FIT3056 Secure and trusted software systems. Unit Guide. Semester 2, 2010

Similar documents
FIT5044 Network security. Unit Guide. Semester 1, 2010

UNIT OUTLINE. Network Engineering 304. Mr Iain Murray. Department of Electrical and Computer Engineering Curtin Engineering

Rochester Institute of Technology Golisano College of Computing and Information Sciences Department of Information Sciences and Technologies

Course specification STAFFING RATIONALE SYNOPSIS OBJECTIVES. The University of Southern Queensland

5. SUBMISSION OF WORK

Philadelphia University Faculty of Information Technology Department of Computer Science --- Semester, 2007/2008. Course Syllabus

Course specification

Faculty of Science & Information Technology

San José State University Computer Science Department CS157A: Introduction to Database Management Systems Sections 5 and 6, Fall 2015

Philadelphia University Faculty of Information Technology Department of Computer Science --- Semester, 2007/2008. Course Syllabus

AE Computer Programming for Aerospace Engineers

Textbook(s) and other required material: Raghu Ramakrishnan & Johannes Gehrke, Database Management Systems, Third edition, McGraw Hill, 2003.

CSC 407 Database System I COURSE PARTICULARS COURSE INSTRUCTORS COURSE DESCRIPTION

COURSE NUMBER: ISS 214 COURSE NAME: Connecting Networks - Cisco 4 SEMESTER CREDIT HOURS: 4.

Course specification

MODULE CODE MODULE NAME. NQF level. [Number of credits] Name of department. Faculty. Compiled by (Name of lecturer) YEAR

Computer Science Department

ESET 349 Microcontroller Architecture, Fall 2018

ITSY 2330 Intrusion Detection Course Syllabus

INF 315E Introduction to Databases School of Information Fall 2015

CASPER COLLEGE COURSE SYLLABUS MSFT 1600 Managing Microsoft Exchange Server 2003 Semester/Year: Fall 2007

The University of Jordan. Accreditation & Quality Assurance Center. COURSE Syllabus

Course specification

Course specification

The University of Jordan. Accreditation & Quality Assurance Center. COURSE Syllabus

CPSC 4600 Biometrics and Cryptography Fall 2013, Section 0

Information and Enrolment Session

Computer Science Technology Department

Syllabus for CIT 442 Information System Security 3 Credit Hours Spring 2015

Introduction To Data Processing COMP 153 Business Administration Program/Administrative Studies. Course Outline

New Undergraduate Course Proposal Form

Advanced Relational Database Management MISM Course S A3 Spring 2019 Carnegie Mellon University

Course Outline. Code: DES222 Title: Responsive Website Design

San José State University Computer Science Department CS49J, Section 3, Programming in Java, Fall 2015

M. Tech. (Power Electronics and Power System) (Semester I) Course Plan for Each Week (Hrs)

Course specification STAFFING OTHER REQUISITES RATIONALE SYNOPSIS. The University of Southern Queensland

Oklahoma State University Institute of Technology Face-to-Face Common Syllabus Fall 2017

Oklahoma State University Institute of Technology Face-to-Face Common Syllabus Fall 2017

COURSE OUTLINE. Last Amendment Edition Procedure No. Lecturer /blog Room No. Phone No. / Name.

Advanced Database Organization INF613

COURSE OUTLINE (Database Administration DBA 721S)

Course specification

Course Syllabus MECHANICAL ENGINEERING LABORATORY I Spring 2006

Computer Science Technology Department

Introduction to the Module Management System (MMS)

HARFORD COMMUNITY COLLEGE 401 Thomas Run Road Bel Air, MD Course Outline Routing and Switching Essentials [CISCO 2] ISS 112

ITSY Information Technology Security Course Syllabus Spring 2018

NOTE: This syllabus is subject to change during the semester. Please check this syllabus on a regular basis for any updates.

CMPUT 391 Database Management Systems. Fall Semester 2006, Section A1, Dr. Jörg Sander. Introduction

LIS 2680: Database Design and Applications

Part A: Course Outline

Software Reliability and Reusability CS614

Course and Contact Information. Catalog Description. Course Objectives

Syllabus for HPE 451 Directed Study 1-3 Credit Hours Spring 2014

Course outline. Code: DES232 Title: 3D Animation and Visualisation Design

(1) It is your responsibility to drop the class; failure to drop the class in a timely manner could result in a W or F on your record.

