CS 410/510:  Software Security (Language-based Security)

Instructor

James Hook
hook at cs.pdx.edu
phone: 503 725 5540
office: FAB 310 (City Tower; third floor)

Office hours by appointment.

Class mailing list:

https://webmail.cecs.pdx.edu/mailman/listinfo.cgi/lbsec

There is an email-based interface for users (not administrators) of your list; you can get info about using it by sending a message with just the word `help' as subject or in the body, to:

lbsec-request@cecs.pdx.edu

To unsubscribe a user: from the mailing list 'listinfo' web page, click on or enter the user's email address as if you were that user. Where that user would put in their password to unsubscribe, put in your admin password. You can also use your password to change member's options, including digestification, delivery disabling, etc.

Format

This is a seminar style course that studies original sources and artifacts.  Students are expected to be familiar with basic results and vocabulary in software engineering, computer security, and programming languages. 

The class will meet twice a week.  There will be essentially three class formats:  organizational, seminar, and student presentation.  The first lecture is organizational.  Lectures 2 – 16 will be seminar style.  Lectures 17 – 20 will be student presentations.

There will be a reading assignment for each seminar style class meeting.  One student will be assigned to lead the discussion of the material.  All students are expected to have read the material and be prepared to discuss it.  I anticipate that each student will lead approximately 2 seminar style classes. Some classes may cover more than one paper.

When leading a discussion please be prepared to discuss:

1. The context of the paper
2. The thesis being investigated
3. The contribution
4. The method of investigation
5. The “power” of the results
6. The influence of the paper
7. The applicability of the results
8. Summary of the technical development
9. Details of any examples

Students are required to do a project and a project presentation.  The project should be described in a written project report.  The objective of the project is to show knowledge in depth of a particular approach, tool, or artifact.  Suggested projects are listed below.  The student is required to hand in a project proposal in the fifth week of the term.  The proposal should have a one paragraph “abstract”, an annotated bibliography, and an outline (extended outline is good).  If the project involves the evaluation of a tool be sure to include information about how the tool is obtained and how you plan to evaluate the tool.  Students are required to make a 30 minute presentation to be followed by approximately 15 minutes of questions and discussion near the end of term.  Students are encouraged (not required) to submit a draft paper or updated and expanded project proposal to the instructor the class prior to their presentation.  Final project write-ups will be due at the date and time scheduled for the final exam.

There will be no examinations.

Grading

Students will be evaluated on

1. Preparation for the seminars they lead.
2. Preparation for all other seminars.
3. Project final report and presentation.

Objectives

1. The student will become familiar with the high assurance software development problem in several contexts. 
2. The student will become familiar with classic and current research literature in software assurance.
3. The student will present, critique, and discuss original sources (papers, case studies, etc.) and/or artifacts (tools or research prototypes).

Project Ideas

Tool evaluation

Pick a tool, download it, go through the tutorial, generate some of your own examples, and attempt to apply it to an artifact of interest to you.  Some suggestions to consider:

• Cyclone
• BLAST
• Bandera/Bogor
• ESC Java and friends
• Cryptol?
• Flow CAML http://cristal.inria.fr/~simonet/soft/flowcaml/

Case study

Pick a high-assurance artifact, describe it, describe the techniques used in its development, and discuss if it achieved a sufficient level of assurance.  Discuss the influence of the artifact.

• 5ESS phone switch
• Arian 5
• MASK:  mathematically assured separation kernel
• Security Enhanced Linux
• SLAM

Experience report

Describe a personal experience in high assurance software development.  Discuss the problem, the techniques used, and the results. 

Students Requiring Accommodation:

If you are a student with a disability in need of academic accommodations, you should register with Disability Services for Students and notify the instructor immediately to arrange for support services.