General Information

Catalog Data

This course provides a deep understanding of operating systems and TCP/IP networking architecture and the low-level interfaces that are required to build secure system-level, multithreaded, and network applications, including file and process operations, inter-process communications, creating and implementing networking protocols and sockets-based programming. Students will learn how to design secure applications, write secure code to withstand attacks, conduct security testing and auditing, and apply those skills to real-world problems.

Course Format

This course will be conducted in person with two 75-minute sessions each week.

Course Objectives

This course is intended to provide students with the skills needed to develop applications that are resilient to attacks. Development of single- and multi-threaded secure network applications using socket communication. Analysis and defense against low-level implementation flaws and validation of user inputs. Defensive programming the role of exception handling. Prevention of attacks to compromise storage access like SQL Injections. Network defense techniques (Firewall, VLAN, and Routing). Security testing and Web security.

Prerequisites

• This course requires CSCI-3761 with a C- or higher grade.
  • Note: Each student must sign the online Prerequisites Agreement form to receive credit for the course.

Expected Knowledge

Required at the Course Start

Understanding computer programming, compilation, program memory management, data structures, and basic algorithms. Understanding of networks, protocols, and OSI model. We expect the student to have experience in C or C++ programming language.

Gained at the End of the Course

Students are expected to understand the basis of computer security and the cryptographic techniques used for securing communication and data storage. Students should be capable of designing and developing applications to withhold attack and be able to test cases for their programs.

Textbook

• Designing Secure Software, a guide for developers by L. Kohnfelder. 1st edition, No Starch Press. ISBN 978-1-7185-0192-8. (required). Available online through Auraria Library
• Security in Computing by C. Pfleeger, et al. 6th edition. Published by Pearson. ISBN 978-0-13- 789121-4. (required). Available at Pearson (digital and print)
• Java How to Program by P. and H. Deitel. 11th edition. Published by Pearson. ISBN 978-0-13- 474335-6. Reference Only. Other references can substitute it.
• Other materials can be assigned for specific topics.

Topics

• Security Fundamentals.
• Security Design Patterns.
• Cryptography.
• Secure Design and Programming.
• Low-level and Input Coding Flaws
• Defensive Programming and Reliable Code
• Secure Networking and Multi-threaded Programming. Secure Network Infrastructure.
• Securing DB Applications.
• Security Testing
• Security and the Web.

Course Procedures

Grading

• The Final Grade will be distributed among the assessments following the table below.

Assessment Group	Grade Pct.
Participation	10%
Homework	20%
Labs	35%
Exams	35%

Final Letter Grade

• We will use the following scale to convert your numerical grade to a letter grade:

Schedule & Readings

• The following schedule is tentative. However, we will try to adhere to it as much as possible.
  • Assigned readings must be completed before the lecture.