Course Unit / Design and Development of Secure Software

Design and Development of Secure Software

Year
1
Academic year
2020-2021
Code
02033275
Subject Area
Informatics Security
Language of Instruction
Portuguese
Other Languages of Instruction
English
Mode of Delivery
Face-to-face
Duration
SEMESTRIAL
ECTS Credits
6.0
Type
Compulsory
Level
2nd Cycle Studies - Mestrado

Recommended Prerequisites

BSc in Informatics Engineering or equivalent.

Teaching Methods

Lecture classes (T): presentation and discussion around the topics of the course.

Lab classes (PL): application of theoretical concepts in projects.

The MSI theoretical classes will take place, preferably, Friday afternoon and Saturday morning. Theoretical classes will also be broadcast by teleconference and will be recorded to allow the students to follow the classes remotely.

The practical classes will be preferably booked Friday morning. The practical assignments may also be developed by the students in remote and asynchronous mode with remote support of teachers.

Learning Outcomes

The aim of this course is to provide knowledge on advanced techniques for the development of secure software. It is expected that students master the different aspects of developing software with security requirements, being able to identify existing alternatives and selecting and implementing the most adequate ones. The course considers the different phases of the software development lifecycle, from requirements engineering to testing. Beyond acquiring knowledge on the fundamentals of the area, students are expected to gain competences in the analysis, design, development and validation of secure software through their application in real-world case studies.

Work Placement(s)

No

Syllabus

• Security Concepts: Vulnerabilities, Threats, and Attacks

• Software Security Foundations

• Requirements Engineering for Secure Software

• Secure Software Architecture and Design

• Secure Programming

• Vulnerability Detection and Security Testing

• Software Security from an Organization Perspective

• Security evaluation fundaments: Metrics, Measurements, Benchmarking, and Risk Analysis.

Head Lecturer(s)

Nuno Manuel dos Santos Antunes

Assessment Methods

Assessment
Project: 50.0%
Exam: 50.0%

Bibliography

- J. Viega and G. McGraw, Building secure software: how to avoid security problems the right way. Addison-Wesley, 2001.

- M. Howard and D. E. Leblanc, Writing Secure Code, 2nd ed., Microsoft Press, 2002.

- G. Hoglund and G. McGraw, Exploiting Software: How To Break Code. Pearson Education, 2004.

- M. Howard, et al. , 19 Deadly Sins of Software Security: Programming Flaws and How to Fix Them, McGraw-Hill, 2005.

- C. J. Berg, C. Berg, and P. G. Neumann, High-Assurance Design: Architecting Secure and Reliable Enterprise Applications, Addison-Wesley Professional, 2005.

- M. Schumacher et al , Security Patterns: Integrating Security and Systems Engineering, Wiley, 2006.

- G. McGraw, Software Security: Building Security In. Addison-Wesley Professional, 2006.

- J. H. Allen et al, Software Security Engineering: A Guide for Project Managers, Addison-Wesley Professional, 2008.

- M. Howard and S. Lipner, The security development lifecycle. O’Reilly Media, Incorporated, 2009.