Course Syllabus

CSci 4271W: Development of Secure Software Systems

4 Credits
Spring 2020
Lecture: TTh 9:45-11am, Akerman 319
Labs: 
    Section 2: M 9:05    -  9:55, Keller 1-262
    Section 3: M 10:10 - 11:00, Keller 1-262

Instructor

Nick Hopper
Keller 4-211
hoppernj AT umn edu

Teaching Assistants

Saugata Paul
Keller 2-209
paul1155 AT umn edu

Bowen Wang
Keller 2-209
wang8330 AT umn edu

Office Hours

Office hours are shown on the course calendar.

Course Overview

The purpose of this course is to provide an overview of threat modeling and security assessment in the development of software systems.  The course will cover techniques to identify, exploit, detect, mitigate and prevent software vulnerabilities at the design, coding, application, compiler, operating system, and networking layers.  As a writing intensive course, we will also emphasize methods for effectively communicating system designs and vulnerabilities. 

Goals and Objectives

By the end of this course you should be able to: 

1. Describe a system and its threat model using appropriate diagrams and threat classification. 
2. Recognize common vulnerabilities in protocols, designs and programs.
3. Describe methods to detect and mitigate these vulnerabilities and their limitations.
4. Apply principles and standard processes to design more secure software components. 

These objectives will address two student learning outcomes: 

Can identify, define, and solve problems: in assignments and exams you will be given descriptions of software systems and asked to identify potential security vulnerabilities, and methods to mitigate these vulnerabilities.  

Can communicate effectively: Understanding the organization of a complex software system, how potentially adversarial inputs and actors can affect the system, and methods to mitigate these threats requires strong written communication to be effective – if team members cannot convey why a threat should be considered, or why it works, or how to address a threat, resources may not be devoted to fix security problems.  Developing skills to communicate about software and threats is thus equally important to developing skills to find and address these threats. In this class you will regularly practice writing such descriptions in lab reports and written exercises.

Prerequisites

The prerequisite for this class is CSci 3081W: Software Design and Development.  This class will depend on that class and its prerequisites for the following skills and knowledge:

• Ability to read and write C/C++ code (2021, 3081W)
• Knowledge of software design practices (3081W)
• Familiarity with command line development and build tools such as shell/python scripting, makefiles, and git (1113/1133, 1913/1933, 2021, 3081W)
• Maturity as a programmer, and the ability to handle large programming projects (2041, 3081W)
• Familiarity with basic mathematical formalisms and program analysis concepts (2011, 2041)

Course Materials

The course will make heavy use of “threat modeling: designing for security” by Adam Shostack. Some additional assigned readings will be from documents accessible via the web, notably several from “Security Engineering, 2nd edition” by Ross Anderson.  Where noted, access to some pages may require a UMN network address, or logging in through the UMN library pages.  Typically there will be around 1 hour of reading per week.

Grades

Grading for this course will be based on the following components:

• Labs (5%): There will be 14 weekly labs introducing some useful tools for assessing software threats.  Each lab can be completed (in groups of size at most 3) by showing a TA your completed work in the lab session.  Completion of the first lab exercise is mandatory, and your total lab grade will be taken out of 10.
• Exercises (10%): There will be 6 roughly bi-weekly sets of exercises that can be completed with little programming.  Students may work in groups of size at most 3 on the exercises. These should be completed in roughly 2-3 hours each.  We will drop the lowest exercise score for each student.
  
  Late Submissions: An exercise solution can be submitted up to 48 hours late for 50% credit, after which it is worth 0 points.
  
• Project Reports (45%): There will be 3 assessment projects due throughout the semester.  In each project, you will be given a software system that has known vulnerabilities, and asked to write a 4-5 page report that describes the system’s design, the vulnerabilities you identified, the process by which you identified and exploited these vulnerabilities, and mitigation strategies.  You may work in groups of size at most 3; it is expected that students should be able to complete each project and its report in 25-30 hours of work outside of class. Further instructions for each project will be made available on the course web page.
  
  All three project reports have Friday evening deadlines.  Each student may request, in advance, an extension to the following Monday evening for one project report.  A group extension request will be considered a request by all members of the group.
  
  
• Two Midterms (10% each): In Class on Thursday, Feb. 20 and Thursday, March 26
  
  
• Final Exam (20%): on Monday, May 11th, from 1:30-3:30pm.
  
  All exams will be open-book and open notes and involve (very) short answer and written questions similar to those in the exercises. 

Final weighted averages will be assigned to grades as follows:

Min	Max	Grade
[92,	100]	A
[88,	92)	A-
[84,	88)	B+
[80,	84)	B
[76,	80)	B-
[72,	76)	C+
[68,	72)	C
[64,	68)	C-
[60,	64)	D+
[56,	60)	D
[0,	56)	F

 

A note on groups

In this course, Exercises, Labs, and Project Reports can be completed in groups of up to 3 students, but are not required to do so, nor are they required to work in the same groups on different assignments.  Students choosing to work in groups should be aware that they are responsible for their choice of groups; in particular, groups will not get special consideration if they were expecting a contribution from some member and they did not produce.

Course Outline

1. 2 weeks: Threat Modeling, Data Flow Diagrams, Threat taxonomies
2. 2 weeks: Input Validation and Memory Corruption bugs and mitigations
3. 1 week: Defensive programming and testing methodologies
4. 2 weeks: Operating system security mechanisms: identification and authentication, access control, isolation
5. 2 weeks: Network security overview
6. 2 weeks: Cryptographic Protocols overview
7. 1 week: Web Application and Mobile Security and Privacy threats
8. 1 week: Human Factors and Security

Student Workload Statement

As a 4-credit class, students should expect to spend roughly 180 hours of work on this class over the course of the semester to earn an average (“C”) grade.  Of these, 60 hours will be spent in class, 15 hours on weekly readings, roughly 90 hours outside of class on projects and reports, and 15 hours on the 6 biweekly exercise sets.

