Advanced Software Security

2021/2022

Content, progress and pedagogy of the module

OBJECTIVES

  • To familiarise the student with state-of-the-art research within select areas of software security, e.g., language-based security, secure information flow, secure programming languages, verified programming.
  • To enable the student to assess and evaluate proposed or novel tools and techniques for software security.
  • To familiarise the student with the theoretical foundations underlying key areas of software security, e.g., fuzzing, static analysis, model checking etc.

Learning objectives

Knowledge

  • To know and be able to explain the difference(s) between the most common software security methodologies, e.g., fuzzing, static analysis, model checking, verified programming.
  • To know and be able to explain common use cases and pitfalls for key software security tools, techniques, and theories, as well as discuss inherent advantages vs. disadvantages in such use cases.
  • To know of the theoretical foundations for one or more of the studied tools and techniques, in particular static analysis, model checking, and fuzzing.
  • To know and be able to explain the limitations of the studied theories, tools, and techniques.

Skills

  • To be able to deploy and use one or more software security tools or techniques for security analysis of a small software project.
  • To be able to evaluate potential (security related) benefits or drawbacks of using the studied tools and theories on a small software project.
  • To be able to identify the best tool or technique to solve specific software security problems.

Competences

  • To be able to assess and evaluate security relevance of different tools, methods, and processes used for developing small software projects.
  • To be able to evaluate and propose or adapt existing techniques to perform specific security related analyses of software, e.g., extending a taint-analysis to cover new language features.
  • To be able to identify and research novel theories, tools, and techniques for software security.

Type of instruction

Types of instruction are listed at the start of ยง17; Structure and contents of the programme.

Exam

Exams

Name of examAdvanced Software Security
Type of exam
Written or oral exam
ECTS5
Assessment7-point grading scale
Type of gradingInternal examination
Criteria of assessmentThe criteria of assessment are stated in the Examination Policies and Procedures

Facts about the module

Danish titleAvanceret software-sikkerhed
Module codeESNCYSK2K2
Module typeCourse
Duration1 semester
SemesterSpring
ECTS5
Language of instructionEnglish
Empty-place SchemeYes
Location of the lectureCampus Copenhagen
Responsible for the module

Organisation

Study BoardStudy Board of Electronics and IT
DepartmentDepartment of Electronic Systems
FacultyTechnical Faculty of IT and Design