James Joshi

Contact Info
706A, IS Building,



Office Hours

Thursday 1:00- 3:00PM

& By Appointment




INFSCI 2620 Developing Secure Systems (Spring-07)

This Course is a

SAIS Track Elective/

PhD Core Area/

Systems and Technology


Tuesdays; 3:00 - 5:50PM

Room IS 406

Course Developed under a grant from the National Science Foundation




Saubhagya R. Joshi





Reading  Materials

(research papers, articles)





Course Description

Development of high-assurance software systems is a growing challenge in emerging complex systems. Secure by design is emerging as a basic principle for trustworthy computing and as a preferred way to ensure the security of networked information systems and infrastructures. This course will focus on this issue and fosters the design and implementation of secure software systems and architectures. A key coverage will include principles and practices of secure and high assurance software development process, including security development lifecycle models, and secure design using Unified Modeling Language, etc. Secure design of operating systems and network services, databases and application environments will be studied, including security in web services, COTS-based and service oriented systems. Tools and techniques for code analysis and testing, and evaluation and certification of software will be emphasized. The course will also cover secure programming principles using different languages, with particular focus in secure software development using Java and .NET platforms. This is one of the SAIS elective courses.


  • IS 2150/TEL 2810 Introduction to Computer Security
  • Following courses are preferred but not required:
    • IS 2170/TEL 2820 Cryptography; TEL 2821 Network Security
    • IS 2511 or 25 40
  • Talk to the instructor if you are not sure of the background

Course Material


There is no one book that covers all the topics considered in this course. All the relevant books are still being checked to see if one can be used as the main text book. Here are some reference books that will be recommended for the course.

  • Secure Coding in C and C++, Robert C. Seacord, Addition-wesley, 2006
  • Software Security
  • Building Secure Software: How to avoid the Security Problems the Right Way, John Viega, Gary McGraw, Addison-Wesley, 2002
  • Enterprise Java Security: Building Secure J2EE Applications Marco Pistoia, Nataraj Nagaratnam, Larry Koved, Anthony Nadalin, Addition-Wesley, 2004
  • Secure Systems Development with UML Jan Jurjens, Springer-Verlag, 2005.
  • Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption Jothy Rosenberg, David Remy, 2004, Sams Publishing, 2004.
  • Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management; Christopher Steel, Ramesh Nagappan, Ray Lai; Prentice-Hall
  • Computer Security: Art and Science by Matt Bishop (ISBN: 0-201-44099-7), Addison-wesley 2003.
  • Papers; MSDN, US-CERT etc.


Most of these and others useful materials are available through the Pitt domain in Safari Online. Check this page for the online books that are available.


Grading (Tentative)

  • Homework/Presentation: 40%
  • Quiz/Exams: 20%
  • Project : 40%

Extra credits may be obtained through other means. E.g. LERSAIS Seminar

If you are having a disability for which you are or may be requesting an accommodation, you are encouraged to contact both your instructor and the Office of Disability Resources and Services (DRS), 216 William Pitt Union (412-648-7890/412-383-7355) as early as possible in the term. DRS will verify your disability and determine reasonable accommodations for this course.