Operating Systems and Applications Security

Course Description

The goal of this course is to make students aware of problems with development of secure software and vulnerabilities that might arise if due care is not taken. Students will also know which hardware and operating system mechanisms they have on their disposal to avoid vulnerabilities or make them harder to exploit. Also, students will learn about methods to search for vulnerabilities in software using static and dynamic analysis.

Learning Outcomes

  1. describe treats from input to a program
  2. select methods to search for vulnerabilities in applications
  3. analyze pros and cons of programming languages regarding securitz
  4. analyze threats from hardware and how to protect from them

Forms of Teaching

Lectures

Lectures

Independent assignments

Laboratory

Grading Method

Continuous Assessment Exam
Type Threshold Percent of Grade Threshold Percent of Grade
Laboratory Exercises 40 % 20 % 0 % 0 %
Class participation 40 % 40 % 0 % 0 %
Mid Term Exam: Written 20 % 20 % 0 %
Final Exam: Written 20 % 20 %
Exam: Written 50 % 40 %

Week by Week Schedule

  1. Introduction. Challenges in development of secure software.
  2. Secure software development lifecycle.
  3. Threat modeling.
  4. Web application security. Input validation and data sanitization, Examples of input validation and data sanitization errors (Buffer overflow, integer errors, SQL injection, XSS), Mechanisms for detecting and mitigating input and data sanitization errors
  5. Web application security. Input validation and data sanitization, Examples of input validation and data sanitization errors (Buffer overflow, integer errors, SQL injection, XSS), Mechanisms for detecting and mitigating input and data sanitization errors
  6. Database security.
  7. Midterm exam
  8. Security mechanisms in operating systems.
  9. Trusted execution environment.
  10. Secure boot, TPM
  11. Choice of programming language and type-safe languages, Correctly generating randomness for security purposes
  12. Vulnerability search. Static and dynamic analysis, fuzzing.
  13. Final exam

Study Programmes

University graduate
[FER3-HR] Audio Technologies and Electroacoustics - profile
Elective Courses (2. semester)
[FER3-HR] Communication and Space Technologies - profile
Elective Courses (2. semester)
[FER3-HR] Computational Modelling in Engineering - profile
Elective Courses (2. semester)
[FER3-HR] Computer Engineering - profile
Elective Course of the profile (2. semester)
Elective Courses (2. semester)
[FER3-HR] Computer Science - profile
Elective Courses (2. semester)
Elective Courses of the Profile (2. semester)
[FER3-HR] Control Systems and Robotics - profile
Elective Courses (2. semester)
[FER3-HR] Data Science - profile
Elective Courses (2. semester)
[FER3-HR] Electrical Power Engineering - profile
Elective Courses (2. semester)
[FER3-HR] Electric Machines, Drives and Automation - profile
Elective Courses (2. semester)
[FER3-HR] Electronic and Computer Engineering - profile
Elective Courses (2. semester)
[FER3-HR] Electronics - profile
Elective Courses (2. semester)
[FER3-HR] Information and Communication Engineering - profile
Elective Courses (2. semester)
[FER3-HR] Network Science - profile
Elective Courses (2. semester)
Elective Courses of the Profile (2. semester)
[FER3-HR] Software Engineering and Information Systems - profile
Elective Course of the profile (2. semester)
Elective Courses (2. semester)

Literature

(.), Software Security: Building Security In,
James N. Helfrich (2018.), Security for Software Engineers, CRC Press
(.), Talukder, Asoke K., and Manish Chaitanya (2018). Architecting secure software systems. Auerbach publications.,

Laboratory exercises

For students

General

ID 222777
  Summer semester
5 ECTS
L0 English Level
L1 e-Learning
45 Lectures
0 Seminar
0 Exercises
12 Laboratory exercises
0 Project laboratory

Grading System

88 Excellent
75 Very Good
63 Good
50 Sufficient