home button

Foundations of Software Security
USF CIS 6930, Spring 2012


Final grades are now posted on Blackboard.

Course materials



Please use Blackboard to check your grades.

Schedule (filled in as the semester progresses)

Dates Topics Reading
01/09 Introduction and definitions Class notes
01/11 Security definitions and models Sections 1-2, Section 3.0 to Theorem 3.1, Section 3.2 to Theorem 3.3, and Section 4 of Run-time Enforcement of Nonsafety Policies
01/18 Definitions and models A Theory of Runtime Enforcement, with Results
01/23 Stack inspection; policy-specification languages IRM Enforcement of Java Stack Inspection
01/30 Vulnerability trands; Buffer overflows (1) 2011 CWE/SANS Top 25 Most Dangerous Software Errors
(2) StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks
02/01 Code injections Defining Code-injection Attacks
02/06 XSS Defeating Script Injection Attacks with Browser-Enforced Embedded Policies
02/08 Usability (1) Using Data Type Based Security Alert Dialogs to Raise Online Security Awareness
(2) On the Challenges in Usable Security Lab Studies: Lessons Learned from Replicating a Study on SSL Warnings
(Please only turn in a summary for the first of these two papers.)
02/13 Web-commerce security How to Shop for Free Online: Security Analysis of Cashier-as-a-Service Based Web Stores
02/15 Game security OpenConflict: Preventing Real Time Map Hacks in Online Games
02/20 Search-engine Tricks SURF: Detecting and Measuring Search Poisoning
02/22 Search-engine Tricks Cloak and Dagger: Dynamics of Web Search Cloaking
02/27 Mobile Security Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices
02/29 Mobile Security Android Permissions Demystified
03/05 Student Presentations (Project-proposal presentations)
03/07 Student Presentations (Project-proposal presentations)
03/19 Privacy I Still Know What You Visited Last Summer: Leaking browsing history via user interaction and side channel attacks
03/21 GPS Spoofing On the Requirements for Successful GPS Spoofing Attacks
03/26 Noninterference and information flow Principles of Secure Information Flow Analysis
03/28 Cryptographic protocols Programming Satan's Computer
04/02 Control-flow integrity Control-Flow Integrity: Principles, Implementations, and Applications
04/04 Non-control Data Attacks Modular Protections against Non-control Data Attacks
04/09 Temperature (physical) attacks (1) Using Memory Errors to Attack a Virtual Machine
(2) Lest We Remember: Cold Boot Attacks on Encryption Keys
(Please choose either of these two papers to summarize.)
04/11 Backdoors Reflections on Trusting Trust
04/16 Student presentations (Final project presentations)
04/18 Student presentations (Final project presentations)
04/23 Student presentations (Final project presentations)
04/25 Student presentations (Final project presentations)