Spring 2020: Software Security (CS-52700-LE1)

Class time: Tuesday and Thursday: 6:00-6:50 pm

Class location: Lawson Computer Science Building (LWSN) 1106

Course Webpage: Blackboard and Piazza


Instructor: Antonio Bianchi

Office: LWSN 1167

Office Hours: Tuesday: 4:15-5:45 pm and by appointment

Email: antoniob@purdue.edu


Teaching Assistant: Bader AlBassam

Teaching Assistant Email: balbassa@purdue.edu

Lab Sessions: Wednesdays 1:30-3:20 pm in HAAS G056, Thursdays at 11:30-1:20 pm in LWSN B146.


Course Overview

This course focuses on software security fundamentals, secure coding guidelines and principles, and advanced software security concepts. Students will learn to assess and understand threats, how to reverse engineering code to find vulnerabilities, and they will get hands-on experience with detection and exploitation of common security pitfalls.

The course consists of two lectures per week (50 minutes each) and lab sessions.

Course Objectives

Software running on current systems is exploited by attackers despite many deployed defence mechanisms and best practices for developing new software. In this course students will learn about current security threats, attack vectors, and defence mechanisms on current systems. The students will work with real world problems and technical challenges of security mechanisms (both in the design and implementation of programming languages, compilers, and runtime systems).

Learning Outcomes

Students who complete the course will have demonstrated the ability to do the following:

  • Explain the most common weaknesses in software security and understand how such problems can be avoided in software.

  • Identify common security threats, risks, and attack vectors for software systems.

  • Evaluate and assess current security best practices and defense mechanisms for current software systems. Become aware of limitations of existing defense mechanisms and how to avoid them.

  • Identify security problems in source code and binaries, assess the associated risks, and reason about their severity and exploitability.

  • Assess the security of given source code or applications.

Prerequisites

CS 52600, Introduction to Information Security or equivalent course with the consent of the instructor.

This is an advanced, hands-on, class. Significant programming experience and skills are required. Students enrolling in this course are strongly recommended to already have a good knowledge of:

  • System programming and C (pointers, memory management, system calls)

  • a Linux-based operating system and programming environment

In addition, students are required to write code using Python.

Course Policies

This course will be run under the “reasonable adults” policy wherein it is assumed that all students are reasonable adults that want to benefit the most of the course by attending the course regularly, completing the homework assignments on time, asking questions during the course and if they run into problems, and checking back with the instructor and the TA regularly to ensure good progress.

Exams will be comprehensive, covering everything up to the exam date, emphasizing integrating material from recent assignments. The exam may include open questions, multiple-choice questions, numerical problems, and understanding/writing snippets of code. The exams will be closed book.

Homework assignments grading will mainly focus on automated test and emphasize correctly completing all or a part of the assignment. Submitting incorrect homework (e.g., submitting the wrong file, files in the wrong format, not compiling code, …) will result in zero points. Students should double check the file(s) they submitted.

Cheating will not be tolerated and will result in a grade of zero for that assignment. Further actions against cheating students will be considered. Students are encouraged to consult the instructor to ensure whether (and to which extent) collaboration and discussion among students are allowed for a particular assignment. Students are not allowed to share, copy, or show, the code they developed for an assignment. Students are not allowed to copy homework solutions from online resources (even partially). All homework assignments should be done individually, unless otherwise noted.

If you have any question about the course policy, do not hesitate to ask the instructor or the TA.

Late Work

Each student will be entitled to 3 late days. One late day may be used to delay the homework submission for a single day (24 hours). A student can use all the 3 late days for a single homework assignment submission. Note that, late submissions for which students have no late days available will not be accepted, regardless of the reason why the student submitted late. Students should exercise the use of late days wisely as the homework assignments are likely to be progressively harder. There will not be any fractional late day.

Late days cannot be used for midterm and final exams. It may not be possible to use late days for some of the homework assignments, as specified by the instructor in the assignment’s description.

Communication Policies

As a general rule, questions about homework assignments and class material should be posted publicly on Piazza, so that everyone can benefit from their answers. However, be careful not to post publicly assignment solutions (even partially).

All emails sent to the instructor and the TA must be sent from the student’s official Purdue email address. All emails must clearly state the student’s full name and Purdue ID (something like: john123).

Questions about grading should be first sent to the TA.

Grading

The course grade will be assigned based on the student’s performance on the following testing criteria.

Homework assignments will contribute to the 65% of the course grade.

Midterm examination will contribute to the 16% of the course grade.

Final examination will contribute to the 19% of the course grade.

Grades with +/- will be assigned.

After 2 weeks from the day in which an assignment’s grades have been posted, re-grading requests will not be considered.

Avatar
Antonio Bianchi
Assistant Professor