COMPGS10 - Language Based Security

This database contains the 2017-18 versions of syllabuses. Syllabuses from the 2016-17 session are available here.

Note: Whilst every effort is made to keep the syllabus and assessment records correct, the precise details must be checked with the lecturer(s).

CodeCOMPGS10 (Also taught as COMPM028)
YearMSc
PrerequisitesAn understanding of the basics of programming and software engineering.
Term2
Taught ByDavid Clark (100%)
AimsThe aim of this module is to provide students with specialist knowledge and understanding to solve software related problems associated with the security of software systems.
Learning OutcomesSuccessful completion of this module will provide students with an understanding of the relationship between computer program design and security, how various security-related properties of computer programs are formulated and guaranteed, and in-depth knowledge of a variety of contexts in which understanding can be applied.

Content

The course covers in depth major issues in computer security related to computer programming, in particular it provides a detailed treatment of theory and practice for:

  1. Vulnerabilities and faults
  2. Secure information flow
  3. Semantics based malware detection

Students will be introduced to removal of vulnerabilities of code via fault detection. Topics covered will include Data Flow Analysis, Buffer OVerruns and Fuzz Testing.

The bulk of the course will be devoted to theory and practice of secure inforamtion flow. First sutdents will learn how to use dependence analysis extracted via a slicing tool to do practical information flow control. Subsequently they will be taught some underlying theory and then examine more advanced topics such as flow sensitive type systems, information erasure, declassification and measuring information flow. This will be supported by tools such as JIF, PARAGON, a bounded model checker and the QIF Analyser.

The final part of the course will look at issues in semantics based malware detection, particularly at the limitations of such an approach with respect to semantic decidability and encryption/ packing techniques.

Method of Instruction

Delivery will be via a combination of lectures, problem solving sessions and training on laboratory tools. Students will be given weekly exercises to explore and practice new techniques and tools.

Assessment

The course has the following assessment components:

  • Unseen written examination (2.5 hours, 70%)
  • 2 pieces of coursework (15% each)

To pass the module students must:

  • Obtain an overall pass mark of 50%.

Resources

Reading list available via the UCL Library catalogue.