Secure Software Design
Lehrstuhl für Softwaretechnik (Prof. Zeller)
Universität des Saarlandes – Informatik
Informatik Campus des Saarlandes
Campus E9 1 (CISPA)
E-mail: zeller @ cs.uni-saarland.de
Telefon: +49 681 302-70970
This special course (»Spezialvorlesung«, V2 + ▄2, 6 LP) teaches the fundamentals of the design of secure software systems. These are systems which guarantee features such as confidentiality, integrity and availability, even when under attack.
In order to see how these features might be achieved, it is first necessary to understand how software systems can fail trying to provide them. Therefore, a good part of the lecture will deal with security failures of software systems (such as buffer overflows, bad cryptography, good cryptography used badly, random numbers that aren't etc.) and how to defend against them. Another part will take a more positive attitude, developing design rules where security can be designed into a software system right from the start. (Trying to graft in on afterwards never works anyway.)
You must not use these slides outside the scope of this lecture for any purpose without explicit written permission.
2004-07-20: Even more stuff about the final exam added.
2004-06-23: More stuff about the final exam added.
2004-06-03: Time and place for final exam now fixed.
2004-06-03: Put races lecture online.
2004-06-02: June 10 is a holiday. Therefore, lecture dates and some deadlines have been moved around.
2004-06-01: The README file for the example code contains the wrong offset (308) for the exploit generator. The correct offset (for Debian) is 312.
2004-05-10: Updated group forming policy and due times for exercises.
2004-05-05: May 20 is a holiday; therefore, there will be no lecture on this date. The lectures have all been moved forward one week. Of course, the due dates for the exercises have also been moved forward.
2004-05-04: We have two tutorial sessions and therefore have updated the time and place info.
2004-05-03: More info about the Final Exam
2004-04-27: More info about grading
2004-04-27: This course has a Registration Policy that follows the usual standards: Mandatory registration after a four-week period.
2004-04-26: We have a forum for this course. Just click the “register” button on the top of that page to get an account.
2004-04-23: The grading procedure has been updated.
2004-04-23: The due date for the exercises has moved.
2004-04-23: We now have a new date for the tutorial sessions: Mondays from 1300–1500 in 45/014. If you absolutely cannot come, mail us and we'll see what we can do for you.
Your lecturer is Stephan Neuhaus.
The lecture is in English.
Lecture dates: Thursday 11-13, Building 45, HS 2
All future dates and topics are subject to change.
In this table, a green dot in the A (Availability) column means that materials are online. A red dot means that materials are not yet available online. A yellow dot means that materials have been updated.
You must register for this course until 2004-05-19. (May 20 is a holiday.). If you are already on the mailing list, you are pre-registered. If you do not want to take this course, you have to unregister by sending me an email.
Important notice: You cannot unregister after May 19. If you fail to unregister at or before May 19, you have committed yourself to taking this course. If you simply do not come to the tutorial sessions and/or the exam, you will have failed the course. So do yourselves a favor and check on or before May 19 whether you really want to take this course.
You no longer have to be present at the tutorial sessions in order to get the points. You get the points by turning in solutions to the exercises, which are then corrected and assigned points by us.
The solutions that you turn in must be written either in English or in German and must be on paper (no electronic submissions). Submissions that are not in English or German, or electronic submissions, will not be graded. If you are stranded on an island with only a wireless link to submit your exercises, we'll probably make an exception to the no-electronic-submissions rule.
The total number of points obtainable in the exercises will be summed at the end of the semester, and the number of points you scored will be used to calculate a percentage.
Some exercises have bonus points associated with them. These bonus points are added to your total score (if you get them), but do not count toward the total number of obtainable points. For example, if there were 100 points in all, plus 20 bonus points, your score would be counted against 100, not 120, points. Percentages above 1.0 will be truncated to 1.0 (it's rare, but it happens). Your percentage must be 0.5 or better for you to participate in the exam.
There are two tutorial sessions:
Exercises are due on the Thursday following the lecture, in the lecture hall in 45/002, just before the lecture. You may form goups of at most two people for submitting exercises and are, in fact, encouraged to do so.
The final exam will be on
Monday, 2 August 2004,
We start at 1300 sharp, not at 1315, so be on time! The exam will continue for a full two hours.
This is the same lecture hall where the lectures take place.
Important points about the exam:
Ross Anderson: Security Engineering, ISBN 047138922-6, Wiley, 2001.
Peter Gutmann: Cryptographic Security Architecture, Design and Implementation, ISBN 038795387-6, Springer, 2003.
Michael Howard, David LeBlanc: Writing Secure Code, ISBN 073561722-8, Microsoft Press, 2002.
Charlie Kaufman (yes, just like the director), Radia Perlman, Mike Speciner, Network Security, Private Communication in a Public World, Prentice-Hall, 2002.
John Viega, Gary McGraw: Building Secure Software, ISBN 020172152-X, Addison-Wesley, 2001.
We have installed a discussion forum for all course topics. Please register at »Design of Secure Software«.
The following is a list of participants in this course (in no particular order). If you think your name should be on it, but it isn't, please mail us.