Presentation is loading. Please wait.

Presentation is loading. Please wait.

Developing Secure Systems Introduction Jan 8, 2013 James Joshi, Associate Professor.

Published byJessica Sanders Modified over 9 years ago

Similar presentations

Presentation on theme: "Developing Secure Systems Introduction Jan 8, 2013 James Joshi, Associate Professor."— Presentation transcript:

1 Developing Secure Systems Introduction Jan 8, 2013 James Joshi, Associate Professor

2 Contact James Joshi 706A, IS Building Phone: 412-624-9982 E-mail: jjoshi@mail.sis.pitt.edu Web: http://www.sis.pitt.edu/~jjoshi/courses/IS2620/Spring13/ Office Hours: By appointments GSA: will be announced later

3 Course Objectives To learn about how to design/implement secure and high assurance information systems  Understand and analyze code for vulnerabilities  Secure programming (e.g., C, C++, Java) Understand the principles and practice towards designing secure information systems  Life cycle models/ security engineering principles  Usability issues To learn about the tools and techniques towards assurance (validation/verification/testing)  Use of tools to detect coding/design flaws;  architectural risk analysis

4 Course Coverage Secure programming Coding practices and guidelines Code analysis;  Buffer overflows Race conditions  Input validation SQL injection  Cross-site scriptingMobile CodeSafe Languages Secure software development process Security Engineering/Lifecycle models E.g. Capability Maturity Models and Extensions Building security In Secure Design/Implementation Principles Systems / software &Formal methods and testing  UMLSec, Model Checking (code, protocols) Miscellaneous issues (recent papers/articles)

5 Pre-requisite IS 2150/TEL 2810 Introduction to Computer Security OR some background in security Following courses are preferred but not required: IS 2170/TEL 2820 Cryptography; TEL 2821 Network Security IS 2511 or 2540 Talk to me if you are not sure of the background

6 Course References Building Secure Software: How to avoid the Security Problems the Right Way, John Viega, Gary McGraw, Addison-Wesley, 2002 Enterprise Java Security: Building Secure J2EE Applications, Marco Pistoia, Nataraj Nagaratnam, Larry Koved, Anthony Nadalin, Addition-Wesley, 2004 Secure Systems Development with UML, Jan Jurjens, Springer- Verlag, 2005. Securing Web Services with WS-Security: Demystifying WS- Security, WS-Policy, SAML, XML Signature, and XML Encryption – Jothy Rosenberg, David Remy, 2004, Sams Publishing, 2004.

7 Course References High Assurance Design: Architecting Secure and Reliable Enterprise Applications, Clifford J. Berg, Addison-Wesley, 2006. Core Security Patterns: Best Practices and Strategies for J2EE?, Web Services, and Identity Management, Christopher Steel, Ramesh Nagappan, Ray Lai; Prentice-Hall How to Break Software Security - James Whittaker, Herbert Thompson, Addition Wesley, 2003 Secure Coding in C and C++, Robert C. Seacord, Addition-wesley, 2006 Computer Security: Art and Science by Matt Bishop (ISBN: 0-201- 44099-7), Addison-wesley 2003. Papers; MSDN, US-CERT

8 Grading (Tentative) Assignments/Presentation/Exam: 60-70% Read/Review and/or present research papers or articles Assignments and lab exercises One exam (15% - 20%) Project : 40-30% Development-oriented project (e.g. Creating Secure Social Network; Secure Mobile Apps, etc.) Research paper for conference Team oriented and in some cases in collaboration with PhD students Start early on

9 Course Policy Your work MUST be your own Zero tolerance for cheating/plagiarism You get an F for the course if you cheat in anything however small – NO DISCUSSION Discussing the problem is encouraged Homework Penalty for late assignments (15% each day) Ensure clarity in your answers – no credit will be given for vague answers Homework is primarily the GSA’s responsibility Check webpage for everything! You are responsible for checking the webpage for updates

Download ppt "Developing Secure Systems Introduction Jan 8, 2013 James Joshi, Associate Professor."

Similar presentations

1 SWE 415 - Software Testing and Quality Assurance Fall Semester 2008 - 2009 (081) King Fahd University of Petroleum & Minerals Information & Computer.

