Designing and Coding Secure Systems
Links from the class materials and other supplemental information, grouped by chapter:
Chapter 1: Introduction
Chapter 2: Designing and coding secure programs
Links from the text:
Chapter 3: Threat models and risk management
Links from the text:
Chapter 4: Security and the software development life cycle
Links from the text:
- NIST SP 800-64
- Standards for Security Categorization of Federal Information and Information Systems is FIPS 199
- Secure Software Development Life Cycle Processes by Noopur Davis
- The emperor's old clothes by Charles Antony Richard Hoare
- Misuse and Abuse Cases: Getting Past the Positive by Paco Hope and Gary McGraw
- WEP insecurity
- The TI transponder cracking
- Info about the TCP design issues and security
- ``The Code Red Worm'' by Hal Berghel, Communications of the ACM, vol 44, no 12, December, 2001
- CERT Vulnerability Note VU#684820
- Lecture notes for Introduction to Security---Fall '05 by Steve Bellovin
- CERT Secure Coding Standards
- Validating C and C++ for Safety and Security: A structured approach to manual code review
- Nimda information from ``All public hospitals in Gothenburg Sweden crippled by Nimda'' by Peter Hakanson, Forum on Risks to the Public in Computers and Related Systems, ACM Committee on Computers and Public Policy, vol 21, no 67, October, 2001
- Morris worm information
- Inside the Slammer worm by Moore et al.
- Misplaced Trust: Kerberos 4 Session Keys in Proceedings of the 1997 Symposium on Network and Distributed System Security
- CERT Vulnerability Note VU#623217
- What Do We Know about Agile Software Development? by Dybaand Dings\oyr
- ``A Trend Analysis of Exploitations'' by Hilary K. Browne, John McHugh, William A. Arbaugh, and William L. Fithen, University of Maryland CS department technical report CS-TR-4200 and UMIACS-TR-2000-76
- ``Windows of Vulnerability: A Case Study Analysis'' by William A. Arbaugh, William L. Fithen, and John McHugh, in IEEE Computer Volume: 33, Number: 12, Pages: 52--59
Chapter 5: Input validation and representation
Links from the text:
Chapter 6: Fail securely
Links from the text:
Chapter 7: Logging
Links from the text:
Chapter 8: State and the web
Links from the text:
Chapter 9: Code reviews (auditing) for security
Links from the text:
Chapter 10: Software testing for security
Links from the text:
Chapter 11: Defense in depth
Links from the text:
Chapter 12: Least privilege
Links from the text:
Chapter 13: Compartmentalization
Links from the text:
Chapter 14: Erasing data
Links from the text:
Chapter 15: Race conditions
Links from the text:
Chapter 16: Cryptography Fundamentals
Links from the text:
Chapter 17: Using Cryptography
Links from the text:
Chapter 18: Authentication
Links from the text:
Additional links, not from the course text, or, software needed for the chapter:
OWASPGuide2.0.1.pdf (Local copy)
Chapter 19: Research directions
Chapter 20: Final lab
SkillBridge Training
Examples from the class notes (or,
all as one file).
Selected Solutions from the class notes (no
looking until you have solved the problems!). Note that all solutions
are in an appendix of your course book.
All solutions in a compressed tar file.
Evaluation form (if needed)