Software Security - S17

CSE 545

Syllabus

Course Info

Course Number: CSE 545 (24218)
Instructor: Prof. Adam Doupé
Email: doupe@asu.edu
Office: BYENG 472
Office Hours: Monday 3:00pm–4:30pm, and by appointment
Meeting Times: Monday and Wednesday, 4:35pm–5:50pm (CDN 60)
Course Mailing List: cse545-s17@googlegroups.com

Course TA: Yeganeh Safaei
Email: ysafaeis@asu.edu
Office: BYENG 423
Office Hours: Wednesday 11:00am–12:00pm, Thursday 12:30pm–1:30pm, and by appointment

Professor/TA Communication: cse545@asu.edu

Course Description

This course will provide students with a good understanding of the theories and tools used for secure software design, threat analysis, secure coding, and vulnerability analysis. Students will study, in-depth, vulnerability classes to understand how to protect software and how to secure software.

We will also cover various analysis and design techniques for improving software security, as well as how to use these techniques and tools to improve and verify software designs and security. Finally, we will also discuss the technical trends affecting software security1.

Prerequisites

This course will be very challenging, and students are expected to learn the necessary technologies on their own time.

This course requires very good programming/development skills (C/C++ and a scripting language, such as Python, Ruby or PHP) and a solid background in operating systems (especially Linux or UNIX variants). If you do not have these skills, or do not plan on acquiring them, then I suggest you do not take this class.

Suggested Textbooks

All material for the course will be provided in lecture, however here are some books that can help reinforce the concepts discussed in class.

Hacking: The Art of Exploitation. Jon Erickson
ISBN: 1593271441

The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws. Dafydd Stuttard and Marcus Pinto ISBN: 1118026470

Course Communication

All announcements and communications for the class will take place through the class mailing list. Students are required to subscribe to the class mailing list:
https://groups.google.com/d/forum/cse545-s17

Student may use the class mailing list to ask questions or clarifications, and the TA, Instructor, or other students can answer. Note that sharing solutions or answers is expressly prohibited.

Questions meant for the professor and/or TA should be addressed to the following email address: cse545@asu.edu. This email address is sent to the professor and TAs, and this will ensure that your email is addressed in a timely manner (faster than just sending an email to one of our addresses).

Course Topics

Topics may include:

  • Current state of software security
  • Common software vulnerabilities
  • Secure software design and coding
  • Software assurance
  • Software security standards and tools
  • Secure software engineering lifecycle
  • Risk management in software development
  • Software security testing

Technologies covered:

  • C
  • x86 Assembly
  • HTTP
  • HTML
  • JavaScript
  • SQL
  • Scripting languages

Assessment

Students will be evaluated on their performance on homework, exams, and project.

Homework Assignments

There will be three or four homework assignments in the course, covering the material presented in the lectures. Expect significant programming assignments, and assignments that test exploiting hands-on security vulnerabilities.

Midterm Exam

There will be a midterm exam. The exam will cover the material discussed from the lectures and the assignments. No notes or outside material/devices will be allowed.

Project

There will be a project for the course. The project will entail creating a security library that defends against a common vulnerability class. Students will be able to choose from a list of projects. Projects will be done solo.

Final Exam

There will be a final exam that will cover all material presented throughout the course, with an emphasis on material from the second half of the class. No notes or outside material/devices will be allowed.

Grading

Area Weight %
Homework 50
Midterm Exam 10
Project 30
Final Exam 10

Homework Due Dates and Exam Dates

Homework due dates and exam dates will be posted well in advance on the class website and announced in class.

For each day an assignment is late, a 20% deduction will be assessed. Exams will be given in class and are closed book, closed note, unless otherwise stated. Makeup exams are typically not given unless under extenuating circumstances. Laptops, phones, calculators, and other smart devices are not allowed during exams.

Plagiarism and Cheating

Plagiarism or any form of cheating in assignments, projects, or exams is subject to serious academic penalty. To understand your responsibilities as a student read: ASU Student Code of Conduct and ASU Student Academic Integrity Policy.

You are allowed to use code snippets that you find online (StackOverflow or otherwise) provided that you provide, as part of a comment in your source code, the source of the code. This snippets should not constitute a significant part of your code. Using another students' code, past or present, even with a citation is a violation of the academic integrity policy.

There is a zero tolerance policy in this class: any violation of the academic integrity policy will result in a zero on the assignment and the violation will be reported to the Dean’s office. Plagiarism is taken very seriously in this course. To date, the professor has issued 25 academic integrity policy violations.

Examples of academic integrity violations include (but are not limited to):

  • Sharing code with a fellow student (even if it’s only a few lines).

  • Collaborating on code with a fellow student.

  • Submitting another students code as your own.

  • Submitting a prior student’s code as your own.

Posting your projects online is expressly forbidden, and will be considered a violation of the academic integrity policy. Note that this includes working out of a public Github repo. The Github Student Developer Pack provides unlimited private repositories while you are a student. If you want to impress employers with your coding abilities, create an open-source project that is done outside of class.

Syllabus Update

Information in the syllabus, may be subject to change with reasonable advance notice.

  1. © Copyright 2016 Adam Doupé as to this syllabus, all lectures, and course-related written materials. During this course students are prohibited from making audio, video, digital, or other recordings during class, or selling notes to or being paid for taking notes by any person or commercial firm without the express written permission of the faculty member teaching this course.