Software Security - S16

CSE 545

Syllabus

Course Info

Course Number: CSE 545 (29072)
Instructor: Prof. Adam Doupé
Email: doupe@asu.edu
Office: BYENG 472
Office Hours: Monday, 11:30am–1pm and by appointment
Meeting Times: Monday, Wednesday, and Friday, 10:30am–11:20am (CAVC 351)
Course Mailing List: cse545-s16@googlegroups.com

Course Lead TA: Sai Chandramouli
Email: schand31@asu.edu
Office: BYENG 423
Office Hours: Wednesday 11:30am–12:30pm, Friday 2pm–3:30pm, and by appointment

Course TA: Pradeep Ganghishetti
Email: pradeep.ganghishetti@asu.edu
Office: BYENG 214
Office Hours: Tuesday 11:30am–12:30pm, Thursday 11:30am–12:30pm, and by appointment

Course Description

This course will provide students with a good understanding of the theories and tools used for secure software design, threat analysis, secure coding, and vulnerability analysis. Students will study, in-depth, vulnerability classes to understand how to protect software and how to secure software.

We will also cover various analysis and design techniques for improving software security, as well as how to use these techniques and tools to improve and verify software designs and security. Finally, we will also discuss the technical trends affecting software security1.

Prerequisites

This course will be challenging, and students are expected to learn the necessary technologies.

This course requires very good programming/development skills (C/C++ and a scripting language, such as Python, Ruby or PHP) and a solid background in operating systems (especially Linux or UNIX variants).

Recommended Textbook

This course does not have a textbook.

Course Communication

All announcements and communications for the class will take place through the class mailing list. Students are required to subscribe to the class mailing list:
https://groups.google.com/d/forum/cse545-s16

Student may use the class mailing list to ask questions or clarifications, and the TA, Instructor, or other students can answer. Note that sharing solutions or answers is expressly prohibited.

Course Topics

Topics may include:

  • Current state of software security
  • Common software vulnerabilities
  • Secure software design and coding
  • Software assurance
  • Software security standards and tools
  • Secure software engineering lifecycle
  • Risk management in software development
  • Software security testing

Technologies covered:

  • C
  • HTTP
  • HTML
  • JavaScript
  • SQL
  • Scripting languages

Assessment

Students will be evaluated on their performance on homework, exams, and project.

Homework Assignments

There will be three or four homework assignments in the course, covering the material presented in the lectures. Expect significant programming assignments, and assignments that test hands-on security vulnerabilities.

Midterm Exam

There will be a midterm exam. The exam will cover the material discussed from the lectures and the assignments. No notes or outside material/devices will be allowed.

Project

There will be a project for the course. The project will entail creating a security library that defends against a common vulnerability class. Students will be able to choose from a list of projects. Projects can be done either solo or in a pair.

Final Exam

There will be a final exam that will cover all material presented throughout the course, with an emphasis on material from the second half of the class. No notes or outside material/devices will be allowed.

Grading

Area Weight %
Homework 50
Midterm Exam 10
Project 30
Final Exam 10

Homework Due Dates and Exam Dates

Homework due dates and exam dates will be posted well in advance on the class website and announced in class.

For each day an assignment is late, a 20% deduction will be assessed. Exams will be given in class and are closed book, closed note, unless otherwise stated. Makeup exams are typically not given unless under extenuating circumstances. Laptops, phones, calculators, and other smart devices are not allowed during exams.

Plagiarism and Cheating

Plagiarism or any form of cheating in assignments, projects, or exams is subject to serious academic penalty. To understand your responsibilities as a student read: ASU Student Code of Conduct and ASU Student Academic Integrity Policy.

There is a zero tolerance policy in this class: any violation of the academic integrity policy will result in a zero on the assignment and the violation will be reported to the Dean’s office. Plagiarism is taken very seriously in this course. To date, the professor has issued 20 academic integrity policy violations.

Examples of academic integrity violations include (but are not limited to):

  • Sharing code with a fellow student (even if it’s only a few lines).

  • Collaborating on code with a fellow student.

  • Submitting another students code as your own.

  • Submitting a prior student’s code as your own.

Posting your assignments online is expressly forbidden, and will be considered a violation of the academic integrity policy. If you want to impress employers with your coding abilities, create an open-source project that is done outside of class.

Syllabus Update

Information in the syllabus, may be subject to change with reasonable advance notice.

  1. © Copyright 2016 Adam Doupé as to this syllabus, all lectures, and course-related written materials. During this course students are prohibited from making audio, video, digital, or other recordings during class, or selling notes to or being paid for taking notes by any person or commercial firm without the express written permission of the faculty member teaching this course.