TU Delft
Year
NEDERLANDSENGLISH
Organization
Education Type
Education print this page print this page     
2017/2018 Electrical Engineering, Mathematics and Computer Science Master Computer Science
CS4106
Dynamic and Static Program Analysis for Software Security
ECTS: 5
Responsible Instructor
Name E-mail
Dr. S.T. Erdweg    S.T.Erdweg@tudelft.nl
Prof.dr. E. Visser    E.Visser@tudelft.nl
Contact Hours / Week x/x/x/x
0/4/0/0 lecture + lab
Education Period
2
Start Education
2
Exam Period
2
3
Course Language
English
Course Contents
Motivation:
Security vulnerabilities often arise due to programming errors in the source code of an application. Recent programming errors with severe security implications include Heartbleed (buffer over-read), Shellshock (code injection), and goto-fail (ill-formated code). Programming languages can help developers to prevent programming errors like these by defining coding principles and detecting violations of those principles through dynamic and static code analysis. Such language-based countermeasures relieve software developers of part of the burden of ensuring software security. But how to select and apply language-based countermeasures?


Synopsis:
This course studies dynamic and static code analysis techniques as language-based countermeasures to security vulnerabilities. In particular, we will investigate and compare the trade-offs of the following countermeasures:

- Dynamic analysis: Run-time monitoring
- Dynamic analysis: Compile-time instrumentation
- Static analysis: Type systems
- Static analysis: Data-flow analysis
- Static analysis: Abstract interpretation

To facilitate a precise study and comparison, we will define the above techniques formally in class. To facilitate student experimentation and exploration of trade-offs, students will implement the above techniques in homework assignments.
Study Goals
Students are able to:

- Describe the nature of security vulnerabilities in software systems.
- Explain different language-based countermeasures to security vulnerabilities and compare their respective trade-offs.
- Formally define variations of the dynamic and static analyses discussed in class.
- Contrast programming languages based on the set of countermeasures they provide.
Education Method
Lectures + lab assignments + reading assignments
Assessment
Homework assignments and oral or written exam
Tags
Programming
Programming concepts
Programming Software
Software
Software Engineering