SOSEC - Software Security

Level

Advanced level - Second cycle course

Required knowledge

In order to take this course the student must have:

• 7,5 credits in information security, for example the course ML470C Introduction to Information Security
• 90 credits in Computer and Systems Sciences or similar knowledge

Aim

After the course the student should be able to: - Communicate an understanding of the important methods, roles and resources for the development of secure software. - Describe common vulnerability causes, effects and ways to prevent vulnerabilities and their effects. - Demonstrate knowledge of the relationship between the studied model and similar models. - Explain how international standards can help in the process of creating secure and reliable software.

Syllabus

In the problem of how to create secure and reliable software different relevant phenomena is studied, such as:

• Secure software development processes (such as clasp, Microsoft SDL, McGraw's 7 Touchpoints).

• Computerized tools supporting the different steps and activities of these development processes (such as Static Code Checking, fuzz-testing tools).
• Statistics about and compilations of known vulnerabilities, and specific methods to prevent them (such as CVE, OWASP Top Ten).
• Secure architectures (such as security kernels, Trusted Computing, but also specific prevention frameworks and architectures such as ASLR).
• Methods and standards for determining the reliability of secure software and those who create them (such as the Common Criteria, SSE-CMM, ISO/IEC 27034).

The course follows the various stages of a selected development to illustrate the roles and relevance of such phenomena.