James Joshi

Contact Info
706A, IS Building,



Office Hours

By Appointment




INFSCI 2620 Developing Secure Systems (Spring-09)

This Course can be used for

SAIS Track Elective OR Capstone Requirement

PhD Core Area/

Systems and Technology


Tuesdays/Thursdays; 1:00 - 2:15PM

Room IS 406







Presentation Schedule

(posted Jan 31)



(Updated Jan 14)

Reading  Materials

(research papers, articles)





Course Description

Development of high-assurance software systems is a growing challenge in emerging complex systems. Secure by design is emerging as a basic principle for trustworthy computing and as a preferred way to ensure the security of networked information systems and infrastructures. This course will focus on this issue and fosters the design, implementation as well as verification/validation of secure software systems and architectures. A key coverage will include principles and practices of secure and high assurance software development process, including security development lifecycle models, and design/verification/validation using languages and tools such as UML. Tools and techniques for code analysis and testing, and evaluation and certification of software will also be emphasized. The course will also cover secure programming principles using different languages, with particular focus in secure software development.


Key topics summary:

  1. Secure development methodologies/models

  2. Secure programming issues

  3. Security analysis - tools and techniques

  4. Secure design and verification (e.g., protocol verification, model-based techniques, etc.)


  • IS 2150/TEL 2810 Introduction to Computer Security
  • Following courses are preferred but not required:
    • IS 2170/TEL 2820 Cryptography; TEL 2821 Network Security
    • IS 2511 or 25 40
  • Talk to the instructor if you are not sure of the background

Course Material


There is no one book that covers all the topics considered in this course. All the relevant books are still being checked to see if one can be used as the main text book. Here are some reference books that will be recommended for the course.

  • Modelling and Analysis of Security Protocols, Peter Ryan, Steve Schneider, Michael Goldsmith, Gavin Lowe and Bill Roscoe
  • Secure Coding in C and C++, Robert C. Seacord, Addition-wesley, 2006
  • Software Security
  • Software Security - Building Security In, Gary McGraw, Addition-Wesley Software Security Series, ISBN: 0-321-35670-5
  • Building Secure Software: How to avoid the Security Problems the Right Way, John Viega, Gary McGraw, Addison-Wesley, 2002
  • High Integrity Software: The Spark Approach to Saftey and Security, John Barnes, Addition-Wesley.
  • The Art of Software Security Testing - Identifying Software Security Flaws; Chris Wysopal, Lucas Nelson, Dino Dai Zovi, Elfriede Dustin - Addition Wesley
  • Enterprise Java Security: Building Secure J2EE Applications Marco Pistoia, Nataraj Nagaratnam, Larry Koved, Anthony Nadalin, Addition-Wesley, 2004
  • Secure Systems Development with UML Jan Jurjens, Springer-Verlag, 2005.
  • Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption Jothy Rosenberg, David Remy, 2004, Sams Publishing, 2004.
  • Papers; MSDN, US-CERT etc.


Most of these and others useful materials are available through the Pitt domain in Safari Online. Check this page for the online books that are available.


Grading (Tentative)

  • Assignments/Presentation: 60-70% 
    • Read/Review and/or present research papers
    • Play with tools
  • Project : 30-40%
    • Development-oriented project
    • Research paper for conference
    • Team oriented
    • Start early on

If you are having a disability for which you are or may be requesting an accommodation, you are encouraged to contact both your instructor and the Office of Disability Resources and Services (DRS), 216 William Pitt Union (412-648-7890/412-383-7355) as early as possible in the term. DRS will verify your disability and determine reasonable accommodations for this course.