CSSE 572 – Software Security (Writing Secure Code)
Fall 2006
Engr 304 , TH 6:00-8:40pm
Instructor: Prof. Roshanak Roshandel
Office Hours: Thursdays 5:00-6:00pm or by appointment
Office: ENGR 507, Tel: (206) 296-5512
E-mail: roshanak@seattleu.edu
Textbook
· Software Security: Building Security In, G. McGraw, (ISBN: 0321356705)
· 19 Deadly Sins of Software Security, by Michael Howard, David LeBlanc, John Viega, (ISBN: 0072260858)
Topics
· Software Dependability: Security, Reliability, and Safety
· Overview of software security and secure systems
· Security in various phases of SDLC
· Threat modeling
· Security at databases and application level
· Security Analysis (Worm, Virus, Physical leak, Root kits, viruses, Trojans, …)
· Common exploits
· Legal and ethical issues
· Emerging topics in software security
Tentative
Schedule (subject to change)
Week |
Topic |
|
Presenters |
Assignments |
|
Week 1 9/21/2006 |
o Overview o Software Dependability |
McGraw - Ch 1
|
Roshandel |
HW1 assigned |
|
Week 2 9/28/2006 |
o Overview o Risk Analysis |
McGraw – Ch 2, 3 Taxonomy of Security Considerations and Software Quality, Wang et al. Software Security is Software Reliability, Linder Cyber Security, Kremmrer (optional) Software
Engineering for Secure Software – State of the Art: A Survey, K R and
Mathur |
Roshandel |
HW1 due
|
|
Week 3 10/5/2006 |
o Risk Management o Security and Software Development Life Cycle · Process · Requirements |
McGraw – Ch 5, 8, 10 Toward Agile Security Assurance: Beznosov et al. Security Requirements in Service Oriented Architectures for Ubiquitous Computing, Cotroneo et al. A framework for Security Requirements Engineering, Haley et al. |
Roshandel Attallah |
Project Proposals Due
(Monday October 9) HW2 assigned |
|
Week 4 10/12/2006 |
o Security and Software Development Life Cycle · Architecture & Design o Security Patterns |
McGraw – Ch 5 A Secure Software Architecture Description Language: Ren et al. Matching Attack Patterns for Security Vulnerabilities in Software Intensive System Designs, Gegick et al. |
Roshandel Whelan |
HW2 due |
|
Week 5 10/19/2006 |
ElderHealth Site Visit |
|
Take home Midterm HW3 Assigned |
|
|
Week 6 10/26/2006 |
o Security and Software Development Life Cycle · Implementation |
Howard Ch 1-19
|
Roshandel Barker |
Take home Midterm due |
|
Week 7 11/2/2006 |
o Security and Software Development Life Cycle · Testing and verification |
McGraw – Ch 6, 7 Using Dynamic Information Flow Analysis to Detect Attacks Against Applications, Masri and Podgurski. Web Application Security Assessment by Fault Injection and Behavior Monitoring, Huang et al. |
Roshandel Toce |
HW3 due |
|
Week 8 11/9/2006 |
o Security Analysis (Worm, Virus, Trojans, Physical Leaks, …) |
Variety of topics on viruses, etc. The Difference Between a Virus, Worm and Trojan Horse Title: Basic Reference Model for Security Architecture
-- A historic review of a nascent industry X.509
Standard Specification Wikipedia
page on X.509 Data Communication Networks: Open Systems
Interconnection (OSI); Security Structure and Applications (PDF) |
Muliawan Shewaramani Guest Speaker: Mohsen Banan |
Project Progress Reports due |
|
Week 9 11/16/2006 |
o o Legal and Ethical issues Emerging Topics |
General discussion
and wrap-up Protecting Trust beyond security: An Expanded Trust Model, Hoffman et al. |
Roshandel Cheng |
HW4 due
|
|
11/23/2006 |
Happy Thanksgiving! |
|||
|
Week 11 11/30/2006 |
o Project Presentations |
|
Students |
Final Presentations |
|
Final Week 12/7/2006 |
|
Final Project Write-up due |
||
http://www.unsw.adfa.edu.au/~lpb/papers/mcode96.html
Course Requirements
Students are required to:
· Read assigned papers and other reading materials and provide a short reflection/summary each week. You may skip 1 week’s reflection without penalty.
· Present papers and/or lead discussions on a particular topic
· Participate in class discussions
· Complete written exam(s)
· Complete a group project
Grading Policy
· Presentations 20%
· Homework 10%
· Exam 20%
· Final Project 40%
· Paper reviews + Class participation 10%
Attendance Policy
You are responsible for the materials covered in class, assignments announced and modified, and other changes to the schedule. There may also be quizzes and in-class assignments.
All take-home assignments and paper reviews are due before the start of class on the due date. No late submission will be accepted.
Class Format
You are expected to read assigned materials in advance of the relevant class (papers and textbook). Each week, we will focus on a specific set of topics. Students and instructor presentations, class discussions, and in-class assignments will be related to the topic. You are required to read assigned papers and provide a short reflection/summary (1-2 paragraphs) for each paper, unless you are presenting the papers (You may skip up to 2 reviews without penalty). You are encouraged to participate in various class activities, ask questions, discuss and test your ideas. You are also highly encouraged to ask questions either during office hours or by email.
Academic Integrity
Plagiarism is the unacknowledged use of the work or intellectual
property of other persons, published or unpublished, presented as one’s own
work. All students are expected to work on all individual assignments
independently. Collaboration on individual assignments is considered cheating
and will be penalized accordingly. Other examples of behavior that is not
tolerated in this class include copying all or part of someone else’s work and
submitting it as your own, sharing your assignment solution with other students
in the class, consulting with another student during an exam, and copying text
from published literature without proper attribution. If you have questions
about what is allowed, please discuss it with the instructor. All students are
responsible for reading and following the