Academic Integrity Policy

We will occasionally encourage the use of online resources for completing assignments in this course, and of course it is permitted for students to discuss in general how to solve problems.  However, it is never acceptable to use someone else's work without acknowledging it.  Every source you use or modify for an exercise, homework or project must be explicitly acknowledged.   Failure to do so will be considered plagiarism.

The University Student Conduct Code defines scholastic dishonesty as: submission of false records of academic achievement; cheating on assignments or examinations; plagiarizing; altering, forging, or misusing a University academic record; taking, acquiring, or using test materials without faculty permission; acting alone or in cooperation with another to falsify records or to obtain dishonestly grades, honors, awards, or professional endorsement. In this course, a student responsible for scholastic dishonesty will be assigned a penalty of an "F" or "N" for the course. If you have any questions regarding the expectations for a specific assignment or exam, ask.

Furthermore, in this class we will often discuss ways of compromising the security of certain computer systems. It is very important that you never apply these techniques to a computer without the owner's permission. If we learn that a student has exploited a vulnerability discussed in class (without permission of the computer's owner/operator) that student will fail.  Exploiting such vulnerabilities without permission is also likely to be a serious criminal offense.

The Office for Community Standards has compiled a useful list of Frequently Asked Questions pertaining to scholastic dishonesty: https://communitystandards.umn.edu/avoid-violations/avoiding-scholastic-dishonesty. 

Makeup Work for Legitimate Absences

Students will not be penalized for absence during the semester due to unavoidable or legitimate circumstances. Such circumstances include verified illness, participation in intercollegiate athletic events, subpoenas, jury duty, military service, bereavement, and religious observances. Such circumstances do not include voting in local, state, or national elections. For complete information, please see: http://policy.umn.edu/education/makeupwork.

Appropriate Student Use of Class Notes and Course Materials

Taking notes is a means of recording information but more importantly of personally absorbing and integrating the educational experience. However, broadly disseminating class notes beyond the classroom community or accepting compensation for taking and distributing classroom notes undermines instructor interests in their intellectual work product while not substantially furthering instructor and student interests in effective learning. Such actions violate shared norms and standards of the academic community. For additional information, please see: http://policy.umn.edu/education/studentresp.

Sexual Harassment

"Sexual harassment" means unwelcome sexual advances, requests for sexual favors, and/or other verbal or physical conduct of a sexual nature. Such conduct has the purpose or effect of unreasonably interfering with an individual's work or academic performance or creating an intimidating, hostile, or offensive working or academic environment in any University activity or program. Such behavior is not acceptable in the University setting. For additional information, please consult Board of Regents Policy: https://regents.umn.edu/sites/regents.umn.edu/files/policies/Sexual_Harassment_Sexual_Assault_Stalking_Relationship_Violence.pdf

Equity, Diversity, Equal Opportunity, and Affirmative Action

The University provides equal access to and opportunity in its programs and facilities, without regard to race, color, creed, religion, national origin, gender, age, marital status, disability, public assistance status, veteran status, sexual orientation, gender identity, or gender expression. For more information, please consult Board of Regents Policy: http://regents.umn.edu/sites/regents.umn.edu/files/policies/Equity_Diversity_EO_AA.pdf.

Disability Accommodations

The University of Minnesota views disability as an important aspect of diversity, and is committed to providing equitable access to learning opportunities for all students. The Disability Resource Center (DRC) is the campus office that collaborates with students who have disabilities to provide and/or arrange reasonable accommodations. 

• If you have, or think you have, a disability in any area such as, mental health, attention, learning, chronic health, sensory, or physical, please contact the DRC office on your campus (612.626.1333) to arrange a confidential discussion regarding equitable access and reasonable accommodations. 
• Students with short-term disabilities, such as a broken arm, can often work with instructors to minimize classroom barriers. In situations where additional assistance is needed, students should contact the DRC as noted above.
• If you are registered with the DRC and have a disability accommodation letter dated for this semester or this year, please contact your instructor early in the semester to review how the accommodations will be applied in the course. 
• If you are registered with the DRC and have questions or concerns about your accommodations please contact your (access consultant/disability specialist).

Additional information is available on the DRC website: https://diversity.umn.edu/disability/  or  students may email drc@umn.edu with questions.

Mental Health and Stress Management

As a student you may experience a range of issues that can cause barriers to learning, such as strained relationships, increased anxiety, alcohol/drug problems, feeling down, difficulty concentrating and/or lack of motivation. These mental health concerns or stressful events may lead to diminished academic performance and may reduce your ability to participate in daily activities. University of Minnesota services are available to assist you. You can learn more about the broad range of confidential mental health services available on campus via the Student Mental Health Website: http://www.mentalhealth.umn.edu.

Academic Freedom and Responsibility

Academic freedom is a cornerstone of the University. Within the scope and content of the course as defined by the instructor, it includes the freedom to discuss relevant matters in the classroom. Along with this freedom comes responsibility. Students are encouraged to develop the capacity for critical judgment and to engage in a sustained and independent search for truth. Students are free to take reasoned exception to the views offered in any course of study and to reserve judgment about matters of opinion, but they are responsible for learning the content of any course of study for which they are enrolled.

Reports of concerns about academic freedom are taken seriously, and there are individuals and offices available for help. Contact the instructor, the Department Chair, your adviser, the associate dean of the college, or the Vice Provost for Faculty and Academic Affairs in the Office of the Provost.