Sicurezza nelle Applicazioni Software
2° semestre
A.A. 2013-2014
Corso offerto per
la prima volta
PAGINA AGGIORNATA PERIODICAMENTE
Docente
: Francesco Parisi-Presicce
Studio
: Via Salaria 113, terzo piano,
stanza 342
telefono
06 4991 8512
Email: parisi (AT) di
(DOT) uniroma1 (DOT) it
(inserire nel Subject SoftSec)
Orario ricevimento studenti: Mon/Tue after class
(until 15 giugno 2014) and by
Appointment
AVVISI
- NEW:
The fifth round of exams for this course will take place during the
first week of February 2015. You must have submitted
the three projects to take
the oral part of the exam. Contact the Instructor for the exact time
and place
- The fourth round of exams for this course will take place during
the
last week of the month of January 2015. You must have submitted
the three projects to take
the oral part of the exam. Contact the Instructor for the exact time
and place
- The third round of exams for this course will take place on
Tuesday
September 9. You must have submitted the three projects to take
the oral part of the exam. Contact the Instructor for the exact time
and place
- The
second round of exams for this course will start on Friday July 11
and
continue the following week
Prenotarsi tramite infostud
Sign up also from this
page
- Exams
will start on Monday June 23 and end no later than Friday June
27.
Prenotarsi tramite infostud
Prenotarsi anche presso questa
pagina
- The Specification of Project 3 is available
/span>
This is a group project
Reports must be submitted by 10 p.m. (ore 22) Sunday
15 June 2014 from
this page
-
The Specification of Project 2 is available
This is an individual project
Solutions must be submitted extended by 10 p.m. (ore 22) Friday
9 May 2014
from
this page
-
The Specification of Project 1 is available
This is an individual project
Solutions must be submitted by 10 p.m. (ore 22) Saturday 26 April
2014
from
THIS page
- New
- Attenzione:
Office hours in person suspended until April 30
I will be reachable by email as usual.
- Students,
who have not done so yet, are asked to get an account on
twiki, to be used to submit the results of the two individual projets
- Since this course is being offered for the first time, the
material
will not always be available before class
- PRIMA LEZIONE mercoledì 5 marzo
- Students who attend this course are required to send to the
instructor their email address with which they can be contacted to
access course material (homework, project, slides, etc.)
DESCRIPTION
Theory and practice
of software security, focusing in particular on some common software
security
risks, including buffer overflows, race conditions and random number
generation, and on the identification of potential threats and
vulnerabilities
early in the design cycle. The emphasis is on methodologies and tools
for
identifying and eliminating security vulnerabilities, techniques to
prove the
absence of vulnerabilities, and ways to avoid security holes in new
software,
and on essential guidelines for building secure software: how to design
software with security in mind from the ground up and to integrate
analysis and
risk management throughout the software life cycle.
MODALITÀ
D'ESAME
L'esame consiste in una prova orale, la risoluzione di alcuni problemi
e piccolo progetti assegnati periodicamente durante il corso dal
docente, e (forse:
dipende dalle dimensioni della classe) la
presentazione a lezione e discussione
di un progetto concordato con il
docente. Il progetto può essere sviluppato in gruppi di uno o
due studenti e può riguardare sia aspetti teorici che aspetti
pratici della sicurezza nelle applicazioni.
La consegna delle soluzioni dei problemi e la prova orale sono
individuali.
Se ci sono significativi indizi che portano a credere che il
progetto o le soluzioni consegnati siano stati copiati in tutto o
in parte, il progetto o le soluzioni
è/sono considerati nulli.
The exam will consist of an oral part, the solution of some homework
problems / small projects periodically assigned by the instructor and
possibly
(depending on the size of the class) the presentation in class and
discussion of a project agreed upon with the instructor. The project
could be developed in teams and deal with theoretical aspects or
practical aspects of software security. The solutions to the assigned
problems and the oral examination are *individual* endavours.
Substantial overlap or the indication that they have been "shared" will
make them void and will cause the 'perpetrators' to skip an exam
session.
PREREQUISITI
Non è richiesto il superamento di un corso di sicurezza della
triennale, ma conoscenze di sicurezza sono ovviamente utili.
Si presume che lo studente abbia conoscenze adeguate dei linguaggi C,
Java ed SQL.
A previous security course is not required.
Students are expected to have some basic knowledge of the languages C,
Java and SQL