Secure programming

2019-2020
Dit vak wordt in het Engels aangeboden. Omschrijvingen kunnen daardoor mogelijk alleen in het Engels worden weergegeven.

Doel vak

This is an introductory course on information security. The emphasis
will be on how to develop applications with security in mind. At the
end of the course, students should be familiar with the following:

1. Importance of security in modern engineering.
2. How common cryptographic primitives work, and why they are essential.
3. How bugs can degrade the security of software.
4. Common memory corruption bugs and their (security) side-effects in
software.

Inhoud vak

The course is divided into the following modules:

A. Understanding Cryptographic primitives
1. Confidentiality, Integrity and Authentication (CIA) properties
2. Symmetric/asymmetric/stream ciphers
3. Digital certificates/signatures
4. Cryptographic hash Functions
5. OpenSSL engineering

B. Understanding (and avoiding) low-level bugs
1. Process memory layout
2. Buffer overflows
3. Integer overflow/format strings
4. Bug detection and mitigation
5. Secure Development Lifecycle (SDL)

C. Special topics in Security (optional)

Onderwijsvorm

Lectures and practical assignments.

Toetsvorm

Written Exam (60%). Practical assignments (40%).

There is no resit opportunity for the practical assignments.

Vereiste voorkennis

Knowledge of computer programming, preferably in C. Some knowledge of
assembly is beneficial.

Literatuur

1. Principles of Information Security, By Michael E. Whitman and Herbert
J. Mattord.
2. Security Engineering: A Guide to Building Dependable Distributed
Systems by Ross J. Anderson (free on-line:
http://www.cl.cam.ac.uk/~rja14/book.html)
3. Online materials (articles)

Aanbevolen voorkennis

Background in mathematics (number theory), working knowledge of web,
programming in C and (to a limited extent) assembly, scripting in
Python.

Algemene informatie

Vakcode XB_40005
Studiepunten 6 EC
Periode P2
Vakniveau 300
Onderwijstaal Engels
Faculteit Faculteit der Bètawetenschappen
Vakcoördinator dr. D.A. Andriesse
Examinator dr. D.A. Andriesse
Docenten dr. D.A. Andriesse

Praktische informatie

Voor dit vak moet je zelf intekenen.

Voor dit vak kun je last-minute intekenen.

Werkvormen Hoorcollege
Doelgroepen

Dit vak is ook toegankelijk als: