cyb5cpr secure programming
SECURE PROGRAMMING
CYB5CPR
2019
Credit points: 15
Subject outline
This subject introduces students to the ideals and practices of secure programming. Students begin by learning a procedural language (C), including the C Compiler and pre-processor, functions and program structures, pointers and arrays, structures, input/output and the UNIX interface. Students then learn to identify and analyse common coding practices that lead to security vulnerabilities, such as buffer overflows. Finally, students return to coding, learning to use secure coding techniques and strategies. This subject does not require prior knowledge of computer programming.
SchoolSchool Engineering&Mathematical Sciences
Credit points15
Subject Co-ordinatorKayes Kayes
Available to Study Abroad StudentsNo
Subject year levelYear Level 5 - Masters
Exchange StudentsNo
Subject particulars
Subject rules
Prerequisites Must be admitted into SMCYC or SMCYL or SMCYB or must obtain subject coordinator's approval.
Co-requisitesN/A
Incompatible subjectsN/A
Equivalent subjectsN/A
Special conditionsN/A
Learning resources
Readings
| Resource Type | Title | Resource Requirement | Author and Year | Publisher |
|---|---|---|---|---|
| Readings | Secure Coding in C and C++ (2nd Edition). | Prescribed | Seacord, R. (2013) | Addison Wesley Professional |
Graduate capabilities & intended learning outcomes
01. Construct correct solutions to programming problems using algorithms
- Activities:
- 2x2 hour lectures. Students provided with an introduction to the preprocessor, declarations and initialization.
02. Accurately transform algorithms into C code to produce a working program to address simple problems
- Activities:
- 2x2 hour lectures. Students will learn about expressions, and types including integers and floating point numbers, strings, arrays.
03. Analyse syntax and logical errors in C code
- Activities:
- 2x2 hour lectures. Students will learn about to memory management, input and output, and the UNIX environment, including signals.
04. Formulate the output of a given C program
- Activities:
- 2x2 hour lectures. Students will learn about concurrency, debugging, error handling and POSIX.
05. Evaluate security vulnerabilities in C and other languages, including web applications
- Activities:
- 2x2 hour lectures. Students will learn about buffer overflows, integer overflows, memory management vulnerabilities, smashing the stack, control flow redirection, cross-site scripting, SQL injection and heap overflows.
06. Design C code to avoid security problems
- Activities:
- 2x2 hour lectures. Students will learn about preventing security holes, identifying null termination errors, string passing problems, whitelisting, pointer arithmetic, secure library use and construction.
Subject options
Select to view your study options…
Melbourne, 2019, Semester 1, Day
Overview
Online enrolmentYes
Maximum enrolment sizeN/A
Enrolment information
Subject Instance Co-ordinatorKayes Kayes
Class requirements
LectureWeek: 10 - 22
Six 4.0 hours lecture every two weeks on any day including weekend during the day from week 10 to week 22 and delivered via face-to-face.
Computer LaboratoryWeek: 10 - 22
Six 4.0 hours computer laboratory every two weeks on any day including weekend during the day from week 10 to week 22 and delivered via face-to-face.
Assessments
| Assessment element | Comments | % | ILO* |
|---|---|---|---|
| Weekly coding tasks (10 total - 250 words equivalent each, 2500 words in total) | 40 | 01, 02, 03, 04, 05, 06 | |
| Written Assignment 1 - Write a client report on secure coding practices (equivalent to 1000 words) | Will include the need to be integrated into the software engineering environment to prevent security problems | 20 | 05, 06 |
| 3 hour in-class examination (2000 words equivalent) | Given a complex C programme, identify vulnerabilities and suggest strategies for mitigating these vulnerabilities | 40 | 01, 02, 03, 04, 05, 06 |
Melbourne, 2019, Summer, Day
Overview
Online enrolmentNo
Maximum enrolment sizeN/A
Enrolment information
Subject Instance Co-ordinatorKayes Kayes
Class requirements
LectureWeek: 45
Six 4.0 hours lecture every two weeks on any day including weekend during the day in week 45 and delivered via face-to-face.
