Skip to the content | Change text size
PDF unit guide

FIT3056 Secure and trusted software systems - Semester 2, 2011

Students are introduced to some of the most common security issues involved in the development of software, including secure coding practices, secure database access, secure data communications, security of web applications, use of encryption techniques and security testing. Students are provided with a range of practical exercises to reinforce their skills, including authenticating and authorising users programmatically, user input validation, developing secure web, mobile/wireless and database applications, encrypting and hashing data programmatically, generating digital signatures programmatically, security testing, designing logging and auditing mechanisms.

Mode of Delivery

Caulfield (Day)

Contact Hours

2 hrs lectures/wk, 2 hrs laboratories/wk

Workload

Workload commitments per week are:

Two-hour lecture, two-hour tutorial (or laboratory) requiring preparation in advance, and a minimum of 2 hours of personal study per one-hour of contact time in order to satisfy the reading and assignment expectations.

Unit Relationships

Prerequisites

FIT1002 and one of FIT1019 or FIT2078

Chief Examiner

Campus Lecturer

Caulfield

Phu Dung Le

Tutors

Caulfield

Phu Dung Le

Contact hours: Tuesday 2pm - 4pm

Academic Overview

Learning Objectives

At the completion of this unit students will have -
A knowledge and understanding of:

  • some of the main security concepts and issues involved in the development of software, including: Software security versus other aspects of computer security; goals of secure and trusted software; vulnerabilities versus threats; best software development principles and practices; buffer overflows; security of programming platforms; authentication and authorisation; principle of least privilege; security features are not equal to secure features; secure use of encryption; user input validation; reliable software components; data privacy; auditing and logging; security testing;
  • the importance of developing secure software in today's electronic world.
Developed the skills to:
  • design applications with security in mind;
  • validate user input;
  • implement secure authentication mechanisms;
  • authorise users access to various protected resources;
  • encrypt files and hash passwords;
  • store session data securely in web applications;
  • perform secure database access;
  • set up secure transfer of data;
  • create security logs;
  • test software for security vulnerabilities.

Graduate Attributes

Monash prepares its graduates to be:
  1. responsible and effective global citizens who:
    1. engage in an internationalised world
    2. exhibit cross-cultural competence
    3. demonstrate ethical values
  2. critical and creative scholars who:
    1. produce innovative solutions to problems
    2. apply research skills to a range of challenges
    3. communicate perceptively and effectively

Assessment Summary

Examination (3 hours): 60%; In-semester assessment: 40%

Assessment Task Value Due Date
Assignment 1 - Identify software design and implementation vulnerabilities, and propose solutions 20% 4pm Friday Week 8
Assignment 2 - Design and implementation of secure and trusted applications using cryptography 20% 4pm Friday Week 12
Examination 1 60% To be advised

Teaching Approach

Lecture and tutorials or problem classes
This teaching and learning approach provides facilitated learning, practical exploration and peer learning.

Feedback

Our feedback to You

Types of feedback you can expect to receive in this unit are:
  • Informal feedback on progress in labs/tutes

Your feedback to Us

Monash is committed to excellence in education and regularly seeks feedback from students, employers and staff. One of the key formal ways students have to provide feedback is through SETU, Student Evaluation of Teacher and Unit. The University's student evaluation policy requires that every unit is evaluated each year. Students are strongly encouraged to complete the surveys. The feedback is anonymous and provides the Faculty with evidence of aspects that students are satisfied and areas for improvement.

