home button

Foundations of Software Security
USF CIS 6373, Spring 2023


Final grades are posted in Canvas.

Course materials



Please use Canvas to check your grades.

Schedule (filled in as the semester progresses)

Dates Topics Reading (discussed in class)
01/09 Introduction Class notes
01/11 Enforceability theory Enforceable Security Policies
(for today, just Sections 1-2)
01/18 Research publications; Enforceability theory (same paper, again Sections 1-2)
01/23 Enforceability theory (same paper, again Sections 1-2)
01/25 Enforceability theory (all of the same paper)
01/30 Enforceability theory (all of the same paper, for the last time)
02/01 Enforceability theory Sections 1-4 and Section 8 of MRAs
02/06 Enforceability theory (same)
02/08 Enforceability theory Pages 1-10 of Gray Policies. You may skip Section 2.3. That is, read through Theorem 3 while skipping Section 2.3.
02/13 Enforceability theory (same)
02/15 Enforceability theory GUT
02/20 Authentication; Cryptographic protocols Coauthentication
02/22 Authentication; Cryptographic protocols (same)
02/27 Vulnerability trends (1) CWE Top 25
and (2) OWASP Top 10
Please just try to get the main ideas from these readings.
03/01 Buffer overflows StackGuard
03/06 Buffer overflows and related attacks CFI (you may skip Section 6 and the Appendix)
03/08 (1) Same reading again on CFI
and (2) the CWE Top 25 again
03/20 Proposal presentations (none)
03/22 Proposal presentations (none)
03/27 CFI; Code-Injection Attacks (1) Same reading again on CFI
(2) CIAOs
03/29 Noncode-Injection Attacks BroNIEs
04/03 SQL-Identifier Injection Attacks SQL-IDIAs
04/05 Physical Memory Attacks (1) Hot
and (2) Cold
04/10 Usability (1) Challenges
and (2) Coauthentication
04/12 Secure Software Development Co-creation
04/17 Secure Software Development Situated Learning
04/19 Trust; Backdoors Reflections
04/24 Final presentations (none)
04/26 Final presentations (none)