COMPM028 - Language Based Security

This database contains 2016-17 versions of the syllabuses. For current versions please see here.

CodeCOMPM028 (Also taught as: COMPGS10)
Year4
PrerequisitesAn understanding of the basics of programming and software engineering.
Term2
Taught ByDavid Clark (50%)

Jens Krinke(50%)

AimsThe aim of this module is to provide students with specialist knowledge and understanding to solve software related problems associated with the security of software systems.
Learning OutcomesSuccessful completion of this module will provide students with an understanding of the relationship between computer program design and security, how various security-related properties of computer programs are formulated and guaranteed, and in-depth knowledge of a variety of contexts in which understanding can be applied.

Content:

The course covers in depth major issues in computer security related to computer programming, in particular it provides a detailed treatment of theory and practice for:

  1. Vulnerabilities and faults
  2. Secure information flow
  3. Semantics based malware detection

Students will be introduced to removal of vulnerabilities of code via fault detection. Topics covered will include Data Flow Analysis, Buffer Overruns and Fuzz Testing.

The bulk of the course will be devoted to theory and practice of secure information flow. First students will learn how to use dependence analysis extracted via a slicing tool to do practical information flow control. Subsequently they will be taught some underlying theory and then examine more advanced topics such as flow sensitive type systems, information erasure, declassification and measuring information flow. This will be supported by tools such as JIF, PARAGON, a bounded model checker and the QIF Analyser.

The final part of the course will look at issues in semantics based malware detection, particularly at the limitations of such an approach with respect to semantic decidability and encryption/ packing techniques.

Method of Instruction:

Delivery will be via a combination of lectures, problem solving sessions and traning on laboratory tools. Students will be given weekly exercises to explore and practice new techniques and tools.

Assessment:

The course has the following assessment components:

  • Unseen written examination (2.5 hours, 70%)
  • 2 pieces of coursework (15% each)

To pass the module students must:

  • Obtain an overall pass mark of 50%
  • Obtain a minimum mark of 40% in each component worth ≥ 30% of the module as a whole.

Resources:

Supplied via Moodle