You need to activate javascript for this site.
Menu Conteúdo Rodapé
  1. Home
  2. Courses
  3. Computer Science and Engineering
  4. Secure Software Systems

Secure Software Systems

Code 11488
Year 1
Semester S2
ECTS Credits 6
Workload PL(30H)/T(30H)
Scientific area Informatics
Entry requirements .
Mode of delivery Face-to-face instruction.
Work placements Not applicable.
Learning outcomes The objectives of this Course Unit are to consolidate the knowledge acquired in the course unit of computer security and to study advanced topics in implementation and engineering of secure software systems. It aims for the development of a critical conscience in the student regarding security problems in data communications and in the software during all of its development phases. At the end of the course unit, the student should be able to: properly implement and integrate modern cryptography mechanisms and protocols; correctly configure security mechanisms in operating systems; identify security issues in software and practices to minimize them, particularly in Web applications; enforce security by design and practice the development of applications with fewer vulnerabilities, based on a more rigorous process of software engineering and on the design of penetration testing.
Syllabus 1. Revision of modern cryptography related concepts and mechanisms.
4. Remote and software Authentication; Zero Knowledge Protocols.
3. Elliptic Curve Cryptography.
4. Protection mechanisms in Operative Systems.
5. Buffer overflow, integer handling vulnerabilities; and race condition vulnerabilities.
6. Security and vulnerabilities in web applications.
7. Input validation and dynamic protection.
8. Attack modeling, designing and auditing software.
9. Static code analysis.
10. Anti-piracy techniques
Main Bibliography 1. Main References
Miguel Pupo Correia and Paulo Jorge Costa, Segurança no Software, FCA - Editora de Informática, pp. 462, 2010.
Serge Vaudenay, A Classical Introduction to Cryptography Applications for Communications Security, Springer, pp. 370, 2005.

2. Secondary References
Thomas Baigneres, Pascal Junod, Yi Lu, Jean Monnerat, Serge Vaudenay, A Classical Introduction to Cryptography Exercise Book, Springer, pp. 254, 2005.
André Zúquete, Segurança em Redes Informáticas, FCA - Editora de Informática, 3ª Ed. (actualizada e aumentada), pp. 432, 2012.
Margaret Cozzens, Steven J. Miller, The Mathematics of Encryption : An Elementary Introduction, American Mathematical Society (AMS), 2013.
Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, Handbook of Applied Cryptography, CRC Press.
Douglas R. Stinson, Cryptography: Theory and Practice, (3nd Ed.) CRC Press. 2005.
Teaching Methodologies and Assessment Criteria The contents of this course unit are discussed in lectures (though interaction is fomented) and the practical part of those contents is explored in laboratory classes. Each type of class has two hours of weekly contact.
The practical classes have lab guides that students perform in the computers of the laboratory. The labs include exercises concerning implementation and integration of cryptographic primitives, as well as security engineering. Moreover, the proposed practical works are designed so that the students develop the techniques described in the objectives of this course unit via the development of secure software systems.
Evaluation is performed resorting to 4 main elements:
- 2 written tests for knowledge evaluation (worth 30% of the final grade each);
- 1 practical test for evaluation of practical procedures in laboratory context (worth 20% of the final grade);
- 1 practical team work with technical report and a presentation (worth 20% of the final grade).
Language Portuguese. Tutorial support is available in English.
Last updated on: 2014-08-07

The cookies used in this website do not collect personal information that helps to identify you. By continuing you agree to the cookie policy.