Course Syllabus

CSci 4271W: Development of Secure Software Systems

4 Credits
Fall 2021
Lecture: TTh 4:00-5:15pm, Keller 3-125
Labs: 
    Section 2: W 3:35 - 4:25, Keller 1-250
    Section 3: M 4:40 - 5:30, Keller 1-250

Instructor

Nick Hopper
Keller 4-211
hoppernj AT umn edu

Teaching Assistant

Saugata Paul
paul1155 AT umn edu

Office Hours

Office hours are shown on the course meeting calendar

Course Overview

The purpose of this course is to provide an overview of threat modeling and security assessment in the development of software systems.  The course will cover techniques to identify, exploit, detect, mitigate and prevent software vulnerabilities at the design, coding, application, compiler, operating system, and networking layers.  As a writing intensive course, we will also emphasize methods for effectively communicating system designs and vulnerabilities. 

Goals and Objectives

By the end of this course you should be able to: 

  1. Describe a system and its threat model using appropriate diagrams and threat classification. 
  2. Recognize common vulnerabilities in protocols, designs and programs.
  3. Describe methods to detect and mitigate these vulnerabilities and their limitations.
  4. Apply principles and standard processes to design more secure software components. 

These objectives will address two student learning outcomes: 

Can identify, define, and solve problems: in assignments and exams you will be given descriptions of software systems and asked to identify potential security vulnerabilities, and methods to mitigate these vulnerabilities.  

Can communicate effectively: Understanding the organization of a complex software system, how potentially adversarial inputs and actors can affect the system, and methods to mitigate these threats requires strong written communication to be effective – if team members cannot convey why a threat should be considered, or why it works, or how to address a threat, resources may not be devoted to fix security problems.  Developing skills to communicate about software and threats is thus equally important to developing skills to find and address these threats. In this class you will regularly practice writing such descriptions in lab reports and written exercises.

Prerequisites

The prerequisite for this class is CSci 3081W: Software Design and Development.  This class will depend on that class and its prerequisites for the following skills and knowledge:

  • Ability to read and write C/C++ code (2021, 3081W)
  • Knowledge of software design practices (3081W)
  • Familiarity with command line development and build tools such as shell/python scripting, makefiles, and git (1113/1133, 1913/1933, 2021, 3081W)
  • Maturity as a programmer, and the ability to handle large programming projects (2041, 3081W)
  • Familiarity with basic mathematical formalisms and program analysis concepts (2011, 2041)

Course Materials

The course will make heavy use of “threat modeling: designing for security” by Adam Shostack. Some additional assigned readings will be from documents accessible via the web, notably several from “Security Engineering, 2nd edition” by Ross Anderson.  Where noted, access to some pages may require a UMN network address, or logging in through the UMN library pages.  Typically there will be around 1-2 hours of reading per week.

Grades

Grading for this course will be based on the following components:

  • Labs (5%): There will be 13 weekly labs introducing some useful tools for assessing software threats.  Each lab can be completed (in groups of size at most 3) by submitting a short summary of your notes and completed work in the lab session.  Completion of the first lab exercise is mandatory, and your total lab grade will be taken out of 10, so any student can miss 3 labs for any reason at no harm to their grade.

  • Homework (10%): There will be 6 roughly bi-weekly sets of homework exercises that can be completed with little programming.  Students may work in groups of size at most 3 on the homework. These should be completed in roughly 2-3 hours each.  We will drop the lowest homework score for each student.

    Late Submissions: A homework solution may be submitted up to 3 days late, with a 15% penalty per day, after which it is worth 0 points.

  • Project Reports (45%): There will be 3 assessment projects due throughout the semester.  In each project, you will be given a software system that has known vulnerabilities, and asked to write a 4-5 page report that describes the system’s design, the vulnerabilities you identified, your efforts to verify the vulnerabilities, and mitigation strategies.  You may work in groups of size at most 3; it is expected that students should be able to complete each project and its report in 25-30 hours of work outside of class. Further instructions for each project will be made available in Canvas.

    All three project reports have Monday evening deadlines.  Each student may request, in advance, an extension to the following Friday evening for one project report.  A group extension request will be considered a request by all members of the group.

  • Two Midterms (10% each): In Class on Thursday, October 7th and Thursday, November 4th.

