TDDC90 Software Security (6 ECTS)
Literature and lecture notes
The literature for this course is a collection of papers. Some papers may be accessible only via the university library's website.
All papers listed below and the lecture notes are manadory reading. There is also a separate list of additional material to give you a deeper understanding of the topics (not required for the exam!).
Lecture notes for 2012More material will be added during the course.
Introduction (lecture 1)
|K. M. Goertzel. Introduction to software security|
|D. Wheeler. Secure Programmer: Developing Secure Programs|
Vulnerabilities, exploits and prevention (lecture 2 and 4)
Again, we are mainly concerned with the principles. Note that some of the required papers may cover attacks on protection mechanisms. You will be expected to understand both the principles of the protection mechanisms and the principles of the attack.
The following article was added to the mandatory material 31/10.
|S. Alexander. Defeating compiler-level buffer overflow protection. ;login:, June 2005.|
Static analysis(lecture 3)
|P. Emanuelsson, U. Nilsson. A comparative study of industrial static analysis tools (extended version).|
|V. B. Livshits, M. Lam. Finding Security Vulnerabilities in Java Applications with Static Analysis|
Updated 29/10: The paper by Balakrishnan et.al. is no longer mandatory, but may give a deeper understanding of the subject.
Security testing (lecture 5)
Some of the papers in this section describe specific tools. These tools are representative of a class of approaches to static or dynamic analysis. You will be expected to understand the principles and ideas behind the tools, but you are not required to remember details about individual tools.
|P. Oehlert. Violating assumptions with fuzz testing. IEEE Security & Privacy, 2005.|
From the following paper you need to understand the concept and use of whitebox fuzz testing. You do not need to understand the specific algorithm. Read section 1 and the conclusions of section 4 and 6. Skim through the rest of ther material to get an overview.
|P. Godefroid, M. Levin, D. Molnar. Automated Whitebox Fuzz Testing. Microsoft Research Technical Report MSR-TR-2007-58.|
Secure programming and design (lecture 5)
|N. Provos, M. Friedl, P. Honeyman. Preventing privilege escalation. In Proceedings of the 12th USENIX Security Symposium. August 2003.|
|D. Wheeler. Secure Programmer: Validating Input|
|D. Wheeler. Secure Programmer: Keep an Eye on Inputs|
From the following report you are expected to read the introduction (pages 1-4) and the details of at least three patterns of your choice other than PrivSep.
|C. Dougherty, K. Sayre, R. C. Seacord, D. Svoboda, K. Tagashi. Secure Design Patterns. Technical Report CMU/SEI-2009-TR-010.|
Code inspections (lecture 6)
There is no mandatory reading for this lecture, but we reccommend that you read the additional material on code inspections before this lecture.
Security requirements (lecture 7 and 8)
|N. Mead. Security Requirements Entineering|
|N. Mead. SQUARE Process|
|G. Sindre, A. Opdahl. Capturing Security Requirements through Misuse Cases|
Secure development lifecycle processes (lecture 7, 8 and 9)
|G. McGraw. The 7 Touchpoints of Software Security|
|N. Davis. Secure Software Development LifeCycle Processes|
There is no mandatory material for the guest lecture on common criteria (lecture 9), but we reccommend that you look at the additional material for this topic.
Risk and threat analysis (lecture 7 and 8)
|B. Schneier. Attack trees: modeling security threats. Dr.Dobb's Journal, December 1999.|
|P. Hope, S. Lavenhar, G. Peterson. Architectural Risk Analysis|
|G. McGraw. Risk Management Framework|
Page responsible: Nahid Shahmehri
Last updated: 2012-12-11