CNT 4419, Fall 2020
Secure Coding
Announcements
Final grades are posted on Canvas.
Course materials
Schedule (filled in as the semester progresses)
| Week | Dates | Topics | Reading |
|---|---|---|---|
| 1 | 08/24, 08/26 | Introduction, Definitions, Access control, CIA | Textbook Chapter 1 |
| 2 | 08/31, 09/02 | (daily quizzes begin) Policies, Properties, Mechanisms, Enforcement | Enforceable Security Policies |
| 3 | 09/09 | Safety, Liveness | Enforceable Security Policies |
| 4 | 09/14, 09/16 | Safety, Liveness, (Un)Enforceability | §1-4, 8 of MRAs |
| 5 | 09/21, 09/23 | Security quantification, Threats, Tradeoffs | (1) A Theory of Gray Security Policies (2) Textbook Chapter 2 |
| 6 | 09/28, 09/30 | Secure design | Textbook Chapters 2-3 |
| 7 | 10/05, 10/07 | Buffer overflows; Type safety | (1a) Textbook Chapters 5-6 (1b) 2020 CWE Top 25 Most Dangerous Software Weaknesses (2) StackGuard |
| 8 | 10/12, 10/14 | Buffer-overflow, format-string, and integer-overflow attacks | (1) §1-5 of CFI (2) Textbook Chapter 6 |
| 9 | 10/19, 10/21 | Networking and communications; Protocols; DoS | (1)
Internet Protocol Suite (2a) Handshaking (2b) OSI Model |
| 10 | 10/26, 10/28 | Firewalls; IDSs; Web applications | Textbook Chapter 7 |
| 11 | 11/02, 11/04 | Client-state manipulation; CSRF | Textbook Chapter 7 |
| 12 | 11/09 | OWASP Top 10; Databases; Information management; SQL | (1) OWASP Top 10 (2) SQL Tutorial |
| 13 | 11/16, 11/18 | SQL injection attacks | (1) Textbook Chapter 8 (2) Defining Injection Attacks |
| 14 | 11/23 | SQL injection attacks; XSS | SQL-IDIAs |
| 15 | 11/30, 12/02 | Cryptography | Class notes |