1 SWE Software Testing and Quality Assurance Fall Semester (081) King Fahd University of Petroleum & Minerals Information & Computer.
IT 240 Intro to Desktop Databases Introduction. About this course Design a database: Entity Relation (ER) modeling and normalization techniques Create.

IT 240 Intro to Desktop Databases Introduction. About this course Design a database: Entity Relation (ER) modeling and normalization techniques Create.
SWE 415: Software Testing and Quality Assurance Section 01, 12:00-12:50pm, 22:130 Spring Semester 2007 - 2008 (072) King Fahd University of Petroleum &

SWE 415: Software Testing and Quality Assurance Section 01, 12:00-12:50pm, 22:130 Spring Semester (072) King Fahd University of Petroleum &
General information CSE 230 : Introduction to Software Engineering

General information CSE 230 : Introduction to Software Engineering
1 CS 425 / CS 625 Software Engineering Fall 2007 Course Syllabus August 27, 2007.

1 CS 425 / CS 625 Software Engineering Fall 2007 Course Syllabus August 27, 2007.
1 CS 426 Senior Projects Spring 2006 Course Syllabus January 24, 2006.

1 CS 426 Senior Projects Spring 2006 Course Syllabus January 24, 2006.
Introduction to Web Technologies Module – CS381 Introduction to Web Technologies – CS381 18 th January 2007 Dr Bogdan L. Vrusias

Introduction to Web Technologies Module – CS381 Introduction to Web Technologies – CS th January 2007 Dr Bogdan L. Vrusias
IS 2935: Developing Secure Systems Jan 9, 2006 NSF supported Jan 9, 2006 NSF supported.

IS 2935: Developing Secure Systems Jan 9, 2006 NSF supported Jan 9, 2006 NSF supported.
 Dr. Natheer Khasawneh. Visual Programming CPE 411 Dr. Natheer Khasawneh Jordan University of Science and Technology.

 Dr. Natheer Khasawneh. Visual Programming CPE 411 Dr. Natheer Khasawneh Jordan University of Science and Technology.
Computer Network Fundamentals CNT4007C

Computer Network Fundamentals CNT4007C
CS 450 MODELING AND SIMULATION Instructor: Dr. Xenia Mountrouidou (Dr. X)

CS 450 MODELING AND SIMULATION Instructor: Dr. Xenia Mountrouidou (Dr. X)
SYSC 3100 - System Analysis and Design 1 Part I – Introduction.

SYSC System Analysis and Design 1 Part I – Introduction.
159.334 Computer Networks Paper Coordinator: Dr. Napoleon H. Reyes, Ph.D. Computer Science Institute of Information and Mathematical Sciences Rm. 2.56.

Computer Networks Paper Coordinator: Dr. Napoleon H. Reyes, Ph.D. Computer Science Institute of Information and Mathematical Sciences Rm
CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2015.

CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2015.
Welcome to CS 3260 Dennis A. Fairclough. Overview Course Canvas Web Site Course Materials Lab Assignments Homework Grading Exams Withdrawing from Class.

Welcome to CS 3260 Dennis A. Fairclough. Overview Course Canvas Web Site Course Materials Lab Assignments Homework Grading Exams Withdrawing from Class.
CSET 3300: Database-Driven Web Applications Summer 2010 William Acosta URL:

CSET 3300: Database-Driven Web Applications Summer 2010 William Acosta URL:
Introduction to Information Security J. H. Wang Sep. 15, 2014.

Introduction to Information Security J. H. Wang Sep. 15, 2014.
Introduction to Network Security J. H. Wang Feb. 24, 2011.

Introduction to Network Security J. H. Wang Feb. 24, 2011.
Chapter 1: Introduction to Project Management

Chapter 1: Introduction to Project Management
Object Oriented Programming (OOP) Design Lecture 1 : Course Overview Bong-Soo Sohn Assistant Professor School of Computer Science and Engineering Chung-Ang.

Object Oriented Programming (OOP) Design Lecture 1 : Course Overview Bong-Soo Sohn Assistant Professor School of Computer Science and Engineering Chung-Ang.

Similar presentations

Ads by Google