  • Final Exam (20%): on Thursday, December 16th, from 4:00-6:00pm.

    All exams will be open-book and open notes and involve (very) short answer and written questions similar to those in the homework. 

Final weighted averages will be assigned to grades as follows:

Min Max Grade
[92, 100] A
[88, 92) A-
[84, 88) B+
[80, 84) B
[76, 80) B-
[72, 76) C+
[68, 72) C
[64, 68) C-
[60, 64) D+
[56, 60) D
[0, 56) F

 

A note on groups

In this course, Homeworks, Labs, and Project Reports can be completed in groups of up to 3 students, but are not required to do so, nor are you required to work in the same groups on different assignments.  Students choosing to work in groups should be aware that they are responsible for their choice of groups; in particular, groups will not get special consideration if they were expecting a contribution from some member and they did not produce.

Course Outline

  1. 2 weeks: Threat Modeling, Data Flow Diagrams, Threat taxonomies
  2. 2 weeks: Input Validation and Memory Corruption bugs and mitigations
  3. 1 week: Defensive programming and testing methodologies
  4. 2 weeks: Operating system security mechanisms: identification and authentication, access control, isolation
  5. 2 weeks: Network security overview
  6. 2 weeks: Cryptographic Protocols overview
  7. 1 week: Web Application and Mobile Security and Privacy threats
  8. 1 week: Human Factors and Security

Student Workload Statement

As a 4-credit class, students should expect to spend roughly 180 hours of work on this class over the course of the semester to earn an average (“C”) grade.  Of these, 60 hours will be spent in class, 20 hours on weekly readings, roughly 85 hours outside of class on projects and reports, and 15 hours on the 6 biweekly homeworks.

 

Classroom atmosphere expectations

I want this to be a class where everyone feels comfortable asking questions (which is how we learn!) and contributing to discussions.  In order for this to happen, it is important for us all to respect and learn from one another.  Here are some things to keep in mind when interacting with fellow students and course staff:

We all have different experience levels.  Some students may have encountered some materials in this class before, and might make it look like a problem or concept is easy, where other students might find the material new and intimidating.  Please keep in mind that no one knows all of the material, and everyone struggles at some point.  When someone is struggling and you help them move forward, they will remember and you will learn more than if you try to hold them back.  When you are struggling, just remember that just because you haven't learned something yet doesn't mean you can't learn it now.

We all have different identities.  As part of respectful dialog, please think how your comments could impact others in your group. Refer to others as they prefer to be referred to (including, if referring to them in the third person, using any preferred pronoun they choose to indicate).  

Part of respecting each other is helping to keep each other safe and healthy.  At this time, the university is requiring all students, faculty, and staff to wear masks when indoors, regardless of vaccination status, and has mandated vaccination for all students, faculty and staff.  You will be expected to follow the mask-wearing requirements during lecture, may not bring food into the classroom, and if you remove your mask to drink it should be immediately put back on.  Further information on the University's masking requirement can be found on the safe campus website.  

By the same token, if you are not feeling well, please do not attend lecture.  All class lecture slides will be posted on Canvas, and lecture recordings will also be available through UNITE with no delay.

Academic Integrity Policy

We will occasionally encourage the use of online resources for completing assignments in this course, and of course it is permitted for students to discuss in general how to solve problems.  However, it is never acceptable to use someone else's work without acknowledging it.  Every source you use or modify for an lab, homework or project must be explicitly acknowledged.   Failure to do so will be considered plagiarism.

The University Student Conduct Code defines scholastic dishonesty as: submission of false records of academic achievement; cheating on assignments or examinations; plagiarizing; altering, forging, or misusing a University academic record; taking, acquiring, or using test materials without faculty permission; acting alone or in cooperation with another to falsify records or to obtain dishonestly grades, honors, awards, or professional endorsement. In this course, a student responsible for scholastic dishonesty will be assigned a penalty of an "F" or "N" for the course. If you have any questions regarding the expectations for a specific assignment or exam, ask.

Furthermore, in this class we will often discuss ways of compromising the security of certain computer systems. It is very important that you never apply these techniques to a computer without the owner's permission. If we learn that a student has exploited a vulnerability discussed in class (without permission of the computer's owner/operator) that student will fail.  Exploiting such vulnerabilities without permission is also likely to be a serious criminal offense.

