SECURE PROGRAMMING

CYB5CPR

2019

Credit points: 15

Subject outline

This subject introduces students to the ideals and practices of secure programming. Students begin by learning a procedural language (C), including the C Compiler and pre-processor, functions and program structures, pointers and arrays, structures, input/output and the UNIX interface. Students then learn to identify and analyse common coding practices that lead to security vulnerabilities, such as buffer overflows. Finally, students return to coding, learning to use secure coding techniques and strategies. This subject does not require prior knowledge of computer programming.

SchoolSchool Engineering&Mathematical Sciences

Credit points15

Subject Co-ordinatorKayes Kayes

Available to Study Abroad StudentsNo

Subject year levelYear Level 5 - Masters

Exchange StudentsNo

Subject particulars

Subject rules

Prerequisites Must be admitted into SMCYC or SMCYL or SMCYB or must obtain subject coordinator's approval.

Co-requisitesN/A

Incompatible subjectsN/A

Equivalent subjectsN/A

Special conditionsN/A

Readings

Resource TypeTitleResource RequirementAuthor and YearPublisher
ReadingsSecure Coding in C and C++ (2nd Edition).PrescribedSeacord, R. (2013)Addison Wesley Professional

Graduate capabilities & intended learning outcomes

01. Construct correct solutions to programming problems using algorithms

Activities:
2x2 hour lectures. Students provided with an introduction to the preprocessor, declarations and initialization.

02. Accurately transform algorithms into C code to produce a working program to address simple problems

Activities:
2x2 hour lectures. Students will learn about expressions, and types including integers and floating point numbers, strings, arrays.

03. Analyse syntax and logical errors in C code

Activities:
2x2 hour lectures. Students will learn about to memory management, input and output, and the UNIX environment, including signals.

04. Formulate the output of a given C program

Activities:
2x2 hour lectures. Students will learn about concurrency, debugging, error handling and POSIX.

05. Evaluate security vulnerabilities in C and other languages, including web applications

Activities:
2x2 hour lectures. Students will learn about buffer overflows, integer overflows, memory management vulnerabilities, smashing the stack, control flow redirection, cross-site scripting, SQL injection and heap overflows.

06. Design C code to avoid security problems

Activities:
2x2 hour lectures. Students will learn about preventing security holes, identifying null termination errors, string passing problems, whitelisting, pointer arithmetic, secure library use and construction.

Subject options

Select to view your study options…

Start date between: and    Key dates

Melbourne, 2019, Semester 1, Day

Overview

Online enrolmentYes

Maximum enrolment sizeN/A

Enrolment information

Subject Instance Co-ordinatorKayes Kayes

Class requirements

Lecture Week: 10 - 22
Six 4.0 hours lecture every two weeks on any day including weekend during the day from week 10 to week 22 and delivered via face-to-face.

Computer Laboratory Week: 10 - 22
Six 4.0 hours computer laboratory every two weeks on any day including weekend during the day from week 10 to week 22 and delivered via face-to-face.

Assessments

Assessment elementComments% ILO*
Weekly coding tasks (10 total - 250 words equivalent each, 2500 words in total) 40 01, 02, 03, 04, 05, 06
Written Assignment 1 - Write a client report on secure coding practices (equivalent to 1000 words)Will include the need to be integrated into the software engineering environment to prevent security problems20 05, 06
3 hour in-class examination (2000 words equivalent)Given a complex C programme, identify vulnerabilities and suggest strategies for mitigating these vulnerabilities40 01, 02, 03, 04, 05, 06

Melbourne, 2019, Summer 1, Day

Overview

Online enrolmentNo

Maximum enrolment sizeN/A

Enrolment information

Subject Instance Co-ordinatorKayes Kayes

Class requirements

Lecture Week: 45
Six 4.0 hours lecture every two weeks on any day including weekend during the day in week 45 and delivered via face-to-face.

Computer Laboratory Week: 45
Six 4.0 hours computer laboratory every two weeks on any day including weekend during the day in week 45 and delivered via face-to-face.

Assessments

Assessment elementComments% ILO*
Weekly coding tasks (10 total - 250 words equivalent each, 2500 words in total) 40 01, 02, 03, 04, 05, 06
Written Assignment 1 - Write a client report on secure coding practices (equivalent to 1000 words)Will include the need to be integrated into the software engineering environment to prevent security problems20 05, 06
3 hour in-class examination (2000 words equivalent)Given a complex C programme, identify vulnerabilities and suggest strategies for mitigating these vulnerabilities40 01, 02, 03, 04, 05, 06

Melbourne, 2019, Semester 1, Blended

Overview

Online enrolmentYes

Maximum enrolment sizeN/A

Enrolment information

Subject Instance Co-ordinatorKayes Kayes

Class requirements

Unscheduled Online Class Week: 10 - 22
Twelve 2.0 hours unscheduled online class per study period on weekdays during the day from week 10 to week 22 and delivered via online.
"Consists of online, reading and self-check tests, for self-directed study. All materials will be available asynchronously on the LMS."

Practical Week: 10 - 22
Ten 1.0 hours practical per study period on weekdays during the day from week 10 to week 22 and delivered via blended.
"Synchronous online practical tutorial supported by practical notes and reading material on the LMS."

Practical Week: 10 - 22
Two 7.0 hours practical per study period on weekdays during the day from week 10 to week 22 and delivered via blended.
"A compulsory practical workshop of 2 days at the end of the semester will be offered for all off campus students."

Assessments

Assessment elementComments% ILO*
Weekly coding tasks (10 total - 250 words equivalent each, 2500 words in total) 40 01, 02, 03, 04, 05, 06
Written Assignment 1 - Write a client report on secure coding practices (equivalent to 1000 words)Will include the need to be integrated into the software engineering environment to prevent security problems20 05, 06
3 hour in-class examination (2000 words equivalent)Given a complex C programme, identify vulnerabilities and suggest strategies for mitigating these vulnerabilities40 01, 02, 03, 04, 05, 06

Melbourne, 2019, Summer 1, Blended

Overview

Online enrolmentNo

Maximum enrolment sizeN/A

Enrolment information

Subject Instance Co-ordinatorKayes Kayes

Class requirements

Unscheduled Online Class Week: 45
Twelve 2.0 hours unscheduled online class per study period on weekdays during the day in week 45 and delivered via online.
"Consists of online readings, resources and self-check tests, for self-directed study. All materials will be available asynchronously on the LMS."

Practical Week: 45
Ten 1.0 hours practical per study period on weekdays during the day in week 45 and delivered via blended.
"Synchronous online practical tutorial supported by practical notes and reading material on the LMS."

Practical Week: 45
Two 7.0 hours practical per study period on weekdays during the day in week 45 and delivered via face-to-face.
"A compulsory practical workshop of 2 days at the end of the semester will be offered for all off campus students."

Assessments

Assessment elementComments% ILO*
Weekly coding tasks (10 total - 250 words equivalent each, 2500 words in total) 40 01, 02, 03, 04, 05, 06
Written Assignment 1 - Write a client report on secure coding practices (equivalent to 1000 words)Will include the need to be integrated into the software engineering environment to prevent security problems20 05, 06
3 hour in-class examination (2000 words equivalent)Given a complex C programme, identify vulnerabilities and suggest strategies for mitigating these vulnerabilities40 01, 02, 03, 04, 05, 06