Software Security

CompSci 725 FC 01
Clark Thomborson
Handout 1: General Information

Lecturer

Prof Clark Thomborson (Supervisor). Email: <cthombor@cs.auckland.ac.nz>

Published prerequisites

(CompSci 330 Language Implementation or CompSci 333 Functional Programming & Language Implementation) and CompSci 320 Algorithmics.

Acceptable prerequisites

Any two of the following: CompSci 330 Language Implementation, CompSci 333 Functional Programming & Language Implementation, CompSci 320 Algorithmics, CompSci 313 Computer Organisation, CompSci 314 Data Communications Fundamentals, CompSci 340 Operating Systems, CompSci 335 Distributed Objects and Algorithms, CompSci 350 Mathematical Foundations of Computer Science.

Scheduled Lecture Times

First semester 2001, City campus, Math/Phys/CS room 246, TWF 9-10.

Required Reading

You will read approximately 40 technical articles during the first eight weeks of this paper. These will be the basis of our in-class discussions. Some of these articles are available online, and I will hand out the others in hardcopy. Your term paper will be based on your reading and interpretation of at least two additional articles of your choice.

Description

Software security is taking on new importance as e-commerce moves from hype to reality. Software systems are susceptible to a variety of attacks including eavesdropping, playback, denial of service, and unauthorised use. In this paper we will survey the field of software security, with a particular focus on technical and legal means for protection against unauthorised use.

Content

Denial of service, privacy violations, primary and collateral damage. Eavesdropping, playback, binary tampering during delivery, introduction of hostile code, malicious hosts. Unauthorised use by copying, dongle mimicry, decompilation and recompilation, reverse engineering. Software patents, copyrights, trade secrets. Sandbox, blackbox, and cryptographic security. Steganography. Obfuscation, robust and fragile watermarks, fingerprints.

All students in this paper will prepare and deliver an oral presentation based on a published article in this field. Each student will write a 10-page term paper on some related topic.

Assessment

60% exam, 25% project, 15% seminar.

Tentative Schedule

Warning

We will discuss vulnerabilities in widely-deployed computer systems. This is not an invitation for you to exploit these vulnerabilities! Instead you are expected to behave responsibly. Don't break into computer systems that are not your own. Don't attempt to subvert any security system in any other way, for example by taking over someone else's "digital identity". See Department of Computer Science Computer System Regulations and University of Auckland Computer System Regulations.


Updated 23 February 2001 by CDT.