CSIS 380 Secure Software


Course Description

Many security problems in software occur when software developers make poor implementation decisions or unwittingly introduce bugs into their code. This course will focus on many of the classic flaws in systems that can lead to security problems including: buffer overflows, format string problems, race conditions, memory leaks, etc. It will also cover many web-application specific topics such as SQL injection attacks and cross-site scripting (XSS) attacks.


Instructor

Dr. Brent Wilson
Office hours: Wood-Mar 216 (see schedule)


Texts

required


Resources


Objectives

The goal of this course is to provide the student the theoretical knowledge of how vulnerabilities exist in software. You will also see each vulnerability in action and discuss prevention techniques in software development


Course Organization

In addition to regular lectures and written assignments, this course will include a number of labs/projects.

The course will include regular homework and/or programming assignments. Unless otherwise specified, assignments are due before the beginning of class on the due date. There will be no credit given for late assignments (without an excused absence)—turn in as much as you can.

Reading assignments should be completed before the lecture covering the material. Not all reading material will be covered in the lectures, but you will be responsible for the material on homework and exams. Quizzes over the assigned reading may be given at any time.


Collaboration

See the GFU CS/IS/Cyber policies for collaboration and discussion of collaboration and academic integrity. Most students would be surprised at how easy it is to detect collaboration in programming—please do not test us! Remember: you always have willing and legal collaborators in the faculty.

Almost all of life is filled with collaboration (i.e., people working together). Yet in our academic system, we artificially limit collaboration. These limits are designed to force you to learn fundamental principles and build specific skills. It is very artificial, and you'll find that collaboration is a valuable skill in the working world. While some of you may be tempted to collaborate too much, others will collaborate too little. When appropriate, it's a good idea to make use of others—the purpose here is to learn. Be sure to make the most of this opportunity but do it earnestly and with integrity.


Engineering Your Soul

The mission and vision statement of the Computer Science & Information Systems (CSIS) program states that our students are distinctive by "bringing a Christ-centered worldview to our increasingly technological world."

As one step towards the fulfillment of this objective, each semester, the engineering faculty will collectively identify an influential Christian writing to be read and reflected upon by all engineering faculty and students throughout the term. As part of the College of Engineering, CSIS students participate in this effort, known as Engineering Your Soul (EYS). This exercise will be treated as an official component of every engineering course (including CSIS courses) and will be uniquely integrated and assessed at my discretion, typically as a component of the quiz grade.

Students should read the assigned reading each week. Regular meetings will be scheduled throughout the semester that can be attended for chapel credit. Students should attend these meetings prepared to discuss the assigned reading, or email a reflection on the assigned reading on or before each meeting date.

It is our hope that students will not view this as one more task to complete, but as a catalyst for continued discussion ultimately leading to a deeper experience of Jesus Christ.


Online Portfolio

All students in the College of Engineering are required to create and maintain an online portfolio on Portfolium to showcase their best work. Portfolium is a "cloud-based platform that empowers students with lifelong opportunities to capture, curate, and convert skills into job offers, while giving learning institutions and employers the tools they need to assess competencies and recruit talent."

Students will post portions of their coursework to Portfolium as directed by their instructor. For example, a portfolio entry might be PDF of poster or presentation content, screenshots or a video demonstration of a software or hardware project, or even an entire source code repository. In addition to required portfolio entries, students are encouraged to post selected work to their portfolios throughout the year.

Students will work with their faculty advisor to curate and refine their portfolios as they progress through the program. Students shall ensure that all portfolio entries are appropriate for public disclosure (i.e., they do not reveal key components of assignment solutions to current or future students).


University Resources

If you have specific physical, psychiatric, or learning disabilities and require accommodations, please contact the Disability Services Office as early as possible so that your learning needs can be appropriately met. For more information, go to ds.georgefox.edu or contact Rick Muthiah, Director of Learning Support Services (503-554-2314 or rmuthiah@georgefox.edu).

The Academic Resource Center (ARC) on the Newberg campus provides all students with free writing consultation, academic coaching, and learning strategies (e.g., techniques to improve reading, note-taking, study, time management). The ARC, located in the Murdock Learning Resource Center (library), is open from 1:00–10:00 p.m., Monday through Thursday, and 12:00–4:00 p.m. on Friday. To schedule an appointment, go to the online schedule at arcschedule.georgefox.edu, call 503-554-2327, email the_arc@georgefox.edu, or stop by the ARC. Visit arc.georgefox.edu for information about ARC Consultants' areas of study, instructions for scheduling an appointment, learning tips, and a list of other tutoring options on campus.


Grading

Grading Scale

Current Grades

The final course grade will be based on:


Tentative Schedule

Date Tuesday Thursday
Week 1 Intro Lab VM Setup
Week 2 ch 1 Lab - A1
Week 3 ch 2 Lab - A2
Week 4 ch 3 Lab - A3
Week 5 ch 4 Lab - A4
Week 6 ch 5 Lab - A5
Week 7 ch 6 Lab - A6
Week 8 ch 7 Lab - A7
Week 9 Exam No Class (SIGCSE)
Week 10 ch 8 Lab - A8
Week 11 ch 9 Lab - A9
Week 12 SPRING BREAK
Week 13 ch 10 Lab - A10
Week 14 ch 11 SANS - Buf. Overflows
Week 15 ch 12 SANS - Threat Model

This page was last modified on 2017-02-07 at 16:21:27.

George Fox University · 414 N Meridian St · Newberg, Oregon 97132 · 503-538-8383
Copyright © 2015–2017 George Fox University. All rights reserved.
Your IP: 54.156.67.164