Foundations of Software Security
USF CIS 6373, Spring 2024
Announcements
Final grades are posted in Canvas.
Course materials
Grades
Please use Canvas to check your grades.
Schedule (filled in as the semester progresses)
| Dates | Topics | Reading (discussed in class) |
|---|---|---|
| 01/08 | Introduction | Class notes |
| 01/10 | Research publications |
Sections 1-2 of
Enforceable Security Policies |
| 01/17 | Enforceability theory | (Sections 1-2 of the same paper) |
| 01/22 | Enforceability theory | (all of the same paper) |
| 01/24 | Enforceability theory | (all of the same paper) |
| 01/29 | Enforceability theory | Class notes |
| 01/31 | Enforceability theory | Sections 1-4 and Section 8 of MRAs |
| 02/05 | Enforceability theory | Pages 1-10 of Gray Policies. You may skip Section 2.3. |
| 02/07 | Enforceability theory | GUT |
| 02/12 | Test 1 | Class notes |
| 02/14 | Discussion of Test 1 | Class notes |
| 02/19 | Authentication | Coauthentication |
| 02/21 | Cryptography | (same paper) |
| 02/26 | Authentication; Cryptographic protocols | (same paper) |
| 02/28 | Advanced topics in authentication | (same paper) |
| 03/04 | Software vulnerabilities and trends |
(1)
CWE Top 25 and (2) OWASP Top 10 |
| 03/06 | Buffer overflows | StackGuard |
| 03/18 | Test 2 | Class notes |
| 03/20 | Discussion of Test 2 | Class notes |
| 03/25 | Memory corruption | CFI (you may skip Section 6 and the Appendix) |
| 03/27 | Code-Injection Attacks | CIAOs |
| 04/01 | Noncode-Injection Attacks | BroNIEs |
| 04/03 | Identifier-Injection Attacks | SQL-IDIAs |
| 04/08 | Firewalls; Packet classification; Noninterference |
(1) Grouper
and (2)
Principles of Secure Information Flow Analysis
(Please just try to understand the main ideas from the second paper; don't worry about the details) |
| 04/10 | Security usability | (1) Challenges and (2) Coauthentication |
| 04/15 | Policy specification | ProProv |
| 04/17 | Secure software development | Co-Creation |
| 04/22 | Secure software development | Situated Learning |
| 04/24 | Trust; Backdoors | Reflections |
| 04/29 | Test 3 (Final Exam), 12:30-2:30pm | All tests are cumulative |