As soon as we started
programming, we found to our surprise that it wasn't as easy to get programs
right as we had thought. Debugging had to be discovered. I can remember the
exact instant when I realized that a large part of my life from then on was
going to be spent in finding mistakes in my own programs. -- Maurice Wilkes
(1949) SWE 781/ISA 681 - Fall 2010 SyllabusThis class web page at http://mason.gmu.edu/~dwheele4/swe781 also serves as the class syllabus. OverviewThis class will provide the theory and practice of software security, focusing in particular on some common software security risks, including buffer overflows, race conditions and random number generation, and on the identification of potential threats and vulnerabilities early in the design cycle. The emphasis is on methodologies and tools for identifying and eliminating security vulnerabilities, techniques to prove the absence of vulnerabilities, and ways to avoid security holes in new software and on essential guidelines for building secure software: how to design software with security in mind from the ground up and to integrate analysis and risk management throughout the software life cycle. The goal of the class is to prepare you to be able to develop software with far fewer security vulnerabilities than is typical today, and to prepare you to help others do the same. Why Bother?People around the world now depend vitally on computers for their health and well-being. Unfortunately, vulnerabilities in their software can be exploited to dangerous ends, resulting in terrible harm. This class will study how to prevent these vulnerabilities from being in the software in the first place. Key Information
Reading List
Related Links
ScheduleThe lectures will cover the key issues and explain some things that might not be clear otherwise. However, you are responsible for reading and understanding the material in the assigned readings (and not just knowing what's in the lectures). See the page on assignments for more about them.
NOTE: On the first day of class I listed two minor assignments, but warned that I might drop one. I have now dropped one, so there is only one minor assignment. The 10% of the grade from the dropped minor assignment has been distributed among the mid term exam and the major project. See the changes list for more info. There may be some further changes as we go along. In particular, some material may be discussed in a different order or moved earlier/later. The slides were originally developed by Ron Ritchey, and I expect to make changes to the slides as we go along. See the GMU Fall 2010 Semester calendar for the pan-GMU schedule. Grading
Other informationTalk to me ahead-of-time if you have an anticipated absence that will interfere with class (especially the mid-term exam), e.g., a non-work religious holiday, out-of-town travel for work, GMU athletic meet, and so on. If you have a learning or physical difference that may affect your academic work, you will need to furnish appropriate documentation to the Office of Disability Services (ODS); you can contact them at http://ods.gmu.edu or at 703-993-2474. If you qualify for accommodation, the ODS staff will give you a form detailing appropriate accommodations for your instructor (me). In class, please pay attention and don't distract others. Please configure cell phones to vibrate, and if you use a laptop to take notes, please don't surf the net (unless told otherwise). CreditsMy thanks to Ron Ritchie who developed much of the course organization and lecture slides. |