home button

Foundations of Software Security
USF CIS 6373, Spring 2024


Final grades are posted in Canvas.

Course materials


Test I

Test II

Test III


Please use Canvas to check your grades.

Schedule (filled in as the semester progresses)

Dates Topics Reading (discussed in class)
01/08 Introduction Class notes
01/10 Research publications Sections 1-2 of Enforceable Security Policies
01/17 Enforceability theory (Sections 1-2 of the same paper)
01/22 Enforceability theory (all of the same paper)
01/24 Enforceability theory (all of the same paper)
01/29 Enforceability theory Class notes
01/31 Enforceability theory Sections 1-4 and Section 8 of MRAs
02/05 Enforceability theory Pages 1-10 of Gray Policies. You may skip Section 2.3.
02/07 Enforceability theory GUT
02/12 Test 1 Class notes
02/14 Discussion of Test 1 Class notes
02/19 Authentication Coauthentication
02/21 Cryptography (same paper)
02/26 Authentication; Cryptographic protocols (same paper)
02/28 Advanced topics in authentication (same paper)
03/04 Software vulnerabilities and trends (1) CWE Top 25 and
(2) OWASP Top 10
03/06 Buffer overflows StackGuard
03/18 Test 2 Class notes
03/20 Discussion of Test 2 Class notes
03/25 Memory corruption CFI (you may skip Section 6 and the Appendix)
03/27 Code-Injection Attacks CIAOs
04/01 Noncode-Injection Attacks BroNIEs
04/03 Identifier-Injection Attacks SQL-IDIAs
04/08 Firewalls; Packet classification; Noninterference (1) Grouper and (2) Principles of Secure Information Flow Analysis
(Please just try to understand the main ideas from the second paper; don't worry about the details)
04/10 Security usability (1) Challenges and (2) Coauthentication
04/15 Policy specification ProProv
04/17 Secure software development Co-Creation
04/22 Secure software development Situated Learning
04/24 Trust; Backdoors Reflections
04/29 Test 3 (Final Exam), 12:30-2:30pm All tests are cumulative