus

Intended Learning Outcomes (ILOs)

On successful completion of this course unit, a student will be able to

MSc theme on software security and automated reasoning

You can find the slides we presented in the welcome week about our MSc theme on software security and automated reasoning.

Lectures & extra material

Lectures will be available here through slides, videos and reading materials.

Date Video Extra Content
27 March 2020 Introduction to Software Security

Slides

Coursework

Quiz

03 April 2020 Secure C Programming: Memory Management

Slides

Coursework

Quiz

17 April 2020 Detection of Software Vulnerabilities: Static Analysis (Part I)

Slides

Coursework

Quiz

24 April 2020 Detection of Software Vulnerabilities: Static Analysis (Part II)

Slides

Coursework

Quiz

15 May 2020 Detection of Software Vulnerabilities: Dynamic Analysis

Slides

Coursework

Quiz

22 May 2020 Security for Artificial Intelligence (Bonus)

Slides

Quiz

Topics for the seminar

We provide some suggestions for software security topics for the seminars here.

Teaching Activities

Assessment

The full course will be assessed as follows:

Resources

References

The books used by this course are:

Software

The software used by this course are:

Useful Links