Spaces:
Sleeping
Sleeping
File size: 16,459 Bytes
48e7c56 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 |
BSc:
====
Contents
--------
* [1 Secure Systems Development](#Secure_Systems_Development)
+ [1.1 Course Characteristics](#Course_Characteristics)
- [1.1.1 Key concepts of the class](#Key_concepts_of_the_class)
- [1.1.2 What is the purpose of this course?](#What_is_the_purpose_of_this_course.3F)
- [1.1.3 Course objectives based on Bloom’s taxonomy](#Course_objectives_based_on_Bloom.E2.80.99s_taxonomy)
- [1.1.4 - What should a student remember at the end of the course?](#-_What_should_a_student_remember_at_the_end_of_the_course.3F)
- [1.1.5 - What should a student be able to understand at the end of the course?](#-_What_should_a_student_be_able_to_understand_at_the_end_of_the_course.3F)
- [1.1.6 - What should a student be able to apply at the end of the course?](#-_What_should_a_student_be_able_to_apply_at_the_end_of_the_course.3F)
- [1.1.7 Course evaluation](#Course_evaluation)
- [1.1.8 Grades range](#Grades_range)
- [1.1.9 Resources and reference material](#Resources_and_reference_material)
+ [1.2 Course Sections](#Course_Sections)
- [1.2.1 Section 1](#Section_1)
* [1.2.1.1 Section title:](#Section_title:)
- [1.2.2 Topics covered in this section:](#Topics_covered_in_this_section:)
- [1.2.3 What forms of evaluation were used to test students’ performance in this section?](#What_forms_of_evaluation_were_used_to_test_students.E2.80.99_performance_in_this_section.3F)
- [1.2.4 Typical questions for ongoing performance evaluation within this section](#Typical_questions_for_ongoing_performance_evaluation_within_this_section)
- [1.2.5 Typical questions for seminar classes (labs) within this section](#Typical_questions_for_seminar_classes_.28labs.29_within_this_section)
- [1.2.6 Test questions for final assessment in this section](#Test_questions_for_final_assessment_in_this_section)
- [1.2.7 Section 2](#Section_2)
* [1.2.7.1 Section title:](#Section_title:_2)
- [1.2.8 Topics covered in this section:](#Topics_covered_in_this_section:_2)
- [1.2.9 What forms of evaluation were used to test students’ performance in this section?](#What_forms_of_evaluation_were_used_to_test_students.E2.80.99_performance_in_this_section.3F_2)
- [1.2.10 Typical questions for ongoing performance evaluation within this section](#Typical_questions_for_ongoing_performance_evaluation_within_this_section_2)
- [1.2.11 Typical questions for seminar classes (labs) within this section](#Typical_questions_for_seminar_classes_.28labs.29_within_this_section_2)
- [1.2.12 Test questions for final assessment in this section](#Test_questions_for_final_assessment_in_this_section_2)
- [1.2.13 Section 3](#Section_3)
* [1.2.13.1 Section title:](#Section_title:_3)
* [1.2.13.2 Topics covered in this section:](#Topics_covered_in_this_section:_3)
- [1.2.14 What forms of evaluation were used to test students’ performance in this section?](#What_forms_of_evaluation_were_used_to_test_students.E2.80.99_performance_in_this_section.3F_3)
- [1.2.15 Typical questions for ongoing performance evaluation within this section](#Typical_questions_for_ongoing_performance_evaluation_within_this_section_3)
* [1.2.15.1 Typical questions for seminar classes (labs) within this section](#Typical_questions_for_seminar_classes_.28labs.29_within_this_section_3)
* [1.2.15.2 Test questions for final assessment in this section](#Test_questions_for_final_assessment_in_this_section_3)
- [1.2.16 Section 4](#Section_4)
* [1.2.16.1 Section title:](#Section_title:_4)
* [1.2.16.2 Topics covered in this section:](#Topics_covered_in_this_section:_4)
- [1.2.17 What forms of evaluation were used to test students’ performance in this section?](#What_forms_of_evaluation_were_used_to_test_students.E2.80.99_performance_in_this_section.3F_4)
- [1.2.18 Typical questions for ongoing performance evaluation within this section](#Typical_questions_for_ongoing_performance_evaluation_within_this_section_4)
* [1.2.18.1 Typical questions for seminar classes (labs) within this section](#Typical_questions_for_seminar_classes_.28labs.29_within_this_section_4)
* [1.2.18.2 Test questions for final assessment in this section](#Test_questions_for_final_assessment_in_this_section_4)
