| Meeting time and location | MW 10:30–12:20pm in WEH 4623 | |
| Instructors | Lujo Bauer Email: ...@cmu.edu Office: Collaborative Innovation Center (CIC) 2121 Office hours: Wed 2-3PM
Anupam Datta | |
| Teaching assistant | Michelle Mazurek Email: ...@cmu.edu Office hours: Mon 2-4PM in CIC 2206 | |
| Course description |
This course will study approaches, mechanisms, and tools used to make
software systems more secure. We will motivate the study by
discussing common software security dangers (e.g., buffer overflow
attacks, cross-site scripting). The majority of the course will be
divided into four main modules: architectural approaches to building
secure software (e.g., confinement, virtual machines, trusted
computing); software analysis (e.g., static analysis and testing,
model checking); language-based approaches to building secure software
(e.g., type systems, proof-carrying code); and run-time enforcement of
security policies (e.g., dynamic taint analysis). Time permitting,
the course will also cover topics such as the importance of usability
to building secure software systems.
Students will be evaluated based on three mini-projects, three in-class tests (the highest two grades will count), and class participation. The mini-projects will provide students with practical experience with the tools and mechanisms studied in class. Students will work on the projects in groups of two or three, and the projects will be evenly spaced over the course of the semester. | |
| Schedule (subject to change) | ||