Description
Secure software engineering tools and techniques in practice
Aims
Building upon students’ experience of secure software design from CMP307 and CMP319, this module focusses specifically on secure software engineering tools and techniques, and how they are integrated into the software development lifecycle.
Learning Outcomes
By the end of this module the student should be able to:
1. Explain how secure software engineering practices can be applied as part of the software engineering lifecycle.
2. Describe implementation-level secure software engineering principles and apply these during software development.
3. Critically select and apply appropriate secure software engineering tools within a software project.
Indicative Content
1 Principles of Secure Software Development
The relationship between correctness, security and performance. Defence in depth. Input, output and state validation. Minimal privilege and privilege separation. Secure memory and resource management.
2 Language and API Design for Security
Inherent security problems with widely-used languages, and why people still use them. Undefined behaviour and compiler optimisations. Enforcing security properties using better type systems and language semantics. DSLs for security.
3 Static and Dynamic Analysis
Static analysis tools for conventional code: what they can and can't find. Dynamic analysis of security properties. Formal specification and validation of software behaviour. Formal validation toolchains.
4 Secure Software Engineering
Security within the SDLC. Specifying security requirements. Secure coding standards. Code review for security.
Teaching and Learning Work Loads
| Teaching and Learning Method | Hours |
| Lecture | 8 |
| Tutorial/Seminar | 0 |
| Practical Activity | 48 |
| Assessment | 72 |
| Independent | 72 |
| Total | 200 |
Guidance notes
SCQF Level - The Scottish Credit and Qualifications Framework provides an indication of the complexity of award qualifications and associated learning and operates on an ascending numeric scale from Levels 1-12 with SCQF Level 10 equating to a Scottish undergraduate Honours degree.
Credit Value – The total value of SCQF credits for the module. 20 credits are the equivalent of 10 ECTS credits. A full-time student should normally register for 60 SCQF credits per semester.
Disclaimer
We make every effort to ensure that the information on our website is accurate but it is possible that some changes may occur prior to the academic year of entry. The modules listed in this catalogue are offered subject to availability during academic year 2021/22 , and may be subject to change for future years.
