DV2595 Software Security

Single subject course, 7,5 Higher education credits, Second cycle, autumn semester 2020

Apply

Apply via universityadmissions.se

The main objective of this course is to teach students to understand and how to address various software security problems in a secure and controlled environment. During this course the students will gain knowledge (both theoretical and practical) in various kinds of software security problems, and techniques that could be used to protect the software from security threats. The students will also learn to understand the” modus operandi” of adversaries; which could be used for increasing software dependability. Experience with C/C++ programming in a UNIX environment or related is desirable.

Facts

  • Type of instruction: Distance, mixed-time, part-time 25%
  • Application code: BTH-D5816
  • Period : 2020-August-31 until 2021-January-17
  • Education level: A1N
  • Application: Apply via universityadmissions.se
  • Language of instruction: The teaching language is English.
  • Location: Some or all of education and examination is held at distance.
  • No. of occasions: Mandatory: none, Voluntary: none
  • Main field of study: Computer Science
  • Course syllabus: Download
  • Welcome letter: Download
  • Entry requirements: Admission to the course require at least 120 credits, of which at least 90 credits are in a technical area, and a minimum of 2 years professional experience within an area related to software-intensive product and/or service development (shown by, for example, a work certificate from an employer).

Content

The students will also learn to understand the” modus operandi” of adversaries and recognize risky programming practices. During the course, the students will become familiar with different security mechanisms that are built into the operating systems or are provided by specific software development tools. The students will also learn to use tools and frameworks for analysis and instrumentation of source code and binaries, that aid in detecting vulnerabilities or protect the software. The course comprises the following:
• Software security background and root causes for software vulnerabilities
• A quick introduction to assembly programming for x86-32/64 bits
• Mitigating memory corruption vulnerabilities as well as unsecure system- and library calls
• Unsecure input parsing and strategies to handle it correctly
• Tools and frameworks for instrumentation of source code and binaries
• State-of-the-art research in software security

Learning outcomes

Knowledge and understanding
• Explain how exploits for typical software vulnerabilities work.
• Explain how protection mechanisms against a specific type of exploits work.
Competence and skills
• Review executing software systems and their source code in search for security flaws.
• Apply the security tools and frameworks for automatic vulnerability detection that were introduced during the course.
Judgement and approach
• Evaluate the limitations of chosen measures and protection mechanisms in relation to a specific vulnerability or security flaw.

Course literature and other teaching material

Materials such as research articles and other course materials, as well as recommendations for additional reading, are provided via the courses? online platform.

Course literature and other teaching material

Materials such as research articles and other course materials, as well as recommendations for additional reading, are provided via the courses? online platform.

Learning methods

The teaching is organised around online lectures, pre-recorded videos, together with written material, literature, and research literature. Throughout the course, communication, feedback, and discussions with teachers and fellow participants will take place through email and the course’s online learning platform.

Work placement

No work placement is included in the planned learning activities. BTH is aiming for a close contact with the surrounding community when developing courses and programmes.

Teachers

Examiner
  1. Dragos Ilie
Course Manager
  1. Dragos Ilie

Time allocation

On average, a student should study 200 hours to reach the learning outcomes.
This time includes all the various available learning activities (lectures, self studies, examinations, etc.).
This estimation is based on the fact that one academic year counts as 60 ECTS credits,
corresponding to an average student workload of 1 600 hours. This may vary individually.

Assessments

Grading

The course will be graded G Pass, UX Insufficient, supplementation required, U Fail.

Exams

More information about exams are found in the Student's Portal, where you also enrolls for most exams.


There might be other scheduled examinations. Information regarding these examinations are available in the learning platform Canvas or at other places that the person who is responsible of the course will refer to.

Course Evaluation

The course manager is responsible for the views of students on the course being systematically and regularly gathered and that the results of the evaluations in various forms affect the form and development of the course.