home button

Foundations of Software Security
USF CIS 6373, Spring 2022

Announcements

Final grades are posted in Canvas.

Course materials

Syllabus

Grades

Please use Canvas to check your grades.

Schedule (filled in as the semester progresses)

Dates Topics Reading (discussed in class)
01/10 Introduction Class notes
01/12 Background to enforceability theory Enforceable Security Policies
01/19 Research publications; Enforceability theory Enforceable Security Policies
01/24 Research publications; Enforceability theory Enforceable Security Policies
01/26 Enforceability theory Enforceable Security Policies
01/31 Enforceability theory (same)
02/02 Enforceability theory (same)
02/07 Enforceability theory Sections 1-4 and Section 8 of MRAs
02/09 Enforceability theory Sections 1-4 and Section 8 of MRAs
02/14 Enforceability theory (same)
02/16 Enforceability theory Pages 1-10 of Gray Policies. You may skip Section 2.3. In other words, read through Theorem 3 while skipping Section 2.3
02/21 Enforceability theory (same)
02/23 Enforceability theory; Vulnerability categories (1) GUT of enforcement
(2) CWE Top 25
(3) OWASP Top 10
Please just try to get the main ideas from all the readings.
02/28 Vulnerability rankings Coauthentication
03/02 Authentication; Cryptographic protocols Coauthentication
03/07 (SQL) Injection Attacks (1) Sections 1-3 of CIAOs
(2) BroNIEs
03/09 SQL-Identifier Injection Attacks SQL-IDIAs
03/21 Proposal presentations (none)
03/23 Buffer overflows StackGuard
03/28 Buffer overflows and related attacks; CFI CFI (you may skip Section 6 and the Appendix)
03/30 CFI (same)
04/04 Memory I (1) Hot
(2) Cold
04/06 Memory II (1) RowHammer
(2) for clouds
(3) and mitigations
04/11 Public transportation security A literature review
04/13 Usability (1) Challenges
(2) Coauthentication
04/18 Secure software development Co-creation
04/20 Secure software development Situated learning
04/25 Trust; Backdoors Reflections
04/27 Final presentations (none)