NDAK21007U Software Security (SOS)

Volume 2021/2022

The course is focused on software security studied from a programming language perspective. The course will present a variety of techniques based on programming language semantics that serve to improve or guarantee the security of a program. Topics that will be covered in the course include information-flow control, vulnerability analysis, and software-fault isolation and sand-boxing.  We will address the problem of security of a variety of languages (high- and low-level) coming from different programming paradigms.  The course will provide introductions to relevant program analysis techniques such as abstract interpretation and type systems and demonstrate their applications on a selection of use cases.

Learning Outcome

Knowledge of

  • Basic software security policies, their formalisation as program properties.
  • The role of a precise (formal) semantics for a programming language in developing  techniques for enforcing security policies.


Skills to

  • Describe properties relevant to software security and define what they mean precisely. 
  • Formalize ideas and concepts into rigorous definitions and make falsifiable (or provable) statements about them.


Competences to

  • Read, assess and communicate research papers in language-based security.
  • Apply central results in the given area of studies.


See Absalon for the final curriculum, but it will contain: 

  • Course notes. 
  • Research articles and excerpts from books, distributed electronically.
Proactive Computer Security (PCS) and Semantics and Types (SaT) are recommended
Lectures, in-class exercises, group work on programming and analysis assignments.
  • Category
  • Hours
  • Lectures
  • 28
  • Preparation
  • 146
  • Exercises
  • 21
  • Exam Preparation
  • 10
  • Exam
  • 1
  • Total
  • 206
Continuous feedback during the course of the semester
7,5 ECTS
Type of assessment
Continuous assessment
Oral examination, 20 min.
Continuous assessment based on 3-4 individual/group assignments and a final individual oral examination based on the assignments(20min.).
The final grade is based on an overall assessment of the handed-in assignments and the oral exam.
All aids allowed
Marking scale
7-point grading scale
Censorship form
No external censorship
Several internal examiners

A resubmission of revised written assignments and a 20 minutes individual oral examination without preparation. 

Criteria for exam assesment

See Learning Outcome.