Logo ČVUT
CZECH TECHNICAL UNIVERSITY IN PRAGUE
STUDY PLANS
2018/2019

Security and Secure Programming

Login to KOS for course enrollment Display time-table
Code Completion Credits Range Language
MI-BPR.16 Z,ZK 5 2+1 Czech
Lecturer:
Josef Kokeš (guarantor)
Tutor:
Josef Kokeš (guarantor)
Supervisor:
Department of Computer Systems
Synopsis:

Students will learn how to assess security risks and how to take them into account in the design phase of their own code and solutions. After getting familiar with the threat modeling theory, students gain practical experience with running programs with reduced privileges and methods of specifying these privileges, since not every program needs to run with administrator privileges. Students will also be briefly introduced to the principles of securing data and the relationships of security and database systems, web, remote procedure calls, and sockets in general. The module concludes with Denial of Service attacks and countermeasures to these attacks.

Requirements:

Programming in C, knowledge of basic application interfaces and computer systems architectures.

Syllabus of lectures:

1. Introduction to secure programming, current security trends.

2. Threat modeling.

3. The buffer overflow.

4. Writing secure code in C.

5. Security levels, Access Control Lists (ACL).

6. Running a program with low privileges.

7. Data security and integrity.

8. Data input, canonical representation, and security.

9. Security of databases.

10. Security of web applications.

11. Security of sockets and RPC.

12. Defence against Denial of Service attacks.

13. Summary and recapitulation.

Syllabus of tutorials:

1. Threat modeling.

2. The buffer overflow.

3. Running a program with low privileges.

4. Security of databases.

5. Security of web applications.

6. Defence against Denial of Service attacks.

Study Objective:

The aim of the module is to teach the students to take into account the security aspects already in the design phase of their own software applications and solutions. Students will start with theoretical modeling of security threats, and move on to practical exercises with C programs. They will learn to determine the minimal privileges for a program to run. They will also learn to secure data, data communication, remote procedure calls, and websites.

Study materials:

1. Howard, M., LeBlanc, D.: Writing Secure Code, 2nd Edition, Microsoft Press, 2003, 9780735617223.

2. Howard, M., LeBlanc, D.: Writing Secure Code for Windows Vista, Microsoft Press, 2007, 9780735623934,

3. Seacord, R. C.: Secure Coding in C and C++, 2nd Edition, Addison-Wesley Professional, 2013, 9780321822130,

Note:
Further information:
https://courses.fit.cvut.cz/MI-BPR/
Time-table for winter semester 2018/2019:
Time-table is not available yet
Time-table for summer semester 2018/2019:
06:00–08:0008:00–10:0010:00–12:0012:00–14:0014:00–16:0016:00–18:0018:00–20:0020:00–22:0022:00–24:00
Mon
Tue
Fri
roomTH:A-s135
Kokeš J.
09:15–10:45
(lecture parallel1)
Thákurova 7 (FSv-budova A)
As135
roomT9:345
Kokeš J.
12:45–14:15
(lecture parallel1
parallel nr.101)

Dejvice
NBFIT BOU ucebna
Thu
Fri
The course is a part of the following study plans:
Data valid to 2019-03-25
For updated information see http://bilakniha.cvut.cz/en/predmet4654606.html