Secure Systems Development
==========================
* **Course name:** Secure Systems Development
* **Course number:** xyz
Course Characteristics
----------------------
### Key concepts of the class
* Identification of security risk, system requirements, and processes
* Design and development of secure systems
* Principles of secure programming
* Secure software development
* Security assurance and evaluation
* Vulnerability and system security analysis
### What is the purpose of this course?
After the fundamentals of computer security are taught to the students, it is essential for cybersecurity students to understand the principles of secure systems development. In a broader term, secure systems development include security aspects in software development, secure programming, threat intelligence, security requirements, risks, and vulnerability analysis. Therefore, this course is aimed at equipping the students with required skills to design and develop secure systems and exercise secure programming practices during development. In essence, this course is at the crossroads of the software engineering and cybersecurity and complements both the fields.
### Course objectives based on Bloom’s taxonomy
### - What should a student remember at the end of the course?
By the end of the course, the students should be able to remember the followings:
* How to identify security risk
* How to exercise secure design and coding
* Understand and demonstrate the steps involved in secure software development
* Perform vulnerability analysis
* Manage and implement security assurance
### - What should a student be able to understand at the end of the course?
By the end of the course, the students should be able to understand the design and basic principles of secure systems development. Furthermore, the student will be able to:
* Understand how to identify security risk
* Demonstrate how to exercise secure design and coding
* Understand and demonstrate the steps involved in secure software development
* Perform vulnerability analysis
* Manage and implement security assurance
* Identify the research and development challenges for a security project and propose/develop relevant solutions
* Use existing frameworks for analysing network traffic, identifying adversaries, and deploy attacks
* Include security, cryptography and access control elements in mobile and web-based applications
### - What should a student be able to apply at the end of the course?
By the end of the course, the students should be able to develop, manage and implement different secure system development techniques that will include:
* Secure software development life-cycle
* Secure coding
* Security and vulnerability analysis and testing
* Risk assessment and management
* Assess the existing products for security and risk
* Develop and design secure systems including software
### Course evaluation
Course grade breakdown
| | | **Proposed points** |
| --- | --- | --- |
| Labs/seminar classes
| 20
| 35
|
| Interim performance assessment
| 30
| 35
|
| Exams
| 50
| 30
|
### Grades range
Course grading range
| | | **Proposed range** |
| --- | --- | --- |
| A. Excellent
| 90-100
| 90-100
|
| B. Good
| 75-89
| 75-89
|
| C. Satisfactory
| 60-74
| 60-74
|
| D. Poor
| 0-59
| 0-59
|
### Resources and reference material
Since the course is multi-dimensional, therefore, there is no single source that will cover all the topics. For reference, the following sources (and their updated versions) might be considered.
* Bishop, M. (2018). Computer Security: Art and Science. Addison-Wesley Professional
* Secure Coding in C and C++, Robert C. Seacord, Addition-wesley
* Software Security - Building Security In, Gary McGraw, Addition-Wesley Software Security Series
* Secure Systems Development with UML – Jan Jurjens
Course Sections
---------------
The main sections of the course and approximate hour distribution between them is as follows:
Course Sections
| **Section** | **Section Title** | **Teaching Hours** |
| --- | --- | --- |
| 1
| Security assessment and Vulnerability analysis
| 16
|
| 2
| Software Security and secure coding
| 16
|
| 3
| Secure software development techniques and frameworks
| 16
|
| 4
| Best practices in secure systems development
| 16
|
### Section 1
#### Section title:
Security assessment and Vulnerability analysis
### Topics covered in this section:
* Security requirements and rationale
* Security assessment
* Penetration testing
* Vulnerability analysis
* Tools and methods
### What forms of evaluation were used to test students’ performance in this section?
|a|c| & **Yes/No**
Development of individual parts of software product code & 1
Homework and group projects & 1
Midterm evaluation & 1
Testing (written or computer based) & 1
Reports & 0
Essays & 0
Oral polls & 0
Discussions & 1
### Typical questions for ongoing performance evaluation within this section
1. How to perform security assessment and which method is used in a particular environment?
2. Why security assessment is essential?
3. What is the role of penetration testing in security assessment and what methods are currently used in the industry?
4. What is the difference between vulnerability and exploit and how a vulnerability can be converted into an exploit?
5. What are the pros and cons of the existing security assessment tools?
### Typical questions for seminar classes (labs) within this section
1. Perform security assessment of an example application and/or service.
2. Use a particular penetration testing method to find vulnerability in an application.
3. Select at least 3 existing industry-grade tools and perform vulnerability assessment of an example application.
4. After using particular tools and methods, document their pros and cons.
### Test questions for final assessment in this section
1. How to perform port scanning and when it is dangerous to do that?
2. Choose any of the security assessment method to use and justify your choice.
3. Can we skip the vulnerability assessment? Yes or No? Justify your answer in detail. What would be the downside of either skipping or not skipping it?
