Security and Secure Programming
Code | Completion | Credits | Range | Language |
---|---|---|---|---|
MI-BPR | Z,ZK | 4 | 2+1 | Czech |
- Lecturer:
- Tomáš Zahradnický, Róbert Lórencz (gar.)
- Tutor:
- Tomáš Zahradnický
- Supervisor:
- Department of Computer Systems
- Synopsis:
-
Students will learn how to assess security risks and how to take them into account in the design phase of their own code and solutions. After getting familiar with the threat modeling theory, students gain practical experience with running programs with reduced privileges and methods of specifying these privileges, since not every program needs to run with administrator privileges. Students will also be briefly introduced to the principles of securing data and the relationships of security and database systems, web, remote procedure calls, and sockets in general. The module concludes with Denial of Service attacks and countermeasures to these attacks.
- Requirements:
-
Programming in C, knowledge of basic application interfaces and computer systems architectures.
- Syllabus of lectures:
-
1. Introduction to secure programming, current security trends.
2. Threat modeling.
3. The buffer overflow.
4. Writing secure code in C.
5. Security levels, Access Control Lists (ACL).
6. Running a program with low privileges.
7. Data security and integrity.
8. Data input, canonical representation, and security.
9. Security of databases.
10. Security of web applications.
11. Security of sockets and RPC.
12. Defence against Denial of Service attacks.
13. Summary and recapitulation.
- Syllabus of tutorials:
-
1. Threat modeling.
2. The buffer overflow.
3. Running a program with low privileges.
4. Security of databases.
5. Security of web applications.
6. Defence against Denial of Service attacks.
- Study Objective:
-
The aim of the module is to teach the students to take into account the security aspects already in the design phase of their own software applications and solutions. Students will start with theoretical modeling of security threats, and move on to practical exercises with C programs. They will learn to determine the minimal privileges for a program to run. They will also learn to secure data, data communication, remote procedure calls, and websites.
- Study materials:
-
Howard, M., LeBlanc, D. ''Writing Secure Code (2nd Edition)''. Microsoft Press, 2003. ISBN 0735617228.
Howard, M., LeBlanc, D. „Writing Secure Code for Windows Vista“. Microsoft Press, 2007.
http://www.owasp.org/index.php/Category:OWASP_Code_Review_Project
- Note:
- Time-table for winter semester 2011/2012:
-
06:00–08:0008:00–10:0010:00–12:0012:00–14:0014:00–16:0016:00–18:0018:00–20:0020:00–22:0022:00–24:00
Mon Tue Fri Thu Fri - Time-table for summer semester 2011/2012:
- Time-table is not available yet
- The course is a part of the following study plans:
-
- Computer Security, Version for Students who Enrolled in 2010, Presented in Czech (compulsory course of the specialization)
- Branch System Programming, Version for Students who Enrolled in 2010, Presented in Czech (compulsory course of the branch)
- Master Informatics, Version for Students who Enrolled in 2010, Presented in Czech (VO)
- Master Informatics, Presented in Czech, Version for Students who Enrolled in 2011 (VO)
- Computer Security, Presented in Czech, Version for Students who Enrolled in 2011 (compulsory course of the specialization)
- Branch System Programming, Presented in Czech, Version for Students who Enrolled in 2011 (compulsory course of the branch)
- Master Informatics, Presented in Czech, Version for Students who Enrolled in 2012 (VO)
- Computer Security, Presented in Czech, Version for Students who Enrolled in 2012 (compulsory course of the specialization)
- Branch System Programming, Presented in Czech, Version for Students who Enrolled in 2012 (compulsory course of the branch)