Difference between revisions of "IU:TestPage"
Jump to navigation
Jump to search
R.sirgalina (talk | contribs) |
R.sirgalina (talk | contribs) |
||
| Line 13: | Line 13: | ||
* CSE101: Introduction to Programming |
* CSE101: Introduction to Programming |
||
* CSE112: Software Systems Analysis and Design |
* CSE112: Software Systems Analysis and Design |
||
| + | * CSE105 or CSE128 or CSE130 |
||
=== Prerequisite topics === |
=== Prerequisite topics === |
||
| Line 18: | Line 19: | ||
* Software design or software architecture |
* Software design or software architecture |
||
* Basics of compilers |
* Basics of compilers |
||
| + | * Basics of computer architecture (Intel or ARM is preferrable) |
||
== Course Topics == |
== Course Topics == |
||
| Line 64: | Line 66: | ||
==== Level 1: What concepts should a student know/remember/explain? ==== |
==== Level 1: What concepts should a student know/remember/explain? ==== |
||
By the end of the course, the students should be able to ... |
By the end of the course, the students should be able to ... |
||
| + | * Reason about the limitation of different security policies |
||
* Remember main security principles |
* Remember main security principles |
||
* List SDL stages |
* List SDL stages |
||
| Line 74: | Line 77: | ||
==== Level 2: What basic practical skills should a student be able to perform? ==== |
==== Level 2: What basic practical skills should a student be able to perform? ==== |
||
By the end of the course, the students should be able to ... |
By the end of the course, the students should be able to ... |
||
| + | * Read CVEs and understand its impact instead of trusting other experts |
||
* Perform Threat Modeling |
* Perform Threat Modeling |
||
* Review code to find insecure patterns |
* Review code to find insecure patterns |
||
| Line 81: | Line 85: | ||
==== Level 3: What complex comprehensive skills should a student be able to apply in real-life scenarios? ==== |
==== Level 3: What complex comprehensive skills should a student be able to apply in real-life scenarios? ==== |
||
By the end of the course, the students should be able to ... |
By the end of the course, the students should be able to ... |
||
| + | * Reason about security and safety of the system |
||
* Suggest hardenings and architecture drifts to achieve required level of s&s |
* Suggest hardenings and architecture drifts to achieve required level of s&s |
||
* Propose process improvement in a cost-effective manner that would drastically improve the security and safety level. |
* Propose process improvement in a cost-effective manner that would drastically improve the security and safety level. |
||
| Line 121: | Line 126: | ||
* MISRA, AUTOSAR, SEI CERT |
* MISRA, AUTOSAR, SEI CERT |
||
* https://www.microsoft.com/en-us/securityengineering/sdl |
* https://www.microsoft.com/en-us/securityengineering/sdl |
||
| + | * Managing Security Risks Inherent in the Use of Third-Party Components |
||
=== Closed access resources === |
=== Closed access resources === |
||
| Line 126: | Line 132: | ||
* D Deougun, DB Jonhsson, D Sawano (2019) “Secure by design” |
* D Deougun, DB Jonhsson, D Sawano (2019) “Secure by design” |
||
* D LeBlanc, Michael Howard (2002) “Writing secure code” |
* D LeBlanc, Michael Howard (2002) “Writing secure code” |
||
| + | * ISO26262 |
||
=== Software and tools used within the course === |
=== Software and tools used within the course === |
||
* Some static analyser |
* Some static analyser |
||
| − | * AFL |
+ | * AFL |
| + | * snyk.io |
||
= Teaching Methodology: Methods, techniques, & activities = |
= Teaching Methodology: Methods, techniques, & activities = |
||
Revision as of 12:03, 12 September 2022
Secure development
- Course name: Secure development
- Code discipline: XXX
- Subject area: Security and Networks
Short Description
Prerequisites
Prerequisite subjects
- CSE101: Introduction to Programming
- CSE112: Software Systems Analysis and Design
- CSE105 or CSE128 or CSE130
Prerequisite topics
- Basic programming skills, C/C++ is recommended
- Software design or software architecture
- Basics of compilers
- Basics of computer architecture (Intel or ARM is preferrable)
Course Topics
| Section | Topics within the section |
|---|---|
| Basics of security |
|
| Security architecture |
|
| Secure coding |
|
| Secure operating |
|
| Security assurance |
|
| Linux security |
|
Intended Learning Outcomes (ILOs)
What is the main purpose of this course?