WAYLAND BAPTIST UNIVERSITY VIRTUAL CAMPUS SCHOOL OF BUSINESS SYLLABUS

Computer Networks IT321

Syllabus CSCI 405 Operating Systems Fall 2018

ITT Technical Institute. CS420 Application Security Onsite Course SYLLABUS

ab Houston Community College

Course specification

ISM 324: Information Systems Security Spring 2014

CENTRAL TEXAS COLLEGE ITCC 1414 CCNA 1: Introduction to Networks. Semester Hours Credit: 4

Course Outline Faculty of Computing and Information Technology

ACCG907. CPA - Financial Reporting and Disclosure. Contents. S1 Day Dept of Accounting & Corporate Governance

Advisory: Students should have already taken MICROCOMPUTER APPLICATIONS II - 431

Lecture Notes Cryptography Michael Nüsken b-it. Winter 2015/2016

CPS352 Database Systems Syllabus Fall 2012

ITCC Cisco Exploration 1: Networking Fundamentals

Course specification STAFFING OTHER REQUISITES RATIONALE SYNOPSIS. The University of Southern Queensland

Computer Science Technology Department

(1) It is your responsibility to drop the class; failure to drop the class in a timely manner could result in a W or F on your record.

Network Security

ISATI 231: Windows Client (4 credits) Spring 2018 Mon, Tue, Wed, Thu, 13:10-14:40, MTB 105

Computer Science Technology Department

Renewal Unit (RU) Provider Handbook and Application

Course Name: Database Systems - 1 Course Code: IS211

Common Syllabus revised

CS 241 Data Organization using C

Renewal Unit (RU) Provider Handbook and Application

Module Documentation

Information and Communication Technology BCcampus Online Collaborative Program

EE3315 Internet Technology EE3315 Internet Technology Overview Slide 1

NOTE: This syllabus is subject to change during the semester. Please check this syllabus on a regular basis for any updates.

TEACHING & ASSESSMENT (T & A) PLAN College of Economics Management and Information Systems Department of Information Systems

MSc entry onwards UCL UCL. Engineering Sciences

PROGRAMME SPECIFICATION POSTGRADUATE PROGRAMMES

Syllabus. Computer Science Information Technology 975. Information Storage and Management for Computer Networks

CSC 111 Introduction to Computer Science (Section C)

CPS352 - DATABASE SYSTEMS. Professor: Russell C. Bjork Spring semester, Office: KOSC 242 x4377

Emergency Vehicle Operation FIRE 106 Fire Training Certification. Course Outline

CALEDONIAN COLLEGE OF ENGINEERING, MODULE HANDBOOK. Department of Electrical & Computer Engineering SULTANATE OF OMAN. Module Code

Syllabus Class schedule Section 1: Tuesdays 9:00 11:50 Section 2: Tuesdays 1:00 3:50

SULTAN QABOOS UNIVERSITY COURSE OUTLINE PROGRAM: BSc. in Computer Science. Laboratory (Practical) Field or Work Placement

Database Security MET CS 674 On-Campus/Blended

ITP489 In-Memory DBMS for Real Time Analytics

The electives catalogue January Multimedia Design and Communication

MET CS 674 C1/EL Spring 2017: DATABASE SECURITY SYLLABUS

CENTRAL TEXAS COLLEGE ITCC 1440 CCNA 2: Routing and Switching Essentials. Semester Hours Credit: 4

Transcription:

FIT3056 Secure and trusted software systems Unit Guide Semester 2, 2010 The information contained in this unit guide is correct at time of publication. The University has the right to change any of the elements contained in this document at any time. Last updated: 09 Jul 2010

Table of Contents FIT3056 Secure and trusted software systems - Semester 2, 2010...1 Chief Examiner:...1 Lecturer(s) / Leader(s):...1 Caulfield...1 Additional communication information:...1 Introduction...2 Unit synopsis...2 Learning outcomes...2 Contact hours...2 Workload...3 Unit relationships...3 Prerequisites...3 Teaching and learning method...4 Teaching approach...4 Timetable information...4 Tutorial allocation...4 Unit Schedule...4 Unit Resources...5 Prescribed text(s) and readings...5 Recommended text(s) and readings...5 Equipment and consumables required or provided...5 Study resources...5 Assessment...6 Overview...6 Faculty assessment policy...6 Assignment tasks...6 Examination...7 Due dates and extensions...8 Late assignment...8 Return dates...8 Appendix...9

FIT3056 Secure and trusted software systems - Semester 2, 2010 Chief Examiner: Dr Phu Le Lecturer Phone: +61 3 990 32399 Fax: +61 3 990 31077 Contact hours: 12AM - 14PM - Thursday Lecturer(s) / Leader(s): Caulfield Dr Phu Le Lecturer Phone: +61 3 990 32399 Fax: +61 3 990 31077 Additional communication information: Dr. Phu Dung Le Phone: +61 3 9903 23 99 Office: Faculty of IT - Monash university 900 Dandenong Rd, Caulfield East Vic 3145, Australia H.706 1

