Developing Secure Software
General Material
- Syllabus (NEW August 12 2022)
- Ubiquitous Presenter Lecture Notes
- Ubiquitous Presenter Interactive Tutorial
- Piazza Discussion Board
- Article Summary Assignment (NEW August 12 2022)
Exam Information
- Midterm Exam Review Sheet (NEW August 12 2022)
- Final Exam Review Sheet (NEW August 12 2022)
Article summaries
| Name | Article Summary | Article Summary | Podcast Summary |
| Bitz, Scott | |||
| Bladorn, Ryan | Sean W. Smith, "Security
and Cognitive Bias: Exploring the Role of the Mind," IEEE Security
& Privacy, vol. 10, no. 5, pp. 75-78, Sept.-Oct., 2012 |
||
| Desai, Mrudang | Dan Thomsen, Jeremy Epstein, Peter G. Neumann, "Lost Treasures," IEEE Security & Privacy, vol. 10, no. 6, pp. 17-19, Nov.-Dec., 2012 |
||
| Dietel, Derik | Prandini, M.; Ramilli, M.; , "Return-Oriented Programming," Security & Privacy, IEEE , vol.10, no.6, pp.84-87, Nov.-Dec. 2012 | Interview with Bruce Schneier | |
| Franklin, Justin | Shamos, Michael; Yasinsac, Alec; , "Realities of E-voting Security," Security & Privacy, IEEE , vol.10, no.5, pp.16-17, Sept.-Oct. 2012 | Flash Memory for Ubiquitous Hardware Security Functions: True Random Number Generation and Device Fingerprints | |
| Gustafson, Kyle | “Analysis of a Botnet
Takeover” By Brett Stone-Gross, Marco Cova, Bob Gilbert, Richard Kemmerer, Christopher Kruegel, Giovanni Vigna From IEEE Security and Privacy Magazine, Jan 2011, pp. 64-72 |
Detecting Hoaxes, Frauds, and Deception in Writing Style Online | |
| Heinz, Eric | Shrobe, H.; Adams, D.; , "Suppose We Got a Do-Over: A Revolution for Secure Computing," Security & Privacy, IEEE , vol.10, no.6, pp.36-39, Nov.-Dec. 2012 | Revealing the Nuts and Bolts of the Security of Mobile Devices | |
| Hogue, Thomas | Smith, Sean W. "Security
and Cognitive Bias: Exploring the Role of the Mind." IEEE Security & Privacy, Sept.-Oct. 2012. Web. 12 Jan. 2013. |
Foundations of Logic Based Trust Management | |
| Johnsen, Bradley | |||
| Kuszewski, Jacob | Smith, S.W.; , "Security and Cognitive Bias: Exploring the Role of the Mind," Security & Privacy, IEEE , vol.10, no.5, pp.75-78, Sept.-Oct. 2012 | The Quest to Replace Passwords | |
| Raiche, Duane | Security in Open Source
Web Content Management Systems Article Date: July/August 2009 (vol. 7 no. 4) from IEEE Security & Privacy Magazine |
Dissecting Android Malware: Characterization and Evolution | |
| Stewart, Emil | Signing me onto Your Accounts through Facebook and Google: a Traffic Guided Security Study of Commercially Deployed Single-Sign on Services | AN INTERVIEW WITH HOWARD SCHMIDT | |
| Walker, Timothy | Chameleon and Werewolf Attacks | ||
| Wasielewski, Thaddeus | How Good are Humans at Solving Captchas? | Roesner, F.; Kohno, T.; Moshchuk, A.; Parno, B.; Wang, H.J.; Cowan, C.; , "User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems," Security and Privacy (SP), 2012 IEEE Symposium on , vol., no., pp.224-238, 20-23 May 2012 |
Lectures
- Week 1 Lecture 1 Introduction: What is the Security Problem and How will we deal with it. (NEW August 12 2022)
- Week 1 Lecture 2 Secure Software Concepts (pgs 1-28) (NEW August 12 2022)
- Week 2 Lecture 1 Software Security Touchpoints (pgs. 29-73) (NEW August 12 2022)
- Week 2 Lecture 2 Security Requirements (pgs 79-110) (NEW August 12 2022)
- Week 3 Lecture 1 Security Requirements Elicitation (pgs. 110-121) (NEW August 12 2022)
- Week 3 Lecture 2 Basic Design Principles (pgs. 127-147) (NEW August 12 2022)
- Week 4 Lecture 1 Threat Modeling: Who will attack us and why? (Handout) (NEW August 12 2022)
- Week 4 Lecture 2 Design: Enforcing the Principle of Least Privilege (pgs. 148-191) (NEW August 12 2022)
- Week 5 Lecture 1 Design Aspects (Architecture) (pgs 192-227) (NEW August 12 2022)
- Week 5 Lecture 2 Design Aspects (Architecture) (pgs 192-227) (NEW August 12 2022)
- Week 6 Lecture 1 Catch Up
- Week 6 Lecture 2 Midterm Exam
- Week 7 Lecture 1 Code Review with a Tool: Detecting out implementation mistakes (NEW August 12 2022)
- Week 7 Lecture 1 Secure Software Implementation and Coding (pgs 233-295) (NEW August 12 2022)
- Week 8 Lecture 1 Secure Software Testing (pgs 323-343) (NEW August 12 2022)
- Week 8 Lecture 2 Secure Software Testing, Part 2 (pgs 344-361) (NEW August 12 2022)
- Week 9 Lecture 1 Software Acceptance (pgs 367-398) (NEW August 12 2022)
- Week 9 Lecture 1 Secure Software Deployment (pgs 403-441) (NEW August 12 2022)
- Week 10 Lecture 1 The SAMATE Project (NEW August 12 2022)
- Week 10 Lecture 2 Wrapup and Final Exam Review
Labs
- Lab 1: A Digital Home System (NEW August 12 2022)
- Beginning Scenario
- Digital Home System SRS Document
- Digital Home System Use Case Model
- Lab 1 submission page
- Lab 2: Initial Project requirements (NEW August 12 2022)
- Project Descriptions (NEW August 12 2022)
- Lab 2 submission page
- Lab 3: Asset Definition and Abuse Case Definition (NEW August 12 2022)
- Lab 4: Architectural Design (NEW August 12 2022)
- Lab 5: Threat Modeling (NEW August 12 2022)
- Elevation of Privilege (EoP) Threat Modeling Card Game
- Microsoft SDL Threat Modeling Tool
- Microsft Threat Modeling Tool tutorial article
- Lab 5 submission page
- Lab 6: Proxies at the Casino Royale and Books of Insecurity (NEW August 12 2022)
- Webscarab proxy software
- Hackme Casino Installation Download
- Hackme Casino Tutorial Guide
- Hackme Books Installation Download
- Hackme Books Windows Installer
- Hackme Books Tutorial Guide
- Lab 6 submission page
- Lab 7: Of Bugs and Finding Them (NEW August 12 2022)
- Hackme Books Source Code
- Fortify Static Analysis Tool Installer
- Fortify Static Analysis Tool License File
- Lab 7 submission page
- Lab 8: Penetration testing and Finding What is out there (NEW August 12 2022)
- NMAP Download
- Nessus Download
- Metasplotable Virual Machine for VMWare
- VMWare Player Download
- Fortify Static Analysis Tool License File
- Lab 8 submission page
- Lab 9: Fuzz Testing (NEW August 12 2022)
- Java Development Package (NEW August 12 2022)
- Lab 9 submission page