Skip to the content | Change text size
PDF unit guide

FIT3056 Secure and trusted software systems - Semester 2, 2010

Chief Examiner:

Dr Phu Le
Lecturer
Phone: +61 3 990 32399
Fax: +61 3 990 31077

Contact hours: 12AM - 14PM - Thursday

Lecturer(s) / Leader(s):

Caulfield

Dr Phu Le
Lecturer
Phone: +61 3 990 32399
Fax: +61 3 990 31077

Additional communication information:

Dr. Phu Dung Le

Phone: +61 3 9903 23 99

Office: Faculty of IT - Monash university

           900 Dandenong Rd, Caulfield East Vic 3145,  Australia

           H.706

Introduction

Welcome to Secure and Trusted Software (FIT3056)! 

This unit will be a core unit in the Security major of BITS. It can be an elective unit for students who do not major in security (subject to the approval from the school). This unit will provide students with the knowledge and experience of identifying software vulnerabilities, principles for constructing secure and trusted software, basic software security testing and verification.

Unit synopsis

Students are introduced to some of the most common security issues involved in the development of software, including secure coding practices, secure database access, secure data communications, security of web applications, use of encryption techniques and security testing. Students are provided with a range of practical exercises to reinforce their skills, including authenticating and authorising users programmatically, user input validation, developing secure web, mobile/wireless and database applications, encrypting and hashing data programmatically, generating digital signatures programmatically, security testing, designing logging and auditing mechanisms.

Learning outcomes

At the completion of this unit students will have -
A knowledge and understanding of:
  • some of the main security concepts and issues involved in the development of software, including: Software security versus other aspects of computer security; goals of secure and trusted software; vulnerabilities versus threats; best software development principles and practices; buffer overflows; security of programming platforms; authentication and authorisation; principle of least privilege; security features are not equal to secure features; secure use of encryption; user input validation; reliable software components; data privacy; auditing and logging; security testing;
  • the importance of developing secure software in todays electronic world.
Developed the skills to:
  • design applications with security in mind;
  • validate user input;
  • implement secure authentication mechanisms;
  • authorise users access to various protected resources;
  • encrypt files and hash passwords;
  • store session data securely in web applications;
  • perform secure database access;
  • set up secure transfer of data;
  • create security logs;
  • test software for security vulnerabilities.

Contact hours

2 hrs lectures/wk, 2 hrs laboratories/wk

Workload

  • two-hour lecture and
  • two-hour tutorial (or laboratory) (requiring preparation in advance)
  • a minimum of 4 hours of personal study per one hour of contact time in order to satisfy the reading and assignment expectations.
  • You will need to allocate up to 8 hours per week in several weeks, for use of a computer, including time for group and individual assignments.

  • Unit relationships

    Prerequisites

    FIT1019 and FIT1002

    Teaching and learning method

    Teaching approach

    Timetable information

    For information on timetabling for on-campus classes please refer to MUTTS, http://mutts.monash.edu.au/MUTTS/

    Tutorial allocation

    On-campus students should register for tutorials/laboratories using the Allocate+ system: http://allocate.its.monash.edu.au/

    Unit Schedule

    Week Date* Topic Key dates
    1 19/07/10 Introduction to software design and implementation  
    2 26/07/10 Principles of secure software design and implementation  
    3 02/08/10 Principles of secure software design and implementation (continued)  
    4 09/08/10 Computer system software problems and solutions  
    5 16/08/10 Cryptography and secure software applications  
    6 23/08/10 Cryptography and computer software practice (continued)  
    7 30/08/10 Large computer software and security  
    8 06/09/10 Concurrent programming and software security assignment 1 due 4PM - Friday
    9 13/09/10 Building secure distributed applications  
    10 20/09/10 Secure software testing and verification  
    Mid semester break
    11 04/10/10 Secure software testing and verification (continued)  
    12 11/10/10 Research in secure software design and implementation assignment 2 due 4PM - Friday
    13 18/10/10 Revision  

    *Please note that these dates may only apply to Australian campuses of Monash University. Off-shore students need to check the dates with their unit leader.

    Unit Resources

    Prescribed text(s) and readings

    There is no specific text book for this unit. Students will be provided with a list of research papers and websites for information.

    Recommended text(s) and readings

  • http://www.windowsecurity.com/articles/Analysis_of_Buffer_Overflow_Attacks.html
  • http://www.isoc.org/isoc/conferences/ndss/03/proceedings/papers/8.pdf (Testing C programs for vulnerabilities)
  • http://www.cgisecurity.com/lib/sips.html (Perl scripts and security issues)
  • http://www.mirrors.wiretapped.net/security/info/reference/nist/special-publications/sp-800-8.txt (SQL and security issues)
  • Equipment and consumables required or provided

    Students studying off-campus are required to have the minimum system configuration specified by the Faculty as a condition of accepting admission, and regular Internet access. On-campus students, and those studying at supported study locations may use the facilities available in the computing labs. Information about computer use for students is available from the ITS Student Resource Guide in the Monash University Handbook. You will need to allocate up to n hours per week for use of a computer, including time for newsgroups/discussion groups.