FIT3056 Secure and trusted software systems - Semester 2, 2010 Introduction Welcome to Secure and Trusted Software (FIT3056)! This unit will be a core unit in the Security major of BITS. It can be an elective unit for students who do not major in security (subject to the approval from the school). This unit will provide students with the knowledge and experience of identifying software vulnerabilities, principles for constructing secure and trusted software, basic software security testing and verification. Unit synopsis Students are introduced to some of the most common security issues involved in the development of software, including secure coding practices, secure database access, secure data communications, security of web applications, use of encryption techniques and security testing. Students are provided with a range of practical exercises to reinforce their skills, including authenticating and authorising users programmatically, user input validation, developing secure web, mobile/wireless and database applications, encrypting and hashing data programmatically, generating digital signatures programmatically, security testing, designing logging and auditing mechanisms. Learning outcomes At the completion of this unit students will have - A knowledge and understanding of: some of the main security concepts and issues involved in the development of software, including: Software security versus other aspects of computer security; goals of secure and trusted software; vulnerabilities versus threats; best software development principles and practices; buffer overflows; security of programming platforms; authentication and authorisation; principle of least privilege; security features are not equal to secure features; secure use of encryption; user input validation; reliable software components; data privacy; auditing and logging; security testing; the importance of developing secure software in todays electronic world. Developed the skills to: design applications with security in mind; validate user input; implement secure authentication mechanisms; authorise users access to various protected resources; encrypt files and hash passwords; store session data securely in web applications; perform secure database access; set up secure transfer of data; create security logs; test software for security vulnerabilities. Contact hours 2 hrs lectures/wk, 2 hrs laboratories/wk 2

FIT3056 Secure and trusted software systems - Semester 2, 2010 Workload two-hour lecture and two-hour tutorial (or laboratory) (requiring preparation in advance) a minimum of 4 hours of personal study per one hour of contact time in order to satisfy the reading and assignment expectations. You will need to allocate up to 8 hours per week in several weeks, for use of a computer, including time for group and individual assignments. Unit relationships Prerequisites FIT1019 and FIT1002 3

FIT3056 Secure and trusted software systems - Semester 2, 2010 Teaching and learning method Teaching approach Timetable information For information on timetabling for on-campus classes please refer to MUTTS, http://mutts.monash.edu.au/mutts/ Tutorial allocation On-campus students should register for tutorials/laboratories using the Allocate+ system: http://allocate.its.monash.edu.au/ Unit Schedule Week Date* Topic Key dates 1 19/07/10 Introduction to software design and implementation 2 26/07/10 Principles of secure software design and implementation 3 02/08/10 Principles of secure software design and implementation (continued) 4 09/08/10 Computer system software problems and solutions 5 16/08/10 Cryptography and secure software applications 6 23/08/10 Cryptography and computer software practice (continued) 7 30/08/10 Large computer software and security 8 06/09/10 Concurrent programming and software security assignment 1 due 4PM - Friday 9 13/09/10 Building secure distributed applications 10 20/09/10 Secure software testing and verification Mid semester break 11 04/10/10 Secure software testing and verification (continued) 12 11/10/10 Research in secure software design and implementation assignment 2 due 4PM - Friday 13 18/10/10 Revision *Please note that these dates may only apply to Australian campuses of Monash University. Off-shore students need to check the dates with their unit leader. 4

FIT3056 Secure and trusted software systems - Semester 2, 2010 Unit Resources Prescribed text(s) and readings There is no specific text book for this unit. Students will be provided with a list of research papers and websites for information. Recommended text(s) and readings http://www.windowsecurity.com/articles/analysis_of_buffer_overflow_attacks.htmlhttp://www.isoc.org/isoc/confere (Testing C programs for vulnerabilities)http://www.cgisecurity.com/lib/sips.html (Perl scripts and security issues)http://www.mirrors.wiretapped.net/security/info/reference/nist/special-publications/sp-800-8.txt (SQL and security issues) Equipment and consumables required or provided Students studying off-campus are required to have the minimum system configuration specified by the Faculty as a condition of accepting admission, and regular Internet access. On-campus students, and those studying at supported study locations may use the facilities available in the computing labs. Information about computer use for students is available from the ITS Student Resource Guide in the Monash University Handbook. You will need to allocate up to n hours per week for use of a computer, including time for newsgroups/discussion groups. Study resources Study resources we will provide for your study are: 5

