Operating Systems and Applications Security

Course Description

The goal of this course is to make students aware of problems with development of secure software and vulnerabilities that might arise if due care is not taken. Students will also know which hardware and operating system mechanisms they have on their disposal to avoid vulnerabilities or make them harder to exploit. Also, students will learn about methods to search for vulnerabilities in software using static and dynamic analysis.

Learning Outcomes

  1. describe treats from input to a program
  2. select methods to search for vulnerabilities in applications
  3. analyze pros and cons of programming languages regarding securitz
  4. analyze threats from hardware and how to protect from them

Forms of Teaching

Lectures

Independent assignments

Laboratory

Week by Week Schedule

  1. Information flow control
  2. Input validation and data sanitization, Examples of input validation and data sanitization errors (Buffer overflow, integer errors, SQL injection, XSS), Mechanisms for detecting and mitigating input and data sanitization errors
  3. Race conditions, Correct handling of exceptions and unexpected behaviors
  4. Static analysis and dynamic analysis
  5. Fuzzing
  6. Program verification
  7. Correct usage of third-party components
  8. Midterm exam
  9. Operating system support (e.g., address space randomization, canaries), Hardware support
  10. Effectively deploying security updates, Code integrity and code signing
  11. Secure boot, measured boot, and root of trust, Attestation, TPM and secure co-processors
  12. Security threats from peripherals (e.g., DMA, IOMMU), Physical attacks (hardware Trojans, memory probes, cold boot attacks)
  13. Trusted path
  14. Choice of programming language and type-safe languages, Correctly generating randomness for security purposes
  15. Final exam

Study Programmes

University graduate
Audio Technologies and Electroacoustics (profile)
Free Elective Courses (2. semester)
Communication and Space Technologies (profile)
Free Elective Courses (2. semester)
Computational Modelling in Engineering (profile)
Free Elective Courses (2. semester)
Computer Engineering (profile)
Elective Course of the profile (2. semester)
Computer Science (profile)
Elective Courses of the Profile (2. semester)
Control Systems and Robotics (profile)
Free Elective Courses (2. semester)
Data Science (profile)
Free Elective Courses (2. semester)
Electrical Power Engineering (profile)
Free Elective Courses (2. semester)
Electric Machines, Drives and Automation (profile)
Free Elective Courses (2. semester)
Electronic and Computer Engineering (profile)
Free Elective Courses (2. semester)
Electronics (profile)
Free Elective Courses (2. semester)
Information and Communication Engineering (profile)
Free Elective Courses (2. semester)
Network Science (profile)
Elective Courses of the Profile (2. semester)
Software Engineering and Information Systems (profile)
Elective Course of the profile (2. semester)

Literature

(.), John Viega and Gary McGraw. 2011. Building Secure Software: How to Avoid Security Problems the Right Way (Paperback) (Addison-Wesley Professional Computing Series) (1st ed.). Addison-Wesley Professional.,
(.), Helfrich, James N. (2018) Security for Software Engineers. Chapman and Hall/CRC.,
(.), Talukder, Asoke K., and Manish Chaitanya (2018). Architecting secure software systems. Auerbach publications.,

For students

General

ID 222777
  Summer semester
5 ECTS
L0 English Level
L1 e-Learning
45 Lectures
12 Laboratory exercises

Grading System

Excellent
Very Good
Good
Acceptable