SOSEC - Software Security
Advanced level - Second cycle course
In order to take this course the student must have:
- 7,5 credits in information security, for example the course ML470C Introduction to Information Security.
- 90 credits in Computer and Systems Sciences or equivalent.
You will learn: Principles for designing and building secure software and e-services.
- Security lifecycle: models and processes
- Standards, methods, and mechanisms
- Software threats and vulnerabilities
- Security of modern operating systems
- Secure software design principles
- Secure coding principles
- Verification and validation
After the course the student should be able to:
- Communicate an understanding of the important methods, roles and resources for the development of secure software.
- Describe common vulnerability causes, effects and ways to mitigate vulnerabilities and their effects.
- Demonstrate knowledge of the relationship between the studied model and similar models.
- Explain how international standards can help in the process of creating secure and reliable software.
In the problem of how to create secure and reliable software different relevant phenomena are studied, such as:
Secure software development processes (such as CLASP, Microsoft SDL, McGraw's 7 Touchpoints).
- Computerised tools supporting the different steps and activities of these development processes (such as Static Code Checking, fuzz-testing tools).
- Statistics about and compilations of known vulnerabilities, and specific methods to prevent them (such as CVE, OWASP Top Ten).
- Secure architectures (such as security kernels, Trusted Computing, but also specific prevention frameworks and architectures such as ASLR).
- Methods and standards for determining the reliability of secure software and those who create them (such as the Common Criteria, SSE-CMM, ISO/IEC 27034).
The course follows the various stages of a selected development to illustrate the roles and relevance of such phenomena.