Software Security (COMP 790-132)

Course TTh 2-3:15, SN115
Reading Schedule
Instructor Cynthia Sturton
Office hours By appointment

A secure system is one that will enforce a given policy, even in the face of malicious activity. In this class we will learn about different security policies and how they apply across a variety of application domains. We will read about mechanisms designed to enforce a given policy and attacks meant to thwart that same policy.

The class is meant for students who are interested in software and systems security. The course will be research focused: classes will be centered around discussion of published research in the security community, students will work on an original research project, and students will write a conference-style paper describing their work.

Paper Readings

We will read 1--2 papers per class. The reading for each class is given in the schedule. You are required to complete the reading before class. For each paper you will write a review and email it to me by 11:59 pm the day before the class. The review should be short: one to three sentences describing the problem addressed and the basic approach; roughly two paragraphs describing the key insights and assessing the pros and cons of the paper; and as much space as necessary to list any questions you may have had or any ideas for future work you thought of. Although your written response will be short, the reading will not be quick. You will need to read each paper thoroughly and in-depth in order to write an insightful review and actively participate in the class discussion. An example of a review written by a student in a previous class can be found here.

Security Review

You will conduct two security reviews, each of a system of your choosing, and submit a write-up for each review. The first review can be done in groups of two, the second must be done individually. For the review you will determine the stated and implied security policies of your chosen system, evaluate both the policies themselves and the system's efficacy at enforcing those policies, and suggest improvements for increasing the system's security. For these reviews you may choose any technology for which security is a concern; you are not limited to only software systems. The written review will be approximately three pages. We will go over the details of this assignment in class.

Research Project

You will work in groups of two on an original research project. At the end of the semester, each group will submit a conference-style paper and give a short (10--15 min) presentation in class describing their work. We will discuss possible project ideas in class, although you are strongly encouraged to develop your own idea. Project proposals will be due at 11:59 pm on Thursday, January 29th. The final paper will be due at 11:59 pm on Friday, April 24th.
Key Dates Grading
Project proposals due 2/05/15 Final project 45%
First security review due 2/26/15 Class discussion & written reviews 40%
Second security review due 3/26/15 Security reviews 15%
Final in-class presentations 4/23/15
Final paper due 4/24/15