For more information on Monash's educational strategy, and on student evaluations, see:
http://www.monash.edu.au/about/monash-directions/directions.html
http://www.policy.monash.edu/policy-bank/academic/education/quality/student-evaluation-policy.html

Previous Student Evaluations of this unit

If you wish to view how previous students rated this unit, please go to
https://emuapps.monash.edu.au/unitevaluations/index.jsp

Unit Schedule

Week Activities Assessment
0    
1 Introduction to software design and implementation  
2 Computer software security problems and solutions  
3 Computer software security problems and solutions (con't)  
4 Principles of secure software design and implementation  
5 Concurrent programming and software security  
6 Concurrent programming and software security (con't)  
7 Building secure networked and distributed applications  
8 Building secure networked and distributed applications (con't) Assignment 1 due 4pm Friday Week 8
9 Building trusted software systems  
10 Secure software testing and verification  
11 Secure software testing and verification (con't)  
12 Research in software security and trusted systems Assignment 2 due 4pm Friday Week 12
  SWOT VAC No formal assessment is undertaken SWOT VAC
  Examination period LINK to Assessment Policy: http://policy.monash.edu.au/policy-bank/
academic/education/assessment/
assessment-in-coursework-policy.html

*Unit Schedule details will be maintained and communicated to you via your MUSO (Blackboard or Moodle) learning system.

Assessment Requirements

Assessment Policy

To pass a unit which includes an examination as part of the assessment a student must obtain:

  • 40% or more in the unit's examination, and
  • 40% or more in the unit's total non-examination assessment, and
  • an overall unit mark of 50% or more.

If a student does not achieve 40% or more in the unit examination or the unit non-examination total assessment, and the total mark for the unit is greater than 50% then a mark of no greater than 49-N will be recorded for the unit

Assessment Tasks

Participation

  • Assessment task 1
    Title:
    Assignment 1 - Identify software design and implementation vulnerabilities, and propose solutions
    Description:
    This assignment does not require you to write your own code.  You have to study other people' programs, identify possible vulnerabilities and propose solutions to secure those programs.

    If you analyse the vulnerabilities of the programs correctly in your report and understand the problems well, this will give you 30% of the total marks. Your demonstration will give you another 40% and your proposed security solutions another 30%. 

    More details will be provided on the Assignment specification.
    Weighting:
    20%
    Criteria for assessment:

    Assessment will depend mainly on how well you can demonstrate a clear understanding of your work, theoretically and practically.

    Due date:
    4pm Friday Week 8
  • Assessment task 2
    Title:
    Assignment 2 - Design and implementation of secure and trusted applications using cryptography
    Description:
    You have to complete a programming task with well-explained documentation, write a report to explain why your code is secure and meets the requirements of secure and trusted software, demonstrate your programs to the tutor and answer the tutor's questions at the interview. 

    Your report will give you 30% of the total marks. If your code works and meets the assignment requirements of secure and trusted software, this will give another 50% of the total marks. Your demonstration and answers to interview questions will give you another 20%.

    More details will be provided on the Assignment specification.
    Weighting:
    20%
    Criteria for assessment:

    Assessment will depend mainly on how well you can demonstrate a clear understanding of your work, theoretically and practically.

    Due date:
    4pm Friday Week 12

Examinations

  • Examination 1
    Weighting:
    60%
    Length:
    3 hours
    Type (open/closed book):
    Closed book
    Electronic devices allowed in the exam:
    None

Assignment submission

It is a University requirement (http://www.policy.monash.edu/policy-bank/academic/education/conduct/plagiarism-procedures.html) for students to submit an assignment coversheet for each assessment item. Faculty Assignment coversheets can be found at http://www.infotech.monash.edu.au/resources/student/forms/. Please check with your Lecturer on the submission method for your assignment coversheet (e.g. attach a file to the online assignment submission, hand-in a hard copy, or use an online quiz).

Extensions and penalties

Returning assignments

Other Information

Policies

Student services

The University provides many different kinds of support services for you. Contact your tutor if you need advice and see the range of services available at www.monash.edu.au/students The Monash University Library provides a range of services and resources that enable you to save time and be more effective in your learning and research. Go to http://www.lib.monash.edu.au or the library tab in my.monash portal for more information. Students who have a disability or medical condition are welcome to contact the Disability Liaison Unit to discuss academic support services. Disability Liaison Officers (DLOs) visit all Victorian campuses on a regular basis