The Office for Community Standards has compiled a useful list of Frequently Asked Questions pertaining to scholastic dishonesty: https://communitystandards.umn.edu/avoid-violations/avoiding-scholastic-dishonesty. 

Makeup Work for Legitimate Absences

Students will not be penalized for absence during the semester due to unavoidable or legitimate circumstances. Such circumstances include verified illness, participation in intercollegiate athletic events, subpoenas, jury duty, military service, bereavement, and religious observances. Such circumstances do not include voting in local, state, or national elections. For complete information, please see: http://policy.umn.edu/education/makeupwork.

Appropriate Student Use of Class Notes and Course Materials

Taking notes is a means of recording information but more importantly of personally absorbing and integrating the educational experience. However, broadly disseminating class notes beyond the classroom community or accepting compensation for taking and distributing classroom notes undermines instructor interests in their intellectual work product while not substantially furthering instructor and student interests in effective learning. Such actions violate shared norms and standards of the academic community. For additional information, please see: http://policy.umn.edu/education/studentresp.

Sexual Harassment

"Sexual harassment" means unwelcome sexual advances, requests for sexual favors, and/or other verbal or physical conduct of a sexual nature. Such conduct has the purpose or effect of unreasonably interfering with an individual's work or academic performance or creating an intimidating, hostile, or offensive working or academic environment in any University activity or program. Such behavior is not acceptable in the University setting. For additional information, please consult Board of Regents Policy: https://regents.umn.edu/sites/regents.umn.edu/files/policies/Sexual_Harassment_Sexual_Assault_Stalking_Relationship_Violence.pdf

Equity, Diversity, Equal Opportunity, and Affirmative Action

The University provides equal access to and opportunity in its programs and facilities, without regard to race, color, creed, religion, national origin, gender, age, marital status, disability, public assistance status, veteran status, sexual orientation, gender identity, or gender expression. For more information, please consult Board of Regents Policy: http://regents.umn.edu/sites/regents.umn.edu/files/policies/Equity_Diversity_EO_AA.pdf.

Disability Accommodations

The University of Minnesota views disability as an important aspect of diversity, and is committed to providing equitable access to learning opportunities for all students. The Disability Resource Center (DRC) is the campus office that collaborates with students who have disabilities to provide and/or arrange reasonable accommodations. 

  • If you have, or think you have, a disability in any area such as, mental health, attention, learning, chronic health, sensory, or physical, please contact the DRC office on your campus (612.626.1333) to arrange a confidential discussion regarding equitable access and reasonable accommodations. 
  • Students with short-term disabilities, such as a broken arm, can often work with instructors to minimize classroom barriers. In situations where additional assistance is needed, students should contact the DRC as noted above.
  • If you are registered with the DRC and have a disability accommodation letter dated for this semester or this year, please contact your instructor early in the semester to review how the accommodations will be applied in the course. 
  • If you are registered with the DRC and have questions or concerns about your accommodations please contact your (access consultant/disability specialist).

Additional information is available on the DRC website: https://diversity.umn.edu/disability/  or  students may email drc@umn.edu with questions.

Mental Health and Stress Management

As a student you may experience a range of issues that can cause barriers to learning, such as strained relationships, increased anxiety, alcohol/drug problems, feeling down, difficulty concentrating and/or lack of motivation. These mental health concerns or stressful events may lead to diminished academic performance and may reduce your ability to participate in daily activities. University of Minnesota services are available to assist you. You can learn more about the broad range of confidential mental health services available on campus via the Student Mental Health Website: http://www.mentalhealth.umn.edu.

Academic Freedom and Responsibility

Academic freedom is a cornerstone of the University. Within the scope and content of the course as defined by the instructor, it includes the freedom to discuss relevant matters in the classroom. Along with this freedom comes responsibility. Students are encouraged to develop the capacity for critical judgment and to engage in a sustained and independent search for truth. Students are free to take reasoned exception to the views offered in any course of study and to reserve judgment about matters of opinion, but they are responsible for learning the content of any course of study for which they are enrolled.

Reports of concerns about academic freedom are taken seriously, and there are individuals and offices available for help. Contact the instructor, the Department Chair, your adviser, the associate dean of the college, or the Vice Provost for Faculty and Academic Affairs in the Office of the Provost.

Course Summary:

Date Details Due