COMP SCI 7307 - Secure Programming

North Terrace Campus - Semester 2 - 2019

The purpose of the course is to learn about secure software, including its design, implementation and maintenance. During the course students will be exposed to a selection of topics from the following: performing threat modelling, issues in authentication and authorisation, auditing for security, input sanitising, TOCTOU vulnerabilities, memory management issues, fixing vulnerabilities and patch distribution. The course requires previous programming experience and some understanding of computer systems.

  • General Course Information
    Course Details
    Course Code COMP SCI 7307
    Course Secure Programming
    Coordinating Unit School of Computer Science
    Term Semester 2
    Level Postgraduate Coursework
    Location/s North Terrace Campus
    Units 3
    Contact Up to 2.5 hours per week
    Available for Study Abroad and Exchange Y
    Prerequisites COMP SCI 7103, COMP SCI 7202, COMP SCI 7202B or COMP SCI 7208
    Incompatible COMP SCI 7406
    Restrictions Master of Computing and Innovation, Graduate Diploma in Computer Science and Graduate Certificate in Computer Science students only.
    Course Description The purpose of the course is to learn about secure software, including its design, implementation and maintenance. During the course students will be exposed to a selection of topics from the following: performing threat modelling, issues in authentication and authorisation, auditing for security, input sanitising, TOCTOU vulnerabilities, memory management issues, fixing vulnerabilities and patch distribution. The course requires previous programming experience and some understanding of computer systems.
    Course Staff

    Course Coordinator: Dr Yuval Yarom

    Course Timetable

    The full timetable of all activities for this course can be accessed from Course Planner.

  • Learning Outcomes
    Course Learning Outcomes
    On successful completion of this course students will be able to:

     
    1 Employ secure software development practices
    2 Identify common vulnerable programming patterns
    3 Develop exploits for security vulnerability
    4 Choose mitigation strategies for common vulnerability patterns

     
    University Graduate Attributes

    This course will provide students with an opportunity to develop the Graduate Attribute(s) specified below:

    University Graduate Attribute Course Learning Outcome(s)
    Deep discipline knowledge
    • informed and infused by cutting edge research, scaffolded throughout their program of studies
    • acquired from personal interaction with research active educators, from year 1
    • accredited or validated against national or international standards (for relevant programs)
    2-4
    Critical thinking and problem solving
    • steeped in research methods and rigor
    • based on empirical evidence and the scientific approach to knowledge development
    • demonstrated through appropriate and relevant assessment
    2-4
    Teamwork and communication skills
    • developed from, with, and via the SGDE
    • honed through assessment and practice throughout the program of studies
    • encouraged and valued in all aspects of learning
    1
    Career and leadership readiness
    • technology savvy
    • professional and, where relevant, fully accredited
    • forward thinking and well informed
    • tested and validated by work based experiences
    1-4
  • Learning & Teaching Activities
    Learning & Teaching Modes

    No information currently available.

    Workload

    No information currently available.

    Learning Activities Summary

    No information currently available.

  • Assessment

    The University's policy on Assessment for Coursework Programs is based on the following four principles:

    1. Assessment must encourage and reinforce learning.
    2. Assessment must enable robust and fair judgements about student performance.
    3. Assessment practices must be fair and equitable to students and give them the opportunity to demonstrate what they have learned.
    4. Assessment must maintain academic standards.

    Assessment Summary
    Assessment Task Weighting (%) Individual/ Group Formative/ Summative
    Due (week)*
    Hurdle criteria Learning outcomes CBOK Alignment**
    Secure Web site development 30 Individual Summative Weeks 2,4,6 1. 2. 4. 1.1 1.2 2.1 2.2 2.6 3.1 3.2 3.3 4.1 4.2 4.3 5.1 5.4
    Performing side-channel attacks 30 Individual Summative Weeks 8,10,12 2. 3. 4. 1.1 1.2 2.1 2.2 2.6 3.1 3.2 4.1 4.2 5.4
    Exam 40 Individual Summative Week 12 Min 40% 1. 2. 3. 4. 1.1 1.2 2.2 2.6 3.1 3.2 3.3 4.1 4.2 4.3 5.4
    Total 100
    * The specific due date for each assessment task will be available on MyUni.
     
    This assessment breakdown complies with the University's Assessment for Coursework Programs Policy.
     
    This course has a hurdle requirement. Meeting the specified hurdle criteria is a requirement for passing the course.

    **CBOK is the Core Body of Knowledge for ICT Professionals defined by the Australian Computer Society. The alignment in the table above corresponds with the following CBOK Areas:

    1. Problem Solving
    1.1 Abstraction
    1.2 Design

    2. Professional Knowledge
    2.1 Ethics
    2.2 Professional expectations
    2.3 Teamwork concepts & issues
    2.4 Interpersonal communications
    2.5 Societal issues
    2.6 Understanding of ICT profession

    3. Technology resources
    3.1 Hardware & Software
    3.2 Data & information
    3.3 Networking

    4. Technology Building
    4.1 Programming
    4.2 Human factors
    4.3 Systems development
    4.4 Systems acquisition

    5.  ICT Management
    5.1 IT governance & organisational
    5.2 IT project management
    5.3 Service management 
    5.4 Security management
    Assessment Detail

    No information currently available.

    Submission

    No information currently available.

    Course Grading

    Grades for your performance in this course will be awarded in accordance with the following scheme:

    M10 (Coursework Mark Scheme)
    Grade Mark Description
    FNS   Fail No Submission
    F 1-49 Fail
    P 50-64 Pass
    C 65-74 Credit
    D 75-84 Distinction
    HD 85-100 High Distinction
    CN   Continuing
    NFE   No Formal Examination
    RP   Result Pending

    Further details of the grades/results can be obtained from Examinations.

    Grade Descriptors are available which provide a general guide to the standard of work that is expected at each grade level. More information at Assessment for Coursework Programs.

    Final results for this course will be made available through Access Adelaide.

  • Student Feedback

    The University places a high priority on approaches to learning and teaching that enhance the student experience. Feedback is sought from students in a variety of ways including on-going engagement with staff, the use of online discussion boards and the use of Student Experience of Learning and Teaching (SELT) surveys as well as GOS surveys and Program reviews.

    SELTs are an important source of information to inform individual teaching practice, decisions about teaching duties, and course and program curriculum design. They enable the University to assess how effectively its learning environments and teaching practices facilitate student engagement and learning outcomes. Under the current SELT Policy (http://www.adelaide.edu.au/policies/101/) course SELTs are mandated and must be conducted at the conclusion of each term/semester/trimester for every course offering. Feedback on issues raised through course SELT surveys is made available to enrolled students through various resources (e.g. MyUni). In addition aggregated course SELT data is available.

  • Student Support
  • Policies & Guidelines
  • Fraud Awareness

    Students are reminded that in order to maintain the academic integrity of all programs and courses, the university has a zero-tolerance approach to students offering money or significant value goods or services to any staff member who is involved in their teaching or assessment. Students offering lecturers or tutors or professional staff anything more than a small token of appreciation is totally unacceptable, in any circumstances. Staff members are obliged to report all such incidents to their supervisor/manager, who will refer them for action under the university's student’s disciplinary procedures.

The University of Adelaide is committed to regular reviews of the courses and programs it offers to students. The University of Adelaide therefore reserves the right to discontinue or vary programs and courses without notice. Please read the important information contained in the disclaimer.