MWF, 12:00 -12:50 PM CST, BRUN 228, Fall 2021
Akond Rahman, PhD
Office hours: Upon request
Required Textbook: None.
Recommended Textbook:
- Software Security: Building Security In, Gary McGraw, Addison-Wesley.
- Software Engineering at Google: Lessons Learned from Programming Over Time, Hyrum Wright, Titus Winters, and Tom Manshreck, Oreilly.
| Date | Schedule |
|---|---|
| Aug 20 | Introduction |
| Aug 23 | Software Testing: Unit, Integration |
| Aug 25 | Concolic Testing |
| Aug 27 | Software Testing: Workshop |
| Aug 30 | Software Forensics |
| Sep 01 | Software Forensics: Workshop |
| Sep 03 | Project presentation day#1: Elevator pitch |
| Sep 06 | Labor Day: No classes |
| Sep 08 | Static Code Analysis (Programs) |
| Sep 10 | Static Code Analysis (Compilers) |
| Sep 13 | Static Code Analysis: Workshop |
| Sep 15 | Software Fuzzing |
| Sep 17 | Security Requirements Engineering |
| Sep 20 | Security Requirements engineering: Workshop (Online) |
| Sep 22 | Threat Modeling (Online) |
| Sep 24 | Exam#1 |
| Sep 27 | Privacy |
| Sep 29 | Privacy: Workshop |
| Oct 01 | IEEE Secure Software Design (Online) |
| Oct 04 | Guest lecture by Rahul Pandita (Phase Change Software) |
| Oct 06 | Project presentation day#2: Elevator pitch |
| Oct 08 | System Calls for Software Security |
| Oct 11 | Fall Break: No classes |
| Oct 13 | System Calls: Workshop |
| Oct 15 | Access Control |
| Oct 18 | Role-based Access Control |
| Oct 20 | Security for ML Software |
| Oct 22 | Security for ML Software: Workshop |
| Oct 25 | ML for Software Security |
| Oct 27 | Container Security |
| Oct 29 | Container Security |
| Nov 01 | Project presentation day#3: Elevator pitch |
| Nov 03 | Container Security: Workshop |
| Nov 05 | Software Fault Injection and Chaos Engineering |
| Nov 08 | Software Vulnerabilities: Categorization |
| Nov 10 | SSDL & BSIMM |
| Nov 12 | Security Misconfigurations |
| Nov 15 | Project presentation day#4: Elevator pitch |
| Nov 17 | Final Exam |
| Nov 19 | Bonus: Secret Management (Online) |
| Nov 22 | Bonus: Vulnerability Discovery Strategies (Online) |
| Nov 24 | Thanksgiving Break: No classes |
| Nov 26 | Thanksgiving Break: No classes |
| Nov 29 | Bonus: Kubernetes Security Best Practices (Online) |
| Dec 03 | Project report due (Deadline extension!) |
- Exam#1: 20%
- Exam#2: 20%
- Project: 45%
- In-class workshops: 15%
- Project Tasks: 60%
- Final Report: 20%
- Mandatory sections: Introduction, Research Questions, Methodology, Findings, References => 50%
- Report must be in Latex => 25%
- Report must be free of typos and passive voices => 25%
- Code: 10%
- Elevator pitches: 10%
- Your name: 5%
- Name of your team mates: 15%
- What the project is about: 5%
- Eye contact: 25%
- Timely completion: 50% (Must finish in 60 seconds)
- A: 90-100
- B: 80-89
- C: 70–79
- D: 60–69
- F: less than 59
- For the graduate section a team must have at least one and at most two members. For the undergraduate section a team must have at least three and at most four members.
- Project source code must be maintained in Tenn. Tech Gitlab repos (https://gitlab.csc.tntech.edu/).
- Each project update will include updates so far as a Markdown file which will reside in the repo. Instructions on how to run the program must be written in a Markdown file. The required libraries needed to run code should be written.
- Mismatch between reported output and source code results will be inspected. The instructor will download repos, install libraries, and run the code based on the instruction provided in the mentioned Markdown file. For reproducibility students are allowed to use Docker containers.
- Throughout the semester you will be completing 3/4 tasks as part of your individual project. Each of these tasks will have a deadline. If you miss the deadline you will be penalized 5 points allocated for the project for each day of delay.
- For sharing results and demonstrating completion of tasks you will use issues and share screenshots and links of your work. For example, if your task is to find a hard-coded password in source code, you need to share the link of the code where you found the hard-coded password.
- Bring your own laptop for workshops. You can't work with your peer.
- In both exams you are allowed to bring a 1-page, hand-written cheastsheet is allowed, Cheat sheets need to be submitted with exam scripts.
- For workshop save your work in a Tenn. Tech. Gitlab repository (https://gitlab.csc.tntech.edu/).
- If the instructor detects copy-paste in workshops or exams then that will result in direct F for the course.
- All classes are in-person.
- Workshops are in-person as well as take home. Before the start of every workshop I will ask the class on how much time students want, and based on the feedback will determine a due time.
- For workshop and projects, I will determine submission time based on latest commit timestamp as determined by GitLab. For example, if an assignment is due Aug 20, then I will check the lastest commit for your assignment in your repository.
- Regrade requests are allowed. In the case of regrade requests the instructor will inspect entire workshop/project/exam again.
- If you miss the deadline for a workshop you will be penalized 5 points allocated for the workshop for each day of delay.
Students with a disability requiring accommodations should contact the Office of Disability Services (ODS).
An Accommodation Request (AR) should be completed as soon as possible, preferably by the end of the first week of the course.
The ODS is located in the Roaden University Center, Room 112; phone 372-6119.
For details, view the Tennessee Tech’s Policy 340 – Services for Students with Disabilities at Policy Central.
We are diverse in many ways, and this is pivotal to build an inclusive campus community. To me diversity refers to our identities that includes but are not limited to race, color, national origin, language, sex, disability, age, sexual orientation, gender identity, religion, creed, ancestry, belief, veteran status, or genetic information. In this class, we will collaboratively work to promote diversity and inclusion. We acknowledge our imperfections while we also fully commit ourselves for creating a more inclusive environment.
- Get COVID-related updates from this website: https://www.tntech.edu/infullflight/index.php#updates