Secure programming

 
Vakcode:
XB_40005
Periode:
Periode 2
Credits:
6.0
Voertaal:
Engels
Faculteit:
Faculteit der Exacte Wetenschappen
Coördinator:
dr. D.A. Andriesse
Examinator:
dr. D.A. Andriesse
Docenten:
dr. D.A. Andriesse
Lesmethode(n):
Hoorcollege
Niveau:
300

Doel vak

This is an introductory course on information security. The emphasis
will be on how to develop applications with security in mind. At the
end of the course, students should be familiar with the following:

1. Importance of security in modern engineering.
2. How common cryptographic primitives work, and why they are essential.
3. How bugs can degrade the security of software.
4. Common memory corruption bugs and their (security) side-effects in
software.

Inhoud vak

The course is divided into the following modules:

A. Understanding Cryptographic primitives
1. Confidentiality, Integrity and Authentication (CIA) properties
2. Symmetric/asymmetric/stream ciphers
3. Digital certificates/signatures
4. Cryptographic hash Functions
5. OpenSSL engineering

B. Understanding (and avoiding) low-level bugs
1. Process memory layout
2. Buffer overflows
3. Integer overflow/format strings
4. Bug detection and mitigation
5. Secure Development Lifecycle (SDL)

C. Special topics in Security (optional)

Onderwijsvorm

Lectures and practical assignments.

Toetsvorm

Written Exam (60%). Practical assignments (40%).

Literatuur

1. Principles of Information Security, By Michael E. Whitman and Herbert
J. Mattord.
2. Security Engineering: A Guide to Building Dependable Distributed
Systems by Ross J. Anderson (free on-line:
http://www.cl.cam.ac.uk/~rja14/book.html)
3. Online materials (articles)

Vereiste voorkennis

Knowledge of computer programming, preferably in C. Some knowledge of
assembly is beneficial.

Aanbevolen voorkennis

Background in mathematics (number theory), working knowledge of web,
programming in C and (to a limited extent) assembly, scripting in
Python.

© Copyright Vrije Universiteit Amsterdam
asnDCcreatorasvVUAmsterdam asnDCdateasv2018 asnstudyguideasvmodule asnDCidentifierasv51261094 asnDCtitleasvSecureprogramming asnperiodasv120 asnperiodasv asncreditsasv6p0 asnvoertaalasvE asnfacultyasv50000044 asnDCcoverageasvdrDAAndriesse