Software Security, 6 credits (TDDC90)

Main field of study

Information Technology, Computer Science and Engineering, Computer Science

Course level

Second cycle

Advancement level

A1X

Course offered for

• Master's Programme in Computer Science
• Master of Science in Computer Science and Engineering
• Master of Science in Information Technology
• Master of Science in Computer Science and Software Engineering
• Computer Science and Engineering, M Sc in Engineering
• Industrial Engineering and Management - International, M Sc in Engineering
• Industrial Engineering and Management, M Sc in Engineering
• Information Technology, M Sc in Engineering
• Computer Science and Software Engineering, M Sc in Engineering

Prerequisites

Basic course in security. Students are expected to have knowledge of operating systems, programming languages, and software engineering. Students should be able to develop, test and debug software in Unix or Linux environments. Some experience with C-programming as well as basic knowledge of web application development are recommended.

Intended learning outcomes

Students taking this course will learn about the issues underlying software security, and develop the skills needed to build secure software. The course covers methods, tools, and best practices for building secure software. Students completing this course should be able to:

• identify and analyze security problems in software;
• formulate security requirements for software;
• devise, evaluate, and explain solutions to software security;
• critically evaluate the effectiveness of methods, state-of-art tools, and best practices, for detecting and preventing vulnerabilities; and
• design and write secure software.

Course content

The course covers:

• vulnerability discovery and analysis, and supporting tools;
• analysis of infamous vulnerabilities and their exploits;
• attack and vulnerability modeling;
• security requirements analysis and design for security;
• principles for secure programming;
• static and dynamic intrusion prevention mechanisms;
• security testing and evaluation; and
• systematic approaches to building secure software.

Vulnerabilities, attacks, and principles for secure programming are studied with an emphasis on programs written in C/C++ and web applications.

Teaching and working methods

The course consists of lectures and laboratory work.

Examination

UPG1	Laboratory work and assignments	U, G	3 credits
TEN1	Written examination	U, 3, 4, 5	3 credits

Grades

Four-grade scale, LiU, U, 3, 4, 5

Other information

About teaching and examination language

The teaching language is presented in the Overview tab for each course. The examination language relates to the teaching language as follows: 

• If teaching language is Swedish, the course as a whole or in large parts, is taught in Swedish. Please note that although teaching language is Swedish, parts of the course could be given in English. Examination language is Swedish. 
• If teaching language is Swedish/English, the course as a whole will be taught in English if students without prior knowledge of the Swedish language participate. Examination language is Swedish or English (depending on teaching language). 
• If teaching language is English, the course as a whole is taught in English. Examination language is English. 

Other

The course is conducted in a manner where both men's and women's experience and knowledge are made visible and developed. 

The planning and implementation of a course should correspond to the course syllabus. The course evaluation should therefore be conducted with the course syllabus as a starting point.  

Department

Institutionen för datavetenskap

Director of Studies or equivalent

Patrick Lambrix

Examiner

Ulf Kargén

Course website and other links

http://www.ida.liu.se/~TDDC90/index.en.shtml

Education components

Preliminary scheduled hours: 42 h
Recommended self-study hours: 118 h

Course literature

Other

Articles (see the course home page).