CSC 6903: Continuous Secure Software Development
TR, 3:00-4:30 PM CST, LIBR 248, Fall 2020
Instructor
Akond Rahman, PhD
Office hours: 10:00 AM – 10:30 AM , Friday (Zoom link shared on iLearn)
Materials
Required Textbook: Software Security Engineering: A Guide for Project Managers (SEI Series in Software Engineering Series), Julia H. Allen, Sean J. Barnum, Robert J. Ellison, Addison-Wesley.
Recommended Textbook: Software Security: Building Security In, Gary McGraw, Addison-Wesley.
Schedule
| Date | Tentative Schedule |
|---|---|
| Aug 25 | Introduction, Workshop#0 |
| Aug 27 | Insecure coding patterns |
| Sep 01 | Security static analysis tools |
| Sep 03 | Workshop#1:Security static analysis tools |
| Sep 08 | Software Forensics |
| Sep 10 | Workshop#2:Software Forensics |
| Sep 15 | Fuzzing |
| Sep 17 | Workshop#3:Fuzzing |
| Sep 22 | Project presentation day#1: Elevator pitch |
| Sep 24 | Exam#1 |
| Sep 29 | Security requirements, Exam#1 grades distributed |
| Oct 01 | Secure Software Development Lifecycle |
| Oct 06 | Vulnerabilities:categorization |
| Oct 08 | Vulnerabilities:detection |
| Oct 13 | Fall break, no class |
| Oct 15 | Vulnerabilities:repair |
| Oct 20 | Workshop#4:Vulnerabilities |
| Oct 22 | Privacy:GDPR |
| Oct 27 | Guest lecture (Chris Theisen, Microsoft) |
| Oct 29 | Workshop#5:Privacy |
| Nov 03 | Privilege escalation |
| Nov 05 | Programming language security |
| Nov 10 | Workshop#6:Programming language security |
| Nov 12 | Project presentation day#2 |
| Nov 17 | IEEE Software Security Design Flaws |
| Nov 19 | Exam#2 |
| Nov 24 | Thanks giving |
| Nov 26 | Thanks giving, Exam#2 grades distributed |
| Dec 01 | Adverserial machine learning |
| Dec 03 | Last day: Workshop#7:Adverserial machine learning |
| Dec 05 | Project report and demo due |
| Dec 06 | Tentative course grades released |
| Dec 07 | Final grades released |
Grade Distribution
- Exam#1: 15%
- Exam#2: 15%
- Project: 55%
- In-class workshops: 15%
- Some extra credit (tentative)
Project Grade Distribution
- Project Tasks: 60%
- Final Report: 20%
- Mandatory sections: Introduction, Research Questions, Methodology, Findings, References => 50%
- Report must be in Latex => 25%
- Report must be free of typos, grammaticall errors, and passive voices => 25%
- Code: 10%
- Elevator pitches: 5%
- Demo: create video of developed tool or research findings: 5%
Grading scale:
- A: 90-100
- B: 80-89
- C: 70–79
- D: 60–79
- F: less than 59
Instructions related to Project
- One project per student.
- Project source code must be maintained in Tenn. Tech Gitlab repos (https://gitlab.csc.tntech.edu/).
- Each project update will include updates so far as a Markdown file which will reside in the repo. Instructions on how to run the program in the Markdown file. The required libraries needed to run code should be written.
- Mismatch between reported output and source code results will be inspected. The instructor will download repos, install libraries, and run the code based on the instruction provided in the mentioned Markdown file. For reproducibility students are allowed to use Docker containers.
- Throughout the semester you will be completing 3/4 tasks as part of your individual project. Each of these tasks will have a deadline. If you miss the deadline you will be penalized 5 points allocated for the project for each day of delay.
- For sharing results and demisntrating completion of tasks you will use issues and share screenshots and links of your work. For example, if your task is to find a hard-coded password in source code, you need to share the link of the code where you found the hard-coded password.
Other instructions
- Bring your own laptop. You can't work with your peer.
- All exams are open book, one page both side handwritten cheat sheet allowed, Cheat sheets need to be submitted with exam scripts.
- For workshop save your work in a Tenn. Tech. Gitlab repository and share the link in designated iLearn assignments.
- If the instructor detects copy-paste in source code or exams then that will result in direct F for the course .
- For workshops and projects you can consult your peers but the work needs to be solo.