home button

Foundations of Software Security
USF CIS 6373, Spring 2019

Announcements

Readings will continue according to the schedule below.

Course materials

Syllabus

Grades

Please use Canvas to check your grades.

Schedule (filled in as the semester progresses)

Dates Topics Reading
01/07 Introduction Class notes
01/09 Enforceability theory Sections 1-2 of Enforceable Security Policies
01/14 Enforceability theory Enforceable Security Policies (all)
01/16 Enforceability theory Sections 1-3 of Modeling Runtime Enforcement with Mandatory Results Automata
01/23 Enforceability theory Sections 1-5 and 8 of Modeling Runtime Enforcement with Mandatory Results Automata
01/28 Enforceability theory A Theory of Gray Security Policies
01/30 Policy specification and composition Sections 1-3 of Composing Expressive Run-time Security Policies (article is accessible from the USF campus network)
02/04 Policy visualization (reading handed out in class)
02/06 Location-based policies and mobile-device security A Location-based Policy-specification Language for Mobile Devices (article is accessible from the USF campus network)
02/11 User authentication Sections 1-3 of Coauthentication
02/13 User authentication Coauthentication (the whole paper)
02/18 Firewall policies; Packet classification A Packet-classification Algorithm for Arbitrary Bitmask Rules, with Automatic Time-space Tradeoffs
02/20 Vulnerability categories and trends Please look over, and try to get the high-level information from: 2011 CWE/SANS Top 25 Most Dangerous Software Errors and OWASP Top 10 - 2017
02/25 Buffer overflows; StackGuard StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks
02/27 Code-injection attacks: XSS and HTML5 Code Injection Attacks on HTML5-based Mobile Apps: Characterization, Detection and Mitigation
03/04 Code-injection attacks Sections 1-4 of Defining Code-injection Attacks
03/06 Noncode-injection attacks Defining Injection Attacks
03/18 Student presentations (Project-proposal presentations)
03/20 Information flow; Noninterference Principles of Secure Information Flow Analysis
03/25 Security usability On the Challenges in Usable Security Lab Studies: Lessons Learned from Replicating a Study on SSL Warnings
03/27 (no class) (extra time to study the next paper)
04/01 Control Flow Integrity Sections 1-5 of Control-Flow Integrity: Principles, Implementations, and Applications
04/03 Control-flow integrity; ROP Losing Control: On the Effectiveness of Control-Flow Integrity under Stack Attacks (paper is accessible from the USF campus network)
04/08 Temperature (hot) attacks Using Memory Errors to Attack a Virtual Machine
04/10 Temperature (cold) attacks Lest We Remember: Cold Boot Attacks on Encryption Keys
04/15 DRM Lessons from the Sony CD DRM Episode
04/17 SQL-ID injection attacks SQL-Identifier Injection Attacks (coming soon)
04/22 Trustworthiness Reflections on Trusting Trust
04/24 Student presentations (Final presentations)