Computer LaboratoryWeek: 45
Six 4.0 hours computer laboratory every two weeks on any day including weekend during the day in week 45 and delivered via face-to-face.
Assessments
| Assessment element | Comments | % | ILO* |
|---|---|---|---|
| Weekly coding tasks (10 total - 250 words equivalent each, 2500 words in total) | 40 | 01, 02, 03, 04, 05, 06 | |
| Written Assignment 1 - Write a client report on secure coding practices (equivalent to 1000 words) | Will include the need to be integrated into the software engineering environment to prevent security problems | 20 | 05, 06 |
| 3 hour in-class examination (2000 words equivalent) | Given a complex C programme, identify vulnerabilities and suggest strategies for mitigating these vulnerabilities | 40 | 01, 02, 03, 04, 05, 06 |
Melbourne, 2019, Semester 1, Blended
Overview
Online enrolmentYes
Maximum enrolment sizeN/A
Enrolment information
Subject Instance Co-ordinatorKayes Kayes
Class requirements
Unscheduled Online ClassWeek: 10 - 22
Twelve 2.0 hours unscheduled online class per study period on weekdays during the day from week 10 to week 22 and delivered via online.
"Consists of online, reading and self-check tests, for self-directed study. All materials will be available asynchronously on the LMS."
PracticalWeek: 10 - 22
Ten 1.0 hours practical per study period on weekdays during the day from week 10 to week 22 and delivered via blended.
"Synchronous online practical tutorial supported by practical notes and reading material on the LMS."
PracticalWeek: 10 - 22
Two 7.0 hours practical per study period on weekdays during the day from week 10 to week 22 and delivered via blended.
"A compulsory practical workshop of 2 days at the end of the semester will be offered for all off campus students."
Assessments
| Assessment element | Comments | % | ILO* |
|---|---|---|---|
| Weekly coding tasks (10 total - 250 words equivalent each, 2500 words in total) | 40 | 01, 02, 03, 04, 05, 06 | |
| Written Assignment 1 - Write a client report on secure coding practices (equivalent to 1000 words) | Will include the need to be integrated into the software engineering environment to prevent security problems | 20 | 05, 06 |
| 3 hour in-class examination (2000 words equivalent) | Given a complex C programme, identify vulnerabilities and suggest strategies for mitigating these vulnerabilities | 40 | 01, 02, 03, 04, 05, 06 |
Melbourne, 2019, Summer, Blended
Overview
Online enrolmentNo
Maximum enrolment sizeN/A
Enrolment information
Subject Instance Co-ordinatorKayes Kayes
Class requirements
Unscheduled Online ClassWeek: 45
Twelve 2.0 hours unscheduled online class per study period on weekdays during the day in week 45 and delivered via online.
"Consists of online readings, resources and self-check tests, for self-directed study. All materials will be available asynchronously on the LMS."
PracticalWeek: 45
Ten 1.0 hours practical per study period on weekdays during the day in week 45 and delivered via blended.
"Synchronous online practical tutorial supported by practical notes and reading material on the LMS."
PracticalWeek: 45
Two 7.0 hours practical per study period on weekdays during the day in week 45 and delivered via face-to-face.
"A compulsory practical workshop of 2 days at the end of the semester will be offered for all off campus students."
Assessments
| Assessment element | Comments | % | ILO* |
|---|---|---|---|
| Weekly coding tasks (10 total - 250 words equivalent each, 2500 words in total) | 40 | 01, 02, 03, 04, 05, 06 | |
| Written Assignment 1 - Write a client report on secure coding practices (equivalent to 1000 words) | Will include the need to be integrated into the software engineering environment to prevent security problems | 20 | 05, 06 |
| 3 hour in-class examination (2000 words equivalent) | Given a complex C programme, identify vulnerabilities and suggest strategies for mitigating these vulnerabilities | 40 | 01, 02, 03, 04, 05, 06 |