Developing Secure Software


General Material

  1. Syllabus (NEW September 9 2015)
  2. Ubiquitous Presenter Lecture Notes
  3. Ubiquitous Presenter Interactive Tutorial
  4. Piazza Discussion Board
  5. Article Summary Assignment (NEW September 9 2015)

Exam Information

  1. Midterm Exam Review Sheet (NEW September 9 2015)
  2. Final Exam Review Sheet (NEW September 9 2015)

Article summaries

Name Article Summary Article Summary Podcast Summary
Bitz, Scott
Bladorn, Ryan Sean W. Smith, "Security and Cognitive Bias: Exploring the Role of the Mind," IEEE Security & Privacy,
vol. 10, no. 5, pp. 75-78, Sept.-Oct., 2012
Desai, Mrudang
Dan Thomsen, Jeremy Epstein, Peter G. Neumann, "Lost Treasures," IEEE Security & Privacy, vol. 10, no. 6, pp. 17-19, Nov.-Dec., 2012
Dietel, Derik Prandini, M.; Ramilli, M.; , "Return-Oriented Programming," Security & Privacy, IEEE , vol.10, no.6, pp.84-87, Nov.-Dec. 2012 Interview with Bruce Schneier
Franklin, Justin Shamos, Michael; Yasinsac, Alec; , "Realities of E-voting Security," Security & Privacy, IEEE , vol.10, no.5, pp.16-17, Sept.-Oct. 2012 Flash Memory for Ubiquitous Hardware Security Functions: True Random Number Generation and Device Fingerprints
Gustafson, Kyle “Analysis of a Botnet Takeover”
By Brett Stone-Gross, Marco Cova, Bob Gilbert, Richard Kemmerer, Christopher Kruegel, Giovanni Vigna
From IEEE Security and Privacy Magazine, Jan 2011, pp. 64-72
Detecting Hoaxes, Frauds, and Deception in Writing Style Online
Heinz, Eric Shrobe, H.; Adams, D.; , "Suppose We Got a Do-Over: A Revolution for Secure Computing," Security & Privacy, IEEE , vol.10, no.6, pp.36-39, Nov.-Dec. 2012 Revealing the Nuts and Bolts of the Security of Mobile Devices
Hogue, Thomas Smith, Sean W. "Security and Cognitive Bias: Exploring the Role of the Mind."
IEEE Security & Privacy, Sept.-Oct. 2012. Web. 12 Jan. 2013.
Foundations of Logic Based Trust Management
Johnsen, Bradley
Kuszewski, Jacob Smith, S.W.; , "Security and Cognitive Bias: Exploring the Role of the Mind," Security & Privacy, IEEE , vol.10, no.5, pp.75-78, Sept.-Oct. 2012 The Quest to Replace Passwords
Raiche, Duane Security in Open Source Web Content Management Systems
Article Date: July/August 2009 (vol. 7 no. 4) from IEEE Security & Privacy Magazine
Dissecting Android Malware: Characterization and Evolution
Stewart, Emil Signing me onto Your Accounts through Facebook and Google: a Traffic Guided Security Study of Commercially Deployed Single-Sign on Services AN INTERVIEW WITH HOWARD SCHMIDT
Walker, Timothy Chameleon and Werewolf Attacks
Wasielewski, Thaddeus How Good are Humans at Solving Captchas? Roesner, F.; Kohno, T.; Moshchuk, A.; Parno, B.; Wang, H.J.; Cowan, C.; , "User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems," Security and Privacy (SP), 2012 IEEE Symposium on , vol., no., pp.224-238, 20-23 May 2012

Lectures

  1. Week 1 Lecture 1 Introduction: What is the Security Problem and How will we deal with it. (NEW September 9 2015)
  2. Week 1 Lecture 2 Secure Software Concepts (pgs 1-28) (NEW September 9 2015)
  3. Week 2 Lecture 1 Software Security Touchpoints (pgs. 29-73) (NEW September 9 2015)
  4. Week 2 Lecture 2 Security Requirements (pgs 79-110) (NEW September 9 2015)
  5. Week 3 Lecture 1 Security Requirements Elicitation (pgs. 110-121) (NEW September 9 2015)
  6. Week 3 Lecture 2 Basic Design Principles (pgs. 127-147) (NEW September 9 2015)
  7. Week 4 Lecture 1 Threat Modeling: Who will attack us and why? (Handout) (NEW September 9 2015)
  8. Week 4 Lecture 2 Design: Enforcing the Principle of Least Privilege (pgs. 148-191) (NEW September 9 2015)
  9. Week 5 Lecture 1 Design Aspects (Architecture) (pgs 192-227) (NEW September 9 2015)
  10. Week 5 Lecture 2 Design Aspects (Architecture) (pgs 192-227) (NEW September 9 2015)
  11. Week 6 Lecture 1 Catch Up
  12. Week 6 Lecture 2 Midterm Exam
  13. Week 7 Lecture 1 Code Review with a Tool: Detecting out implementation mistakes (NEW September 9 2015)
  14. Week 7 Lecture 1 Secure Software Implementation and Coding (pgs 233-295) (NEW September 9 2015)
  15. Week 8 Lecture 1 Secure Software Testing (pgs 323-343) (NEW September 9 2015)
  16. Week 8 Lecture 2 Secure Software Testing, Part 2 (pgs 344-361) (NEW September 9 2015)
  17. Week 9 Lecture 1 Software Acceptance (pgs 367-398) (NEW September 9 2015)
  18. Week 9 Lecture 1 Secure Software Deployment (pgs 403-441) (NEW September 9 2015)
  19. Week 10 Lecture 1 The SAMATE Project (NEW September 9 2015)
  20. Week 10 Lecture 2 Wrapup and Final Exam Review

Labs

  1. Lab 1: A Digital Home System (NEW September 9 2015)
  2. Lab 2: Initial Project requirements (NEW September 9 2015)
  3. Lab 3: Asset Definition and Abuse Case Definition (NEW September 9 2015)
  4. Lab 4: Architectural Design (NEW September 9 2015)
  5. Lab 5: Threat Modeling (NEW September 9 2015)
  6. Lab 6: Proxies at the Casino Royale and Books of Insecurity (NEW September 9 2015)
  7. Lab 7: Of Bugs and Finding Them (NEW September 9 2015)
  8. Lab 8: Penetration testing and Finding What is out there (NEW September 9 2015)
  9. Lab 9: Fuzz Testing (NEW September 9 2015)

Videos

  1. Elevation of Privilege (EoP) Threat Modeling Card Game
  2. Microsoft SDL Threat Modeling Tool