In this course the student learns key principles, methods, and techniques for enforcing security in software during development and construction. It complements but is very different in scope from other security courses that focus on different aspects of security at the system or network communication level. The key engineering skill taught in the course is how to build secure software applications, a very important skill in modern software development industry.
Although security in computing systems can be largely enforced at the level of operating system stack, operating-system security focus on low-level attacks (such as access control policies, protecting particular files, or cryptographic communication protocols), many attacks are high-level, or application-level (such as email worms that pass by access controls pretending to be executed on behalf of a mailer application).
Many security flaws, such as insecure dataflows or leaks, are also often due to design or progamming errors at the application stack level. The key to defending against application-level security breaches requires considering application-level security.
The emphasys of the course is thus on the application level, and covering aspects related to both code and data.
During the course, students develop a supervised project of a complete data-centric application fully secure according to a well-defined set of general requirements and specific application level policies. The skeleton and source code of a well-designed application will be given to the students as a starting point.
Luís Manuel Marques da Costa Caires
Weekly - 4
Total - Available soon
Good knowledge of software development principles and programming languages, distributed systems, algoithms and data structures, and databases, and basics of web programming.
Secure Software Lifecycle, CyBok chapter by Laurie Williams, 2019
Software Security, CyBok chapter by Frank Piessens, 2018
Avoiding the Top 10 Security Design Flaws, IEEE, 2014.
The Tangled Web: A Guide to Securing Modern Web Applications, Michał Zalewski, 2011
Papers and web links.
(changed to deal with teh absense of presential lectures, due to the
Midterm tesrt (7 points)
Final test (7 points)
H01 (3 points)
sequence of four small short weekly exercices.
H02 (3 points)
implementtation of a small security framework for web apps.
1. Software Security Concepts. Security Properties. Threat and Attacker Modelling. How to express security properties and policies. Security Properties as System Invariants.
2. Principles of Secure Software Design. Basic principles (Least Privilege; Fail-Safe Defaults; Economy of Mechanism; Complete Mediation; Separation of Duties; Least Common Mechanism), and how they map into programming / architectural concepts. Preservang security across modules and trust maintenance: some basic techniques.
3. Authorization. Authorization and Access control models. Access control policies and rules. General languages and frameworks for expressing and enforcing authorization. Signatures and certificates. Language-Based authorization security: Authorization in runtime support systems, Stack inspection, Proof carrying code, signed code (Java). Permissions and object-capability models (Google Caja).
5. Domain Specific Security Threats. Two sample scenarios: Web Applications (code injection, cross-site scripting, cross-site request forgery, and session hijacking). Unsafe Languages (exploiting unsafety to violate integrity – buffer overruns, stack smashing). Countermeasures to sample threats using general principles and techniques (information flow, capabilities, tanting, monitors).
6. Data Security and Provenance. Schema oriented security and row oriented security. Access Control in Data Models. Database inference. Balancing privacy and utility; statistical database security; k-anonymity; differential privacy, privacy languages. Provenance models and languages.
Programs where the course is taught: