Secure Software Design
A.Y. 2021/2022
Learning objectives
The course presents principles, processes and techniques for the design and the analysis of software applications, with specific emphasis on secure aspects.
Expected learning outcomes
Students will be able to plan the development of software projects having security aspects. They will have skills on modeling software requirements, developing code from models and performing code testing.
Lesson period: First semester
Assessment methods: Esame
Assessment result: voto verbalizzato in trentesimi
Single course