    Study resources

    Study resources we will provide for your study are:

    Assessment

    Overview

    Examination (3 hours): 60%; In-semester assessment: 40%

    Faculty assessment policy

    To pass a unit which includes an examination as part of the assessment a student must obtain:

    • 40% or more in the unit's examination, and
    • 40% or more in the unit's total non-examination assessment, and
    • an overall unit mark of 50% or more.

    If a student does not achieve 40% or more in the unit examination or the unit non-examination total assessment, and the total mark for the unit is greater than 50% then a mark of no greater than 49-N will be recorded for the unit.

    Students must read the handout and assignment specifications carefully for submission, interview and assessment policy.

    Assignment tasks

    Assignment coversheets

    Assignment coversheets are available via "Student Forms" on the Faculty website: http://www.infotech.monash.edu.au/resources/student/forms/
    You MUST submit a completed coversheet with all assignments, ensuring that the plagiarism declaration section is signed.

    Assignment submission and return procedures, and assessment criteria will be specified with each assignment.

    Assignment submission and preparation requirements will be detailed in each assignment specification. Submission must be made by the due date otherwise penalties will be enforced. You must negotiate any extensions formally with your campus unit leader via the in-semester special consideration process: http://www.infotech.monash.edu.au/resources/student/equity/special-consideration.html.

    • Assignment task 1
      Title:
      assignment 1
      Description:
      Identify software design and implementation vulnerabilities and propose solutions.
      Weighting:
      20%
      Criteria for assessment:

      You need to be able to understand the theory and demonstrate your practical work to your tutor. If you fail to understand what you have done you will get Zero for the assignment.

      If you can demonstrate your practical work but do not completely understand the theory, you will get a Pass at the maximum.

      If you can demonstrate your practical work but understand 25% of the theory, you will get a Credit as the maximum. 

      If you can demonstrate your practical work and understand 50% of the theory, you will get a Distinction as the maximum. 

      If you can demonstrate your practical work and understand the theory well, you will get a High Distinction.

      Due date:
      4PM - Friday - Week 8
    • Assignment task 2
      Title:
      assignment 2
      Description:
      Design and implementation secure applications using cryptography.
      Weighting:
      20%
      Criteria for assessment:

      You need to be able to understand the theory and demonstrate your practical work to your tutor. If you fail to understand what you have done you will get Zero for the assignment.

      If you can demonstrate your practical work but do not completely understand the theory, you will get a Pass at the maximum.

      If you can demonstrate your practical work but understand 25% of the theory, you will get a Credit as the maximum. 

      If you can demonstrate your practical work and understand 50% of the theory, you will get a Distinction as the maximum. 

      If you can demonstrate your practical work and understand the theory well, you will get a High Distinction.

      Due date:
      4PM - Friday - Week 12

    Examination

    • Weighting:
      60%
      Length:
      3 hours
      Type (open/closed book):
      Closed book
      Electronic devices allowed in the exam:
      None
    See Appendix for End of semester special consideration / deferred exams process.

    Due dates and extensions

    Please make every effort to submit work by the due dates. It is your responsibility to structure your study program around assignment deadlines, family, work and other commitments. Factors such as normal work pressures, vacations, etc. are not regarded as appropriate reasons for granting extensions. Students are advised to NOT assume that granting of an extension is a matter of course.

    Students requesting an extension for any assessment during semester (eg. Assignments, tests or presentations) are required to submit a Special Consideration application form (in-semester exam/assessment task), along with original copies of supporting documentation, directly to their lecturer within two working days before the assessment submission deadline. Lecturers will provide specific outcomes directly to students via email within 2 working days. The lecturer reserves the right to refuse late applications.

    A copy of the email or other written communication of an extension must be attached to the assignment submission.

    Refer to the Faculty Special consideration webpage or further details and to access application forms: http://www.infotech.monash.edu.au/resources/student/equity/special-consideration.html

    Late assignment

    Assignments received after the due date will be subject to a penalty of 10% for one day late, 20% for two days late, 40% for three days late, 80% for four days late and 100% for five or more days late. 

    Return dates

    Students can expect assignments to be returned within two weeks of the submission date or after receipt, whichever is later.

    Appendix

    Please visit the following URL: http://www.infotech.monash.edu.au/units/appendix.html for further information about:

    • Continuous improvement
    • Unit evaluations
    • Communication, participation and feedback
    • Library access
    • Monash University Studies Online (MUSO)
    • Plagiarism, cheating and collusion
    • Register of counselling about plagiarism
    • Non-discriminatory language
    • Students with disability
    • End of semester special consideration / deferred exams