Software Security (SOS)

Course content

The course is focused on software security studied from a programming language perspective. The course will present a variety of techniques based on programming language semantics that serve to improve or guarantee the security of a program. Topics that will be covered in the course include information-flow control, vulnerability analysis, and software-fault isolation and sand-boxing.  We will address the problem of security of a variety of languages (high- and low-level) coming from different programming paradigms.  The course will provide introductions to relevant program analysis techniques such as abstract interpretation and type systems and demonstrate their applications on a selection of use cases.

Learning outcome

Knowledge of

  • Basic software security policies, their formalisation as program properties.
  • The role of a precise (formal) semantics for a programming language in developing  techniques for enforcing security policies.

 

Skills to

  • Describe properties relevant to software security and define what they mean precisely. 
  • Formalize ideas and concepts into rigorous definitions and make falsifiable (or provable) statements about them.

 

Competences to

  • Read, assess and communicate research papers in language-based security.
  • Apply central results in the given area of studies.

 

Lectures, in-class exercises, group work on programming and analysis assignments.

See Absalon for the final curriculum, but it will contain: 

  • Course notes. 
  • Research articles and excerpts from books, distributed electronically.

Proactive Computer Security (PCS) and Semantics and Types (SaT) are recommended

Oral
Individual
Collective
Continuous feedback during the course of the semester
ECTS
7,5 ECTS
Type of assessment
Continuous assessment
Continuous assessment based on 3-4 individual/group assignments and a final individual oral examination based on the assignments(20min.).
The final grade is based on an overall assessment of the handed-in assignments and the oral exam.
Aid
All aids allowed
Marking scale
7-point grading scale
Censorship form
No external censorship
Several internal examiners
Criteria for exam assessment

See Learning Outcome.

Single subject courses (day)

  • Category
  • Hours
  • Lectures
  • 28
  • Preparation
  • 146
  • Exercises
  • 21
  • Exam Preparation
  • 10
  • Exam
  • 1
  • English
  • 206