Advanced Software Security
2021/2022
Content, progress and pedagogy of the module
OBJECTIVES
- To familiarise the student with state-of-the-art research within select areas of software security, e.g., language-based security, secure information flow, secure programming languages, verified programming.
- To enable the student to assess and evaluate proposed or novel tools and techniques for software security.
- To familiarise the student with the theoretical foundations underlying key areas of software security, e.g., fuzzing, static analysis, model checking etc.
Learning objectives
Knowledge
- To know and be able to explain the difference(s) between the most common software security methodologies, e.g., fuzzing, static analysis, model checking, verified programming.
- To know and be able to explain common use cases and pitfalls for key software security tools, techniques, and theories, as well as discuss inherent advantages vs. disadvantages in such use cases.
- To know of the theoretical foundations for one or more of the studied tools and techniques, in particular static analysis, model checking, and fuzzing.
- To know and be able to explain the limitations of the studied theories, tools, and techniques.
Skills
- To be able to deploy and use one or more software security tools or techniques for security analysis of a small software project.
- To be able to evaluate potential (security related) benefits or drawbacks of using the studied tools and theories on a small software project.
- To be able to identify the best tool or technique to solve specific software security problems.
Competences
- To be able to assess and evaluate security relevance of different tools, methods, and processes used for developing small software projects.
- To be able to evaluate and propose or adapt existing techniques to perform specific security related analyses of software, e.g., extending a taint-analysis to cover new language features.
- To be able to identify and research novel theories, tools, and techniques for software security.
Type of instruction
Types of instruction are listed at the start of ยง17; Structure and contents of the programme.
Exam
Exams
| Name of exam | Advanced Software Security |
| Type of exam | Written or oral exam |
| ECTS | 5 |
| Assessment | 7-point grading scale |
| Type of grading | Internal examination |
| Criteria of assessment | The criteria of assessment are stated in the Examination Policies and Procedures |
Facts about the module
| Danish title | Avanceret software-sikkerhed |
| Module code | ESNCYSK2K2 |
| Module type | Course |
| Duration | 1 semester |
| Semester | Spring
|
| ECTS | 5 |
| Language of instruction | English |
| Empty-place Scheme | Yes |
| Location of the lecture | Campus Copenhagen |
| Responsible for the module |
Organisation
| Study Board | Study Board of Electronics and IT |
| Department | Department of Electronic Systems |
| Faculty | Technical Faculty of IT and Design |
