18-732 — Secure Software Systems — Spring 2014

Meeting time and location

MW 1:00–2:20pm EST in Hamerschlag Hall (HH) 1107 / 10:00-11:20am PST in Bldg. 23 Rm. 212

Instructors

Lujo Bauer
Email: ...@cmu.edu
Office: Collaborative Innovation Center (CIC) 2121
Office hours: Tue 10:30–11:30am

Teaching assistants

Billy Melicher
Michelle Mazurek

Discussion board

https://piazza.com/cmu/spring2014/18732/home

Course description

This course will study approaches, mechanisms, and tools used to make software systems more secure. We will motivate the study by discussing common software security dangers (e.g., buffer overflow attacks, cross-site scripting). The majority of the course will be divided into four main modules: architectural approaches to building secure software (e.g., confinement, virtual machines, trusted computing); software analysis (e.g., static analysis and testing, model checking); language-based approaches to building secure software (e.g., type systems, proof-carrying code); and run-time enforcement of security policies (e.g., dynamic taint analysis). Time permitting, the course will also cover topics such as the importance of usability to building secure software systems.

Students will be evaluated based on five mini-projects, three in-class tests, and class participation. The mini-projects will provide students with practical experience with the tools and mechanisms studied in class. Students will work on the projects in groups of two or three, and the projects will be evenly spaced over the course of the semester.

Schedule (subject to change)