PristupačnostOperating Systems and Applications Security
Data is displayed for academic year: 2023./2024.
Course Description
The goal of this course is to make students aware of problems with development of secure software and vulnerabilities that might arise if due care is not taken. Students will also know which hardware and operating system mechanisms they have on their disposal to avoid vulnerabilities or make them harder to exploit. Also, students will learn about methods to search for vulnerabilities in software using static and dynamic analysis.
Study Programmes
University graduate
[FER3-HR] Audio Technologies and Electroacoustics - profile
Elective Courses
(2. semester)
[FER3-HR] Communication and Space Technologies - profile
Elective Courses
(2. semester)
[FER3-HR] Computational Modelling in Engineering - profile
Elective Courses
(2. semester)
[FER3-HR] Computer Engineering - profile
Elective Course of the profile
(2. semester)
Elective Courses
(2. semester)
[FER3-HR] Computer Science - profile
Elective Courses
(2. semester)
Elective Courses of the Profile
(2. semester)
[FER3-HR] Control Systems and Robotics - profile
Elective Courses
(2. semester)
[FER3-HR] Data Science - profile
Elective Courses
(2. semester)
[FER3-HR] Electrical Power Engineering - profile
Elective Courses
(2. semester)
[FER3-HR] Electric Machines, Drives and Automation - profile
Elective Courses
(2. semester)
[FER3-HR] Electronic and Computer Engineering - profile
Elective Courses
(2. semester)
[FER3-HR] Electronics - profile
Elective Courses
(2. semester)
[FER3-HR] Information and Communication Engineering - profile
Elective Courses
(2. semester)
[FER3-HR] Network Science - profile
Elective Courses
(2. semester)
Elective Courses of the Profile
(2. semester)
[FER3-HR] Software Engineering and Information Systems - profile
Elective Course of the profile
(2. semester)
Elective Courses
(2. semester)
Learning Outcomes
- describe treats from input to a program
- select methods to search for vulnerabilities in applications
- analyze pros and cons of programming languages regarding securitz
- analyze threats from hardware and how to protect from them
Forms of Teaching
Lectures
Laboratory
Lectures
Independent assignmentsLaboratory
Grading Method
| Continuous Assessment | Exam | |||||
|---|---|---|---|---|---|---|
| Type | Threshold | Percent of Grade | Threshold | Percent of Grade | ||
| Laboratory Exercises | 40 % | 20 % | 0 % | 0 % | ||
| Class participation | 40 % | 40 % | 0 % | 0 % | ||
| Mid Term Exam: Written | 20 % | 20 % | 0 % | |||
| Final Exam: Written | 20 % | 20 % | ||||
| Exam: Written | 50 % | 40 % | ||||
Week by Week Schedule
- Introduction. Challenges in development of secure software.
- Secure software development lifecycle.
- Threat modeling.
- Web application security. Input validation and data sanitization, Examples of input validation and data sanitization errors (Buffer overflow, integer errors, SQL injection, XSS), Mechanisms for detecting and mitigating input and data sanitization errors
- Web application security. Input validation and data sanitization, Examples of input validation and data sanitization errors (Buffer overflow, integer errors, SQL injection, XSS), Mechanisms for detecting and mitigating input and data sanitization errors
- Database security.
- Midterm exam
- Security mechanisms in operating systems.
- Trusted execution environment.
- Secure boot, TPM
- Choice of programming language and type-safe languages, Correctly generating randomness for security purposes
- Vulnerability search. Static and dynamic analysis, fuzzing.
- Final exam
Literature
(.), Software Security: Building Security In,
James N. Helfrich (2018.), Security for Software Engineers, CRC Press
(.), Talukder, Asoke K., and Manish Chaitanya (2018). Architecting secure software systems. Auerbach publications.,
For students
General
ID 222777
Summer semester
5 ECTS
L0 English Level
L1 e-Learning
45 Lectures
0 Seminar
0 Exercises
12 Laboratory exercises
0 Project laboratory
Grading System
88 Excellent
75 Very Good
63 Good
50 Sufficient