4. How would you covert a vulnerability to an exploit and what are the essential methods to contain an exploit?
5. What are the drawbacks of the existing security assessment tools?
### Section 2
#### Section title:
Software Security and secure coding
### Topics covered in this section:
* Software security
* Security in software development life-cycle
* Software security requirements and testing
* Secure programming
* Best practices in secure coding
### What forms of evaluation were used to test students’ performance in this section?
|a|c| & **Yes/No**
Development of individual parts of software product code & 1
Homework and group projects & 1
Midterm evaluation & 1
Testing (written or computer based) & 1
Reports & 0
Essays & 0
Oral polls & 0
Discussions & 1
### Typical questions for ongoing performance evaluation within this section
1. At which step of software development, security must be considered?
2. What are the principle of software security?
3. What frameworks are proven to be the best for software security and why?
4. What are the principles of secure coding?
5. Explain the pitfalls of secure programming?
6. How the requirements gathering for software can affect software security?
### Typical questions for seminar classes (labs) within this section
1. Given the scenario, document the requirements (both traditional and security)?
2. Explain a scenario where the software development will pose a security risk?
3. Demonstrate non-standard practices in software development that will lead to security issues?
4. What assessment techniques can be used to detect software security issues in earlier stages of the software development?
5. What are the best practices in software development from a security perspective?
### Test questions for final assessment in this section
1. same as above.
### Section 3
#### Section title:
Secure software development techniques and frameworks
#### Topics covered in this section:
* Software security development frameworks
* System security development frameworks
* Security development and design techniques
* Integration of security solutions
### What forms of evaluation were used to test students’ performance in this section?
|a|c| & **Yes/No**
Development of individual parts of software product code & 1
Homework and group projects & 1
Midterm evaluation & 1
Testing (written or computer based) & 1
Reports & 0
Essays & 0
Oral polls & 0
Discussions & 1
### Typical questions for ongoing performance evaluation within this section
1. Explain the existing software security and development frameworks?
2. Given a software development scenario, how to select a particular framework?
3. Does software development method affect the software security? Justify your answer.
4. At which stage of a particular software development method, security is considered?
5. Describe the rationale for security at every step of software development process?
6. What is the difference between software and system security?
7. Can software security techniques be used in system security? Justify your answer.
#### Typical questions for seminar classes (labs) within this section
1. Through secure programming and security frameworks of software, demonstrate the software resilience.
2. Demonstrate the software security (with respect to requirements) at each step of the development process?
3. What are the vulnerabilities and attacks associated with insecure programming practices? Demonstrate.
4. Demonstrate if different programming paradigms have any effect on the software security?
5. Through a proof-of-concept, demonstrate the difference between software and system security.
#### Test questions for final assessment in this section
1. same as above.
### Section 4
#### Section title:
Best practices in secure systems development
#### Topics covered in this section:
* Industrial view on the systems security
* Usage of best practices in software and system security
* Secure development standards
* Role of emerging technologies in secure systems development
* Ongoing secure system development standardization activities
* Existing projects considering secure system development
### What forms of evaluation were used to test students’ performance in this section?
|a|c| & **Yes/No**
Development of individual parts of software product code & 1
Homework and group projects & 1
Midterm evaluation & 1
Testing (written or computer based) & 1
Reports & 0
Essays & 0
Oral polls & 0
Discussions & 1
### Typical questions for ongoing performance evaluation within this section
1. What are the best practices in the industry for secure system development?
2. What are the current issues with the best practices in the industry and what are their limitations?
3. Cross-platform system development might affect the security of the system. Do you agree or not?
4. Briefly explain the standardization efforts in the industry and academia regarding the secure system development?
5. Can we apply the best practices of secure software development in secure system development? Justify your answer.
#### Typical questions for seminar classes (labs) within this section
1. Demonstrate the effectiveness of secure system development best practices.
2. Demonstrate the analysis of using different development platforms on the secure system and software development.
3. What is the role of traditional security mechanisms such as cryptography on the secure system development?
4. With toy examples, demonstrate the attacker perspective and behavior on the (in)secure system development.
5. Analyze the security of a given system by choosing any of the secure development framework?
#### Test questions for final assessment in this section
1. same as above.
|