CS 4330 Building Secure Software (4) 2005

Catalog description:

Security and safety analysis in software design and development. Vulnerability detection and avoidance. Topics include authentication, principle of least privilege, buffer overflows, race conditions, time-of-check vs. time-of-use, trust management, access control, and other security relevant issues. Prerequisite: CS 3240

Course description:

Overview of security issues regarding software
Interrelationship of "security", "reliability", and "safety"
Security policies: what is a security problem?
Managing security risks
Principle of least privilege
Privacy, authentication, trust, integrity
Access control
Various vulnerabilities: buffer overflows,
time-of-check/time-of-use, race conditions

Uses of cryptographic techniques and randomness
Other topics as time allows.

Texts:

• McGraw & Viega, Building Secure Software, Addison Wesley
• Hoglund & McGraw, Exploiting Software, Addison Wesley