CS 4330 Building Secure Software (4)			2005

Catalog description:
   Security and safety analysis in software design and development. 
   Vulnerability detection and avoidance. Topics include authentication, 
   principle of least privilege, buffer overflows, race conditions, 
   time-of-check vs. time-of-use, trust management, access control, 
   and other security relevant issues.
   Prerequisite: CS 3240


Course description:
   Overview of security issues regarding software
   Interrelationship of "security", "reliability", and "safety"
   Security policies: what is a security problem?
   Managing security risks
   Principle of least privilege
   Privacy, authentication, trust, integrity
   Access control
   Various vulnerabilities: buffer overflows,
	time-of-check/time-of-use, race conditions

   Uses of cryptographic techniques and randomness
   Other topics as time allows.

Texts:
   McGraw & Viega, Building Secure Software, Addison Wesley
   Hoglund & McGraw, Exploiting Software, Addison Wesley