FIT3056 Secure and trusted software systems - Semester 2, 2010 Assessment Overview Examination (3 hours): 60%; In-semester assessment: 40% Faculty assessment policy To pass a unit which includes an examination as part of the assessment a student must obtain: 40% or more in the unit's examination, and 40% or more in the unit's total non-examination assessment, and an overall unit mark of 50% or more. If a student does not achieve 40% or more in the unit examination or the unit non-examination total assessment, and the total mark for the unit is greater than 50% then a mark of no greater than 49-N will be recorded for the unit. Students must read the handout and assignment specifications carefully for submission, interview and assessment policy. Assignment tasks Assignment coversheets Assignment coversheets are available via "Student Forms" on the Faculty website: http://www.infotech.monash.edu.au/resources/student/forms/ You MUST submit a completed coversheet with all assignments, ensuring that the plagiarism declaration section is signed. Assignment submission and return procedures, and assessment criteria will be specified with each assignment. Assignment submission and preparation requirements will be detailed in each assignment specification. Submission must be made by the due date otherwise penalties will be enforced. You must negotiate any extensions formally with your campus unit leader via the in-semester special consideration process: http://www.infotech.monash.edu.au/resources/student/equity/special-consideration.html. Assignment task 1 Title: assignment 1 Description: Identify software design and implementation vulnerabilities and propose solutions. Weighting: 20% Criteria for assessment: You need to be able to understand the theory and demonstrate your practical work to your tutor. If you fail to understand what you have done you will get Zero for the assignment. If you can demonstrate your practical work but do not completely understand the theory, you will get a Pass at the maximum. 6

FIT3056 Secure and trusted software systems - Semester 2, 2010 If you can demonstrate your practical work but understand 25% of the theory, you will get a Credit as the maximum. If you can demonstrate your practical work and understand 50% of the theory, you will get a Distinction as the maximum. If you can demonstrate your practical work and understand the theory well, you will get a High Distinction. Due date: 4PM - Friday - Week 8 Assignment task 2 Title: assignment 2 Description: Design and implementation secure applications using cryptography. Weighting: 20% Criteria for assessment: You need to be able to understand the theory and demonstrate your practical work to your tutor. If you fail to understand what you have done you will get Zero for the assignment. If you can demonstrate your practical work but do not completely understand the theory, you will get a Pass at the maximum. If you can demonstrate your practical work but understand 25% of the theory, you will get a Credit as the maximum. If you can demonstrate your practical work and understand 50% of the theory, you will get a Distinction as the maximum. If you can demonstrate your practical work and understand the theory well, you will get a High Distinction. Due date: 4PM - Friday - Week 12 Examination Weighting: 60% Length: 3 hours Type (open/closed book): Closed book Electronic devices allowed in the exam: None See Appendix for End of semester special consideration / deferred exams process. 7

FIT3056 Secure and trusted software systems - Semester 2, 2010 Due dates and extensions Please make every effort to submit work by the due dates. It is your responsibility to structure your study program around assignment deadlines, family, work and other commitments. Factors such as normal work pressures, vacations, etc. are not regarded as appropriate reasons for granting extensions. Students are advised to NOT assume that granting of an extension is a matter of course. Students requesting an extension for any assessment during semester (eg. Assignments, tests or presentations) are required to submit a Special Consideration application form (in-semester exam/assessment task), along with original copies of supporting documentation, directly to their lecturer within two working days before the assessment submission deadline. Lecturers will provide specific outcomes directly to students via email within 2 working days. The lecturer reserves the right to refuse late applications. A copy of the email or other written communication of an extension must be attached to the assignment submission. Refer to the Faculty Special consideration webpage or further details and to access application forms: http://www.infotech.monash.edu.au/resources/student/equity/special-consideration.html Late assignment Assignments received after the due date will be subject to a penalty of 10% for one day late, 20% for two days late, 40% for three days late, 80% for four days late and 100% for five or more days late. Return dates Students can expect assignments to be returned within two weeks of the submission date or after receipt, whichever is later. 8

FIT3056 Secure and trusted software systems - Semester 2, 2010 Appendix Please visit the following URL: http://www.infotech.monash.edu.au/units/appendix.html for further information about: Continuous improvement Unit evaluations Communication, participation and feedback Library access Monash University Studies Online (MUSO) Plagiarism, cheating and collusion Register of counselling about plagiarism Non-discriminatory language Students with disability End of semester special consideration / deferred exams 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback