Registry

Module Specifications

Current Academic Year 2012 - 2013
Please note that this information is subject to change.

Module Title Secure Programming
Module Code CA647
School School of Computing
Online Module Resources

Module Co-ordinatorSemester 1: Darragh O'Brien
Semester 2: Darragh O'Brien
Autumn: Darragh O'Brien
NFQ level 8 Credit Rating 7.5
Pre-requisite None
Co-requisite None
Compatibles None
Incompatibles None
Description
This aim of this module is to introduce students to the field of secure software development. Common coding errors, vulnerabilities and exploits are first explored in order to understand the threat. The roles of security policies, models and assurance methodologies in producing secure software are subsequently covered.

Learning Outcomes
1. Explain how the stack supports procedure call and return, parameter passing and variable allocation
2. Identify and correct common coding flaws and security vulnerabilities
3. Demonstrate how an attacker creates and subsequently delivers a payload to a victim by exploiting vulnerabilities
4. Identify and correct vulnerabilities arising from insecure interaction between a process and its environment
5. Differentiate the roles of policies, models and mechanisms in secure software development
6. Apply models that implement confidentiality, integrity and hybrid security policies
7. Choose access control mechanisms to implement a given security policy
8. Summarise the role of software assurance methodologies and relate them to international software assurance standards



Workload Full-time hours per semester
Type Hours Description
Lecture36Online lecture
Lecture36Online lecture
Tutorial12In class discussion
Tutorial12In class discussion
Laboratory24Computer lab exercises
Laboratory24Computer lab exercises
Independent learning96Independent learning
Assignment20Vulnerability detection and exploiting
Assignment20Vulnerability detection and exploiting
Independent learning96Independent learning
Total Workload: 376

All module information is indicative and subject to change. For further information,students are advised to refer to the University's Marks and Standards and Programme Specific Regulations at: http://www.dcu.ie/registry/examinations/index.shtml

Indicative Content and Learning Activities
The process address space.
Linux process layout in memory. Static and dynamic linking. The stack..

Vulnerabilities.
Common vulnerabilities including buffer overflow, heap overflow, off-by-one errors, format string vulnerabilities, integer errors and race conditions..

Exploits.
How vulnerabilities are exploited. Shellcode generation..

Web security.
Client-side tampering, SQL injection, cross-site scripting, web trojans, session hijacking and corresponding defences..

Secure software development.
Security policy models: confidentiality policies, integrity policies, hybrid policies and non-interference. Access Control. Auditing. Software assurance: types of assurance, building systems with assurance. Introduction to software assurance standards such as TCSEC and the ISO Common Criteria..

Assessment Breakdown
Continuous Assessment30% Examination Weight70%
Course Work Breakdown
TypeDescription% of totalAssessment Date
ProjectExploiting vulnerabilities project15%Week 7
Practical/skills evaluationLab exam15%Week 10
Reassessment Requirement
Resit arrangements are explained by the following categories;
1 = A resit is available for all components of the module
2 = No resit is available for 100% continuous assessment module
3 = No resit is available for the continuous assessment component
This module is category 1
Indicative Reading List
  • Robert Seacord: 0, Secure Coding in C and C++, 0321335724
  • Sverre Huseby: 0, Innocent Code, 0470857447
  • Matt Bishop: 0, Introduction to Computer Security, 0321247442
  • Michael Howard & David LeBlanc: 0, Writing Secure Code, 0585486689
  • John Viega & Gary McGraw: 0, Building Secure Software, 020172152
  • Ross Anderson: 0, Security Engineering: A Guide To Building Secure Distributed Systems, 9780470068526
Other Resources
None
Array
Programme or List of Programmes
BSSAStudy Abroad (DCU Business School)
BSSAOStudy Abroad (DCU Business School)
CAPDPhD
CAPMMSc
CAPTPhD-track
DMEVM.Eng. in Digital Media Engineering
ECSAStudy Abroad (Engineering & Computing)
ECSAOStudy Abroad (Engineering & Computing)
EEPDPhD
EEPMMEng
EEPTPhD-track
GCSEGraduate Cert in Software Engineering
GCSFGrad Cert in Security & Forensics
GDSFGraduate Diploma in Security & Forensics
GSEGraduate Diploma in Software Engineering
HMSAStudy Abroad (Humanities & Soc Science)
HMSAOStudy Abroad (Humanities & Soc Science)
IFPMSEPre-Masters Intl. Foundation Programme
IFPMSFPre-Masters Intl. Foundation Programme
MCMM.Sc. in Computing
MECTMSc in Electronic Commerce (Technical)
MEPDPhD
MEPMMEng
MEPTPhD-track
MSSFMSc in Security & Forensic Computing
NAVNMUNon Award Visitors- UCD/DCU
SHSAStudy Abroad (Science & Health)
SHSAOStudy Abroad (Science & Health)
Timetable this semester: Timetable for CA647
Date of Last Revision29-JAN-09
Archives:
DCU
Address
The Helix
3U
NDP
Government
EU
Disclaimer | Privacy