Tentative Lecture Schedule

 

Thetentative lecture flow will be as shown in the table. Iexpect these to change a bit !!

 

Lecture/Date

Topics

Slides

Week 1

(Aug 27)

Introduction

Secure Software Development Models/Methodology & Assurance

(Reading Materials)

 (Intro)

(Lecture 1)

Week 2

(Sept 3)

Secure Software Development Models/Methodology & Assurance

(From Book: Building Security In + Reading List ) 

 

(Lecture 2)

Week 3

(Sept 10)

 

(Continue remaining from Lecture 2): Reading Assignment: NIST 800-160

 

Secure Programming

·         Strings, Pointer Subterfuge

(From Books: Secure Coding in C and C++ & Secure Programming with Static  Analysis)

 

(Lecture 3)

(Lecture 4)

Week 4

(Sept 17)

Cancelled (NSF workshop)

Week 5

(Sept 24)

(Continue from where we left at in Week2/3)

Secure Programming

·         Dynamic Memory Management

 (From Books: Secure Coding in C and C++ & Secure Programming with Static Analysis)

(Finished till Slide 9 of Lecture 4)

(Lecture 5)

Week 6

(Oct 1)

 

(Continue Slide 10 of Lecture 4)

Secure Programming

·         Race Conditions, Integer Issues  & Other Issues

(From Books: Secure Coding in C and C++ & Secure Programming with Static Analysis)

 

(Covered till Slide 29 of Lecture 5)

(NOTE: Chapter on Integer (Lecture 7) will NOT be covered in Class – it is a required reading assignment)

 

(Lecture 6)

(Lecture 7)

Week 7

(Oct 8)

(Continue Lecture Slides 5 & 6)

Web Security & Defenses

·         SQL Injection

·         Cross-Site Scripting

·         Others

 

(Covered till Slide 31)

(Book: SQL Injection Attack and Defenses ...)

(Lecture 8)

Week 8

(Oct 15)

 

Secure Programming Practices

·         Static & Dynamic Analysis

(From Book: Secure Programming with Static Analysis & papers)

 

(Lecture 9)

(Oct 22)

Mid Term

(I am at CollaborateCom conference)

[Project activity will start]

Week 8

(Oct 29)

 

Software/Systems Security Building Blocks

·         Architectural Isolation, VMs, Sandboxing

·         Software Execution Environments

·         Virtualization Security

Trusted computing environments

(Chapter 5 from Security in Computing by C. Pfleeger)

 

Java Security & Security in other programming Languages

 

(Had to cancel this class – health reason; plan was to continue from where we left in Lecture 8)

 

 

 

(Lecture 10.1: TBA)

 

(Lecture 10.2)

 

 

Week 9

(Nov 5)

Formal Verification Issues

(Chapter 20 of Bishop’s Brown Book “Computer Security: Art and Science”)

(Lecture 11)

Week 10

(Nov 12)

 

Model Checking

UMLSec (Check papers / materials by Jan Jurgen: http://www-jj.cs.tu-dortmund.de/jj/csdumltut/tutorials.html)

 

(Lecture 12)

Week 11

(Nov 19)

Guest Lecture by Lei Jin (Threat Modeling – focused on privacy in Social Networks; see reading references

(Not covered: Security Testing; Reverse Engineering)

(Guest Lecture)

(Nov 26)

Thanksgiving

 

 Week 12

(Dec 3)

Supply Chain Security

(Lecture 13)

 Week 13

(Dec 10)

Exam