2018/2019, Semester 1
School of Computing (Computer Science)
Modular Credits: CS4239 ( 4 ) / CS5439 ( 4 )
Software engineering processes need to include security considerations in the modern world. This module familiarizes students to security issues in different stages of the software life-cycle. At the end of the module, the students are expected to understand causes of insecurity, secure programming practices, be able to analyse and check for impact of malicious inputs in programs, and be able to use tools/techniques which can help detect software vulnerabilities.
CS3235 Computer Security and (CS2103 or its equivalent)
Lecture format together with practical labs.
Understanding the causes of vulnerabilities:
(buffer overflow & memory errors, type errors, unsafe APIs, arithmetic errors, undefined behavior, code injection, OS and environmental errors, concurrency & TOCTOU, ...)
(bounds checking, no-execute, ASLR, stackguard, isolation, privilege separation, localization & patching, sandboxes, ...)
(fuzzing, static analysis (symbolic execution), taint analysis, error localization, ...)
(security engineering, other issues)
Practical work will consist of labs and assignments.
Quizes, Labs, Assignments, Final Exam
(see the slides for details)
Workload Components : A-B-C-D-E
A: no. of lecture hours per week
B: no. of tutorial hours per week
C: no. of lab hours per week
D: no. of hours for projects, assignments, fieldwork etc per week
E: no. of hours for preparatory work by a student per week