Secure Software Systems

Code	11488
Year	1
Semester	S2
ECTS Credits	6
Workload	PL(30H)/T(30H)
Scientific area	Informatics
Entry requirements	.
Mode of delivery	Face-to-face instruction.
Work placements	Not applicable.
Learning outcomes	The objectives of this Course Unit are to consolidate the knowledge acquired in the course unit of computer security and to study advanced topics in implementation and engineering of secure software systems. It aims for the development of a critical conscience in the student regarding security problems in data communications and in the software during all of its development phases. At the end of the course unit, the student should be able to: properly implement and integrate modern cryptography mechanisms and protocols; correctly configure security mechanisms in operating systems; identify security issues in software and practices to minimize them, particularly in Web applications; enforce security by design and practice the development of applications with fewer vulnerabilities, based on a more rigorous process of software engineering and on the design of penetration testing.
Syllabus	1. Revision of modern cryptography related concepts and mechanisms. 4. Remote and software Authentication; Zero Knowledge Protocols. 3. Elliptic Curve Cryptography. 4. Protection mechanisms in Operative Systems. 5. Buffer overflow, integer handling vulnerabilities; and race condition vulnerabilities. 6. Security and vulnerabilities in web applications. 7. Input validation and dynamic protection. 8. Attack modeling, designing and auditing software. 9. Static code analysis. 10. Anti-piracy techniques
Main Bibliography	1. Main References Miguel Pupo Correia and Paulo Jorge Costa, Segurança no Software, FCA - Editora de Informática, pp. 462, 2010. Serge Vaudenay, A Classical Introduction to Cryptography Applications for Communications Security, Springer, pp. 370, 2005. 2. Secondary References Thomas Baigneres, Pascal Junod, Yi Lu, Jean Monnerat, Serge Vaudenay, A Classical Introduction to Cryptography Exercise Book, Springer, pp. 254, 2005. André Zúquete, Segurança em Redes Informáticas, FCA - Editora de Informática, 3ª Ed. (actualizada e aumentada), pp. 432, 2012. Margaret Cozzens, Steven J. Miller, The Mathematics of Encryption : An Elementary Introduction, American Mathematical Society (AMS), 2013. Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, Handbook of Applied Cryptography, CRC Press. Douglas R. Stinson, Cryptography: Theory and Practice, (3nd Ed.) CRC Press. 2005.
Language	Portuguese. Tutorial support is available in English.