Secure programming

2019-2020

Course Objective

This is an introductory course on information security. The emphasis
will be on how to develop applications with security in mind. At the
end of the course, students should be familiar with the following:

1. Importance of security in modern engineering.
2. How common cryptographic primitives work, and why they are essential.
3. How bugs can degrade the security of software.
4. Common memory corruption bugs and their (security) side-effects in
software.

Course Content

The course is divided into the following modules:

A. Understanding Cryptographic primitives
1. Confidentiality, Integrity and Authentication (CIA) properties
2. Symmetric/asymmetric/stream ciphers
3. Digital certificates/signatures
4. Cryptographic hash Functions
5. OpenSSL engineering

B. Understanding (and avoiding) low-level bugs
1. Process memory layout
2. Buffer overflows
3. Integer overflow/format strings
4. Bug detection and mitigation
5. Secure Development Lifecycle (SDL)

C. Special topics in Security (optional)

Teaching Methods

Lectures and practical assignments.

Method of Assessment

Written Exam (60%). Practical assignments (40%).

There is no resit opportunity for the practical assignments.

Entry Requirements

Knowledge of computer programming, preferably in C. Some knowledge of
assembly is beneficial.

Literature

1. Principles of Information Security, By Michael E. Whitman and Herbert
J. Mattord.
2. Security Engineering: A Guide to Building Dependable Distributed
Systems by Ross J. Anderson (free on-line:
http://www.cl.cam.ac.uk/~rja14/book.html)
3. Online materials (articles)

Recommended background knowledge

Background in mathematics (number theory), working knowledge of web,
programming in C and (to a limited extent) assembly, scripting in
Python.

General Information

Course Code XB_40005
Credits 6 EC
Period P2
Course Level 300
Language of Tuition English
Faculty Faculty of Science
Course Coordinator dr. D.A. Andriesse
Examiner dr. D.A. Andriesse
Teaching Staff dr. D.A. Andriesse

Practical Information

You need to register for this course yourself

Last-minute registration is available for this course.

Teaching Methods Lecture
Target audiences

This course is also available as: