home button

Foundations of Software Security
USF CIS 6373, Fall 2019

Announcements

Final grades are posted in Canvas.

Course materials

Syllabus

Test I

Test II

Test III

Grades

Please use Canvas to check your grades.

Schedule (filled in as the semester progresses)

Dates Topics Reading (discussed in class)
08/26 Introduction Class notes
08/28 Research publications; Enforceability theory Enforceable Security Policies
09/04 Automata; Enforceability theory Enforceable Security Policies
09/09 Properties; Safety; Enforceability theory Enforceable Security Policies
09/11 Liveness; Enforceability theory Enforceable Security Policies
09/16 Security automata; Enforceability theory Run-time Enforcement of Nonsafety Policies
09/18 Security automata; Enforceability theory Run-time Enforcement of Nonsafety Policies
09/23 Exchange-based traces; Enforceability theory Modeling Runtime Enforcement with Mandatory Results Automata
09/25 Security quantification A Theory of Gray Security Policies
09/30 Test 1 Class notes
10/02 Policy specification and composition Composing Expressive Run-time Security Policies (article is accessible from the USF campus network)
10/07 Location-based policies and mobile-device security A Location-based Policy-specification Language for Mobile Devices (article is accessible from the USF campus network)
10/09 Firewall policies; Packet classification A Packet-classification Algorithm for Arbitrary Bitmask Rules, with Automatic Time-space Tradeoffs
10/14 User authentication Coauthentication
10/16 User authentication; Cryptographic protocols Coauthentication
10/21 Cryptographic protocols; Vulnerability categories (1) Coauthentication (2) 2019 CWE/SANS Top 25 Most Dangerous Software Errors (3) OWASP Top 10 - 2017
10/23 Buffer overflows; Canaries StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks
10/28 Buffer-overflow defenses; Format-string attacks Class notes
10/30 Format-string attacks; Integer overflows Class notes
11/04 Test 2 Class notes
11/06 Test 2 discussion Class notes
11/13 Control-flow integrity Control-Flow Integrity: Principles, Implementations, and Applications
11/18 Code-injection attacks Defining Code-injection Attacks
11/20 Noncode-injection attacks Defining Injection Attacks
11/25 ID-injection attacks SQL-Identifier Injection Attacks
12/02 Information flow; Noninterference Principles of Secure Information Flow Analysis
12/04 Security usability; Trustworthiness (1) On the Challenges in Usable Security Lab Studies: Lessons Learned from Replicating a Study on SSL Warnings and (2) Reflections on Trusting Trust
12/11 Final Exam (All tests are cumulative)