CSG 379: Topics in Software Engineering: Software Security: Fall 2004

The course covers state-of-the-art techniques to produce software that has fewer security vulnerabilities.

Text book: Building Secure Software

Prerequisites: Extensive programming experience following a systematic software development process. Basic knowledge of software engineering and programming language techniques and/or ability to learn this technology quickly. Programming homeworks will be in Java and AspectJ. Regarding courses, you should have taken CSG110 (Managing Software Development) or an equivalent course. Recommended, but not required is CSG 111 (Principles of Programming Languages). If you have time before the course starts, it is recommended that you learn the basics of AspectJ. But this material is covered as part of the course. A good recommended book for AspectJ is "AspectJ in Action": AspectJ in Action Home Page.

Teaching Assistant: Robbie Ye

Disclaimer

By taking this course (hereinafter The Course), I agree to refrain from the use of the techniques presented herein without first obtaining documented permission from the proper authorities.

I further agree to hold the instructor and the university harmless for any and all damage that may result from the use of the knowledge in The Course. Any further use of the material presented in The Course is subject to all local laws and customs.

The attack patterns presented in the course are shown to demonstrate what you are up against when you need to design secure software, i.e., software that is difficult to attack.

Topics

Model driven architecture as a technique to generate code from models. 
Generated code is of higher quality and has fewer vulnerabilities.

Model driven security. Security as an aspect.

Reliability is more important than performance: a significant investment
in checking and recovery programming is needed. Because software
developers are under pressure, they don't practice defensive programming.

Defensive programming: be skeptical against any input. 
May lead to three times more code.

How aspects can help with defensive programming. Lopes ICSE paper.

To avoid vulnerabilities, a program must be correct and defensive
with respect to inputs from outside (both from above and below).

To avoid vulnerabilities with middleware, the programmers
that use the middleware must follow rules. Aspect-oriented techniques can help
to enforce those rules. Websphere example.

Policy languages 
  Chinese Wall, Binder
  Automata theory for checking policies, Low water mark
  Software security: generate application-specific firewalls from software
    security policy

Design automation conference 2004: Security for embedded software

What the course is NOT about: Network security: we have a separate course: CSG 254. It is NOT about CSG252 Cryptography and Communication Security. While all three: network, cryptography and communication security are essential for secure software (and therefore we will touch those topics too), they are not sufficient. You can have a system with perfect network, cryptography and communication security, but an application-level vulnerability will make it insecure.

Schedule:
Monday, 6-9pm 108 West Village H.

Office Hours:
Karl Lieberherr
see my home page
I am inside the lab 308 in WVH in 308A.

Robbie Ye:
Wednesday, 2-4 pm, Office 208 in WVH 
(in the discussion room area.)

Mailinglist (archive, sign-up, etc.)

CSG 379 Resources

Sample Solutions

First assignment: answer a questionnaire, and send your answers by noon on Monday of second week of classes to csg379-grader@ccs.neu.edu.


Course Directories .
Course description and syllabus.
Homeworks.
Homework solutions.
Exams.
Project.
Links to individual project pages (under construction) .
Lecture Notes .
Course progress.
New DAJ home page.

Commercial Activity
Viega on aspects and security.
NewAspects: Application Security Technologies .


Blackboard .

Instructor's Home page.