Information about the course:

Secure Software Development (Dutch: Ontwikkeling van Veilige Software (OVS))

Academic year 2011-2012

Frank Piessens, Lieven Desmet

Official syllabus of the course.

Course contents

There is no text book for this course. For some parts of the contents, you can rely on the somewhat outdated lecture notes. Keep in mind that they do not match the course contents exactly.

The lectures of the course are structured as follows:

1. Introduction: The challenge of building secure software.
   Motivates the importance of software security, defines key security concepts and illustrates them with real-life examples. The introduction ends with an overview of the rest of the course.
   
   Slides: here
   
   
2. Web application security (by Lieven Desmet)
   Illustrates vulnerabilities in one of the most important classes of applications today: web applications, and discusses possible countermeasures.
   
   Slides: Available on Toledo.
   
   
3. Low-level software security
   Illustrates vulnerabilities in C/C++ code, and how to attack software containing such vulnerabilities. Also, an overview of existing countermeasures is given.
   
   Paper: here
   
   Slides: here
   
   
4. Authentication and Access Control.
   Lampson's access control model, simple entity authentication, classical access control policy models, code access control, the Windows security architecture.
   
   Slides: here
   
   
5. Conclusion
   
   Slides: here
   
   

Examination

The examination is a closed-book, oral exam with sufficient time to prepare in writing for the oral part.

Defending your solution to the course project is part of the exam.

Project