NDAK21007U Software Security (SOS)

Volume 2023/2024
Content

The course is focused on software security studied from a programming language perspective. The course will present a variety of techniques based on programming language semantics that serve to improve or guarantee the security of a program. Topics that will be covered in the course include information-flow control, vulnerability analysis, and software-fault isolation and sand-boxing.  We will address the problem of security of a variety of languages (high- and low-level) coming from different programming paradigms.  The course will provide introductions to relevant program analysis techniques such as abstract interpretation and type systems and demonstrate their applications on a selection of use cases.

Learning Outcome

Knowledge of

  • Basic software security policies, their formalisation as program properties.
  • The role of a precise (formal) semantics for a programming language in developing  techniques for enforcing security policies.

 

Skills to

  • Describe properties relevant to software security and define what they mean precisely. 
  • Formalize ideas and concepts into rigorous definitions and make falsifiable (or provable) statements about them.

 

Competences to

  • Read, assess and communicate research papers in language-based security.
  • Apply central results in the given area of studies.

 

See Absalon for the final curriculum, but it will contain: 

  • Course notes. 
  • Research articles and excerpts from books, distributed electronically.
Proactive Computer Security (PCS) and Semantics and Types (SaT) are recommended
Lectures, in-class exercises, group work on programming and analysis assignments.
  • Category
  • Hours
  • Lectures
  • 28
  • Preparation
  • 146
  • Exercises
  • 21
  • Exam Preparation
  • 10
  • Exam
  • 1
  • Total
  • 206
Oral
Individual
Collective
Continuous feedback during the course of the semester
Credit
7,5 ECTS
Type of assessment
Written assignment
Oral examination, 30 min.
Type of assessment details
The exam has two parts:
1) 3-4 individual/group written assignments during the course
2) an individual oral exam (30 minutes) based on the written assignments.
The final grade is based on an overall assessment of the handed-in assignments and the oral exam.
Aid
All aids allowed
Marking scale
7-point grading scale
Censorship form
No external censorship
Several internal examiners
Re-exam

A resubmission of revised written assignments and a 30 minutes individual oral examination without preparation. 

Criteria for exam assesment

See Learning Outcome.