pittlogo

Instructor
James Joshi

Contact Info
706A, IS Building,

Tel:412-624-9982
 jjoshiATsis.pitt.edu 

 

Office Hours

By Appointment

(Or just drop by when you see me in my office)

 

 

         

INFSCI 2620 Developing Secure Systems (Spring-2013)

This Course can be used for

SAIS Track Elective OR Capstone Requirement

PhD Core Area/

Systems and Technology

 

Tuesdays; 12:00 - 2:50PM

Room IS 522

 

 

 

 

Announcement

Lectures

(Readings for April 2 class added)

Assignment 1

Safari Online Books

Reading  Materials

(research papers, articles)

 

 

 

 

Course Description
 

Development of high-assurance software systems is a growing challenge in emerging complex systems. Secure by design is emerging as a basic principle for trustworthy computing and as a preferred way to ensure the security of networked information systems and infrastructures. This course will focus on this issue and fosters the design, implementation as well as verification/validation of secure software systems and architectures. A key coverage will include principles and practices of secure and high assurance software development process, including security development lifecycle models, and design/verification/validation using languages and tools such as UML. Tools and techniques for code analysis and testing, and evaluation and certification of software will also be emphasized. The course will also cover secure programming principles using different languages, with particular focus in secure software development.

 

Key topics summary:

1.      Secure development methodologies/models, assurance techniques (certification, validation, etc.)

2.      Secure programming issues

3.      Security analysis - tools and techniques

4.      Secure design and verification (e.g., protocol verification, model-based techniques, etc.)

 

Course Objectives

1.     Understand the principles of designing secure systems

2.     Understand and analyze code for vulnerabilities

3.     Use of tools to detect malware (lab exercises)

4.     Apply secure design principles to build a real system. This term the system development project will try to focus on designing/implementing (depending on interests)

·         Secure Social Network

·         Secure Mobile Apps

Prerequisites

  • IS 2150/TEL 2810 Introduction to Computer Security
  • Following courses are preferred but not required:
    • IS 2170/TEL 2820 Cryptography; TEL 2821 Network Security
    • IS 2511 or 25 40
  • Talk to the instructor if you are not sure of the background

Course Material

 

There is no one book that covers all the topics considered in this course. All the relevant books are still being checked to see if one can be used as the main text book. Here are some reference books that will be recommended for the course.

  • Secure Coding in C and C++, Robert C. Seacord, Addition-wesley, 2006
  • Software Security - Building Security In, Gary McGraw, Addition-Wesley Software Security Series, ISBN: 0-321-35670-5
  • Building Secure Software: How to avoid the Security Problems the Right Way, John Viega, Gary McGraw, Addison-Wesley, 2002
  • Modelling and Analysis of Security Protocols, Peter Ryan, Steve Schneider, Michael Goldsmith, Gavin Lowe and Bill Roscoe
  • High Integrity Software: The Spark Approach to Saftey and Security, John Barnes, Addition-Wesley.
  • The Art of Software Security Testing - Identifying Software Security Flaws; Chris Wysopal, Lucas Nelson, Dino Dai Zovi, Elfriede Dustin - Addition Wesley
  • Enterprise Java Security: Building Secure J2EE Applications – Marco Pistoia, Nataraj Nagaratnam, Larry Koved, Anthony Nadalin, Addition-Wesley, 2004
  • Secure Systems Development with UML – Jan Jurjens, Springer-Verlag, 2005.
  • Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML EncryptionJothy Rosenberg, David Remy, 2004, Sams Publishing, 2004.
  • Papers; MSDN, US-CERT etc.

 

Most of these and others useful materials are available through the Pitt domain in Safari Online. Check this page for the online books that are available (you can search for the book here).

 

Grading (Tentative – the distribution may be changed based on class interest)

  • Assignments/Presentation/Exam: 60-70

·         Read/Review and/or present research papers or articles

·         Assignments and lab exercises

·         One exam (15% - 20%)

  • Project : 40-30%

·         Development-oriented project (e.g. Creating Secure Social Network; Secure Mobile Apps, etc.)

·         Research paper for conference

·         Team oriented and in some cases in collaboration with PhD students

·         Start early on

If you are having a disability for which you are or may be requesting an accommodation, you are encouraged to contact both your instructor and the Office of Disability Resources and Services (DRS), 216 William Pitt Union (412-648-7890/412-383-7355) as early as possible in the term. DRS will verify your disability and determine reasonable accommodations for this course.