home button

Foundations of Software Security
USF CIS 6930, Spring 2014


Final grades are posted in Canvas.

Course materials



Please use Canvas to check your grades.

Schedule (filled in as the semester progresses)

Dates Topics Reading
01/06 Introduction and definitions
01/08 Runtime monitoring and policy-specification languages The first 16 pages of Composing Expressive Run-time Security Policies
01/13 Security definitions and models The first 10 pages of Run-time Enforcement of Nonsafety Policies
01/15 Security definitions and models Everything through Theorem 1 (on p.9), plus Section 8, in Modeling Runtime Enforcement with Mandatory Results Automata
01/22 Policy-specification languages and mobile-device security A Location-based Policy-specification Language for Mobile Devices (article is accessible from the USF campus network)
01/27 Vulnerability rankings (1) 2011 CWE/SANS Top 25 Most Dangerous Software Errors
(2) OWASP Top 10 2013 Project
Please do not worry about memorizing the details of these lists! Please just focus on the high-level results.
01/29 Buffer overflows StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks
02/03 Code injections Sections 1-4 of Defining Code-injection Attacks
02/05 XSS Sections 1-3 of Defeating Script Injection Attacks with Browser-Enforced Embedded Policies
02/10 Privacy I Still Know What You Visited Last Summer
02/12 Game security Sections I to VI of OpenConflict: Preventing Real Time Map Hacks in Online Games
02/17 Security usability On the Challenges in Usable Security Lab Studies: Lessons Learned from Replicating a Study on SSL Warnings
02/19 App permissions Android Permissions: User Attention, Comprehension, and Behavior
02/24 Passwords Measuring password guessability for an entire university
02/26 Firewall policies and enforcement A Packet-classification Algorithm for Arbitrary Bitmask Rules, with Automatic Time-space Tradeoffs
03/03 Student presentations (Project-proposal presentations)
03/05 Student presentations (Project-proposal presentations)
03/17 Tracking AccelPrint: Imperfections of Accelerometers Make Smartphones Trackable
03/19 Side channels Screenmilker: How to Milk Your Android Screen for Secrets
03/24 Noninterference and information flow Principles of Secure Information Flow Analysis
03/26 Control-flow Integrity Sections 1-5 of Control-Flow Integrity: Principles, Implementations, and Applications
03/31 DRM Lessons from the Sony CD DRM Episode
04/02 Temperature (hot) attacks Using Memory Errors to Attack a Virtual Machine
04/07 Temperature (cold) attacks Lest We Remember: Cold Boot Attacks on Encryption Keys
04/09 Trustworthiness and backdoors Reflections on Trusting Trust
04/14 Student presentations (Final project presentations)
04/16 Student presentations (Final project presentations)
04/21 Student presentations (Final project presentations)
04/23 Student presentations (Final project presentations)