Software Security (SOS)

Course content

The course is focused on software security studied from a programming language perspective. The course will present a variety of techniques based on programming language semantics that serve to improve or guarantee the security of a program. Topics that will be covered in the course include information-flow control, vulnerability analysis, and software-fault isolation and sand-boxing.  We will address the problem of security of a variety of languages (high- and low-level) coming from different programming paradigms.  The course will provide introductions to relevant program analysis techniques such as abstract interpretation and type systems and demonstrate their applications on a selection of use cases.

Learning outcome

Knowledge of

  • Basic software security policies, their formalisation as program properties.
  • The role of a precise (formal) semantics for a programming language in developing  techniques for enforcing security policies.


Skills to

  • Describe properties relevant to software security and define what they mean precisely. 
  • Formalize ideas and concepts into rigorous definitions and make falsifiable (or provable) statements about them.


Competences to

  • Read, assess and communicate research papers in language-based security.
  • Apply central results in the given area of studies.


Lectures, in-class exercises, group work on programming and analysis assignments.

See Absalon for the final curriculum, but it will contain: 

  • Course notes. 
  • Research articles and excerpts from books, distributed electronically.

Proactive Computer Security (PCS) and Semantics and Types (SaT) are recommended

Continuous feedback during the course of the semester
7,5 ECTS
Type of assessment
Oral exam on basis of previous submission, 30 minutes
Type of assessment details
The exam has two parts:
1) 3-4 individual/group written assignments during the course
2) an individual oral exam (30 minutes) based on the written assignments.
The final grade is based on an overall assessment of the handed-in assignments and the oral exam.
All aids allowed
Marking scale
7-point grading scale
Censorship form
No external censorship
Several internal examiners

A resubmission of revised written assignments and a 30 minutes individual oral examination without preparation. 

Criteria for exam assessment

See Learning Outcome

Single subject courses (day)

  • Category
  • Hours
  • Lectures
  • 28
  • Preparation
  • 146
  • Exercises
  • 21
  • Exam Preparation
  • 10
  • Exam
  • 1
  • English
  • 206


Course number
7,5 ECTS
Programme level
Full Degree Master

1 block

Block 1
No limitation – unless you register in the late-registration period (BSc and MSc) or as a credit or single subject student.
Study Board of Mathematics and Computer Science
Contracting department
  • Department of Computer Science
Contracting faculty
  • Faculty of Science
Course Coordinator
  • Thomas Philip Jensen   (4-837779744f73783d7a843d737a)
Saved on the 14-02-2024

Are you BA- or KA-student?

Are you bachelor- or kandidat-student, then find the course in the course catalog for students:

Courseinformation of students