The main purpose of this course is to give students a security vision from up to down, because the security principle of weakest link insist that the weakest part of the process/system would be the one to be attacked.
ILOs defined at three levels
Level 1: What concepts should a student know/remember/explain?
By the end of the course, the students should be able to ...
- Reason about the limitation of different security policies
- Remember main security principles
- List SDL stages
- Describe the difference between security and safety
- Explain basic binary vulnerabilities
- Specify the required security assurance
- Describe the key elements of SOC systems
- Explain why fuzzing is not the same as unit or integration testing
Level 2: What basic practical skills should a student be able to perform?
By the end of the course, the students should be able to ...
- Read CVEs and understand its impact instead of trusting other experts
- Perform Threat Modeling
- Review code to find insecure patterns
- Deal with open source code securely
- Explain the value of bug bounty programme and find the right moment to start it
Level 3: What complex comprehensive skills should a student be able to apply in real-life scenarios?
By the end of the course, the students should be able to ...
- Reason about security and safety of the system
- Suggest hardenings and architecture drifts to achieve required level of s&s
- Propose process improvement in a cost-effective manner that would drastically improve the security and safety level.
Grading
Course grading range
| Grade | Range | Description of performance |
|---|---|---|
| A. Excellent | 80-100 | - |
| B. Good | 60-79 | - |
| C. Satisfactory | 40-59 | - |
| D. Fail | 0-39 | - |
Course activities and grading breakdown
| Activity Type | Percentage of the overall course grade |
|---|---|
| Assignment/Labs | 70 |
| Final quiz | 30 |
Recommendations for students on how to succeed in the course
Participation is important. Showing up is the key to success in this course.
If you don’t have a corresponding technical background, please do not hesitate to ask lecturer. If you feel that the gap is deep, request for extra reading.
Reading the recommended literature is optional, and will give you a deeper understanding of the material.
Resources, literature and reference materials
Open access resources
- Owasp.com
- MITRE SOC Operations https://www.mitre.org/sites/default/files/publications/11-strategies-of-a-world-class-cybersecurity-operations-center.pdf
- MISRA, AUTOSAR, SEI CERT
- https://www.microsoft.com/en-us/securityengineering/sdl
- Managing Security Risks Inherent in the Use of Third-Party Components
Closed access resources
- Matt Bishop, (2018) “Computer Security: Art and Science”
- D Deougun, DB Jonhsson, D Sawano (2019) “Secure by design”
- D LeBlanc, Michael Howard (2002) “Writing secure code”
- ISO26262
Software and tools used within the course
- Some static analyser
- AFL
- snyk.io
Teaching Methodology: Methods, techniques, & activities
Activities and Teaching Methods
| Teaching Techniques | Section 1 | Section 2 | Section 3 | Section 4 | Section 5 | Section 6 |
|---|---|---|---|---|---|---|
| Problem-based learning (students learn by solving open-ended problems without a strictly-defined solution) | 1 | 1 | 1 | 1 | 1 | 1 |
| Modular learning (facilitated self-study) | 1 | 1 | 1 | 1 | 1 | 1 |
| Differentiated learning (provide tasks and activities at several levels of difficulty to fit students needs and level) | 1 | 1 | 1 | 1 | 1 | 1 |
| Contextual learning (activities and tasks are connected to the real world to make it easier for students to relate to them); | 1 | 1 | 1 | 1 | 1 | 1 |
| Business game (learn by playing a game that incorporates the principles of the material covered within the course). | 1 | 1 | 1 | 1 | 1 | 1 |
| Learning Activities | Section 1 | Section 2 | Section 3 | Section 4 | Section 5 | Section 6 |
|---|---|---|---|---|---|---|
| Lectures | 1 | 1 | 1 | 1 | 1 | 1 |
| Lab exercises | 1 | 1 | 1 | 1 | 1 | 1 |
Formative Assessment and Course Activities
Ongoing performance assessment
Section 1
| Activity Type | Content | Is Graded? |
|---|---|---|
| Individual Assignments | A2: Product Ideation and Market Research Find all weakness in the code snippet. Suggest how to fix them in a secure way. What is your recommendation for the code author? |
1 |
Section 2
Section 3
Section 4
Section 5
Section 6
Final assessment
Section 1
Section 2
Section 3
Section 4
Section 5
Section 6
The retake exam
Section 1
Section 2
Section 3
Section 4
Section 5
Section 6