Instructor Contact Info Tel:412-624-9982
Office Hours By Appointment (Or just drop by when you see me in my office)
|
|
| INFSCI 2620 Developing Secure Systems (Fall 2014) This Course can be used for SAIS Track Elective OR Capstone Requirement PhD Core Area/ Systems and Technology
Wednesdays; 6:00 - 8:50PM Room IS 406 | | |
Announcement Assignments (research papers, articles)
| | IMPORTANT Course Update note for Fall 2014 This course is being significantly revised to align with the new requirements for Knowledge Units and Focus Areas in Information Security established by the US National Security Agency (click here to see the Knowledge Units, and Focus Areas). In particular, the revision will make this course a more structured course with specific labs and projects - unlike in the past when it was a flexible course with reading assignments and open projects. The course will also aim at addressing some or all of requirements of the following Focus Areas: · Secure software development · Security Engineering · Secure Mobile technology The updated curriculum will include Labs related to: 1. Buffer Overlow, 2. SQL Injections and Cross-Site Scripting 3. Reverse Engineering 4. Code analysis tools and security testing tools 5. Verification tool TOOLS: Some tools that the students will be working with include
Course Description Development of high-assurance software systems is a growing challenge in emerging complex systems. Secure by design is emerging as a basic principle for trustworthy computing and as a preferred way to ensure the security of networked information systems and infrastructures. This course will focus on this issue and fosters the design, implementation as well as verification/validation of secure software systems and architectures. A key coverage will include principles and practices of secure and high assurance software development process, including security development lifecycle models, and design/verification/validation using languages and tools such as UML. Tools and techniques for code analysis and testing, and evaluation and certification of software will also be emphasized. The course will also cover secure programming principles using different languages, with particular focus in secure software development. Key topics summary: 1. Secure development methodologies/models, assurance techniques (certification, validation, etc.) 2. Secure programming issues/practices and tools 3. Software assurance and Security analysis - tools and techniques 4. Secure design, testing and systems security engineering (e.g., protocol verification, model-based techniques, etc.) 5. Supply Chain Security, Life-Cycle Security, Security Risk Analysis Course Objectives 1. Understand the principles and methodologies for designing and implementing secure systems, and establishing software assurance 2. Understand and analyze code for vulnerabilities and learn secure programming practices 3. Use of tools for code analysis and security property verifications (labs) 4. Apply secure design principles to build a real system (projects) Prerequisites
Course Material & Tools There is no one book that covers all the topics considered in this course. All the relevant books are still being checked to see if one can be used as the main text book. Here are some reference books that will be recommended for the course.
Most of these and others useful materials are available through the Pitt domain in Safari Online. Check this page for the online books that are available (you can search for the book here). Grading (Tentative – the distribution may be changed based on class interest)
· Read/Review and/or present research papers or articles · Assignments/quizzes · Lab exercises
· Two exams · One project If you are having a disability for which you are or may be requesting an accommodation, you are encouraged to contact both your instructor and the Office of Disability Resources and Services (DRS), 216 William Pitt Union (412-648-7890/412-383-7355) as early as possible in the term. DRS will verify your disability and determine reasonable accommodations for this course. | | | |
| | | | | |
| |
| | |