Development of Secure Software Systems

Course schedule overview

The scheduling and selection of lecture topics is subject to minor adjustment as the semester progresses, but the assignment and exam dates are not expected to change.

Date	Lecture topic	Assignments due
Tuesday 1/16	Introduction and logistics
Thursday 1/18	Intro to memory safety
Tuesday 1/23	More memory safety
Thursday 1/25	Threat modeling 1
Tuesday 1/30	Memory safety attacks 1
Thursday 2/ 1	Memory safety attacks 2
Tuesday 2/ 6	More threat modeling, with example
Thursday 2/ 8	ROP and fuzzing
Friday 2/ 9		Problem Set 1 due
Tuesday 2/13	Auditing and more mitigations
Thursday 2/15	Access control and the Unix filesystem
Tuesday 2/20	Midterm 1
Thursday 2/22	Ethical and legal concerns in security
Friday 2/23		Project 0.5 due
Tuesday 2/27	More permissions, shell injection
Thursday 2/29	OS-level attacks
Tuesday 3/ 5	No class, spring break
Thursday 3/ 7	No class, spring break
Tuesday 3/12	OS protection and isolation
Thursday 3/14	A security perspective on networks
Tuesday 3/19	Web security, server side
Thursday 3/21	Web security, client side
Tuesday 3/26	Cryptography: general principles
Thursday 3/28	Cryptography: symmetric-key encryption
Friday 3/29		Project 1 submission 1 due
Tuesday 4/ 2	Cryptography: MACs, public key intro
Thursday 4/ 4	Cryptography: public-key primitives, failures
Tuesday 4/ 9	Midterm 2
Thursday 4/11	Encrypted protocols
Tuesday 4/16	threat modeling of AI, xz backdoor
Thursday 4/18	User authentication
Friday 4/19		Project 1 submission 2 due
Thursday 4/23	User identities
Tuesday 4/25	Usable security principles and case studies (last lecture)

Detailed reading and lecture schedule

Tuesday, January 16th (8-up slides): High level overview, course assignments and grading logistics. No readings.
Thursday, January 18th (8-up slides): Introduction to memory safety vulnerabilities. No readings.
Tuesday, January 23rd (8-up slides, updated with answers, uninit use, and office hour): More memory safety vulnerabilities. No readings. overflow-eg.c
Thursday, January 25th (8-up slides): Code auditing and threat modeling. No readings.
Tuesday, January 30th (8-up slides): STRIDE, attacks against memory safety vulnerabilities. No readings.
Thursday, February 1st (8-up slides, updated with announcement): More memory-safety attacks, and W xor X. Reading: notes on drawing data-flow diagrams.
Tuesday, February 6th (8-up slides, updated with announcements and some answers): More on threat modeling, with an in-class exercise. No readings.
Thursday, February 8th (8-up slides): ROP with an exercise (instructions PDF, editable SVG), fuzz testing. No readings.
Tuesday, February 13th (8-up slides): Code auditing. More low-level defenses: ASLR, return address protection. Reading: chapter 4 of The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities by Mark Dowd, John McDonald, and Justin Schuh (Addison-Wesley 2006, this version courtesy of O'Reilly Learning). Available as a class-use-only PDF download on the Files section of the Canvas page: the 1 column version is recommended for online reading, and the 2 column version for printing. You can skip the final sections "Code Auditor's Toolbox" (which is out of date) and "Case Study: OpenSSH". In other words, through page 51 in the 1-column PDF or page 26 in the 2-column PDF.
Thursday, February 15th: (8-up slides): Operating systems access control. The Unix filesystem and its permissions. No readings.
Tuesday, February 20th: Midterm exam 1 in class. The spring 2022, fall 2022, spring 2023, and fall 2023 midterms are available for comparison, as well as the spring 2022 solutions, fall 2022 solutions, spring 2023 solutions, and fall 2023 solutions.
Thursday, February 22nd (8-up slides): Ethical and legal perspectives. Readings: “System Administration as a Criminal Activity or, the Strange Case of Randal Schwartz” (Internet Archive, local copy); and class action complaint against Sony BMG (you don't need to read the EULA appendixes).
Tuesday, February 27th (8-up slides): More on Unix permissions, and shell injection attacks. No readings.
Thursday, February 29th (8-up slides): Shell injection attacks, race conditions, and preventing them. Reading: David A. Wheeler, Secure Programming HOWTO. Chapters 3, Summary of Linux and Unix Security Features, and 7, Design Your Program for Security, skipping section 7.16. (Quiz due 3/14)
Tuesday, March 12th (8-up slides): OS protection and isolation mechanisms. Optional bonus reading: Daniel J. Bernstein, Some thoughts on security after ten years of qmail 1.0, CSAW 2007.
Thursday, March 14th (8-up slides): Networks, and classic network attacks. No readings.
Tuesday, March 19th (8-up slides): Web security 1: introduction and server-side. Reading: OWASP Top 10:2021: The Ten Most Critical Web Application Security Risks. Follow one level of links to the pages about the 10 categories A01 through A10.
Thursday, March 21st (8-up slides): Web security 2: XSS, privacy, and other risks. No additional readings.
Tuesday, March 26th (8-up slides): Introduction to cryptography. No readings.
Thursday, March 28th (8-up slides): Cryptography 2: stream ciphers, block ciphers. Reading: "Cryptography", chapter 5 of Ross Anderson, Security Engineering, third edition. Available via the campus libraries through Wiley Online, here. The same chapter from the previous edition is available free for anyone from the author's web site and has most of the same content.
Tuesday, April 2nd (8-up slides): Cryptography 3: MACs, secure channels, public key introduction. No readings.
Thursday, April 4th (8-up slides): Cryptography 4: public key primitives, protocols, failures. No readings.
Tuesday, April 9th: Midterm exam 2 in class. The spring 2022, fall 2022, spring 2023, and fall 2023 midterms are available for comparison, as well as the spring 2022, spring 2023, and fall 2023 solutions.
Thursday, April 11th (8-up slides): PKI and practical encrypted network protocols. No readings.
Tuesday, April 16th (8-up slides): Threat modeling of AI risks, xz/SSH backdoor. Reading: OpenAI, GPT-4 System Card through section 2, page 20.
Thursday, April 18th (8-up slides): User authentication and error tradeoffs. No readings.
Tuesday, April 23rd (8-up slides): More authentication, usability principles. Blank RIOC curve for exercise. No readings.
Thursday, April 25th (8-up slides): Usability principles and examples, final lecture. No readings.