home button

Foundations of Software Security
USF CIS 6930, Spring 2013


Final grades are now posted on Blackboard.

Course materials



Please use Blackboard to check your grades.

Schedule (filled in as the semester progresses)

Dates Topics Reading
01/07 Introduction and definitions Class notes
01/09 Security definitions and models Sections 1-2, Section 3.0 to Theorem 3.1, Section 3.2 to Theorem 3.3, and Section 4 of Run-time Enforcement of Nonsafety Policies
01/14 Definitions and models Modeling Runtime Enforcement with Mandatory Results Automata (manuscript handed out in class)
01/16 Stack inspection; policy-specification languages IRM Enforcement of Java Stack Inspection
01/23 Policy-specification languages A Location-based Policy-specification Language for Mobile Devices (local version here)
01/28 Mobile-device security Android Permissions Demystified
01/30 Vulnerability trands; Buffer overflows (1) 2011 CWE/SANS Top 25 Most Dangerous Software Errors
(2) StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks
(Please just turn in a summary of the second paper.)
02/04 Code injections Defining Code-injection Attacks
02/06 XSS Defeating Script Injection Attacks with Browser-Enforced Embedded Policies
02/11 Web vulnerabilities Scriptless Attacks - Stealing the Pie Without Touching the Sill
02/13 Side channels; Social networks Deanonymizing Mobility Traces: Using Social Networks as a Side-Channel
02/18 Security usability (1) On the Challenges in Usable Security Lab Studies: Lessons Learned from Replicating a Study on SSL Warnings
(2) Android Permissions: User Attention, Comprehension, and Behavior
(Please just turn in a summary of the second paper.)
02/20 Security usability How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation
02/25 Search-engine tricks SURF: Detecting and Measuring Search Poisoning
02/27 Game security OpenConflict: Preventing Real Time Map Hacks in Online Games
03/04 Student presentations (Project-proposal presentations)
03/06 Student presentations (Project-proposal presentations)
03/18 Privacy I Still Know What You Visited Last Summer: Leaking browsing history via user interaction and side channel attacks
03/20 Cryptographic protocols Programming Satan's Computer
03/25 Control-flow integrity Control-Flow Integrity: Principles, Implementations, and Applications
03/27 Noninterference and information flow Principles of Secure Information Flow Analysis
04/01 DRM Lessons from the Sony CD DRM Episode
04/03 Temperature (hot) attacks Using Memory Errors to Attack a Virtual Machine
04/08 Temperature (cold) attacks Lest We Remember: Cold Boot Attacks on Encryption Keys
04/10 Backdoors Reflections on Trusting Trust
04/15 Student presentations (Final project presentations)
04/17 Student presentations (Final project presentations)
04/22 Student presentations (Final project presentations)
04/24 Student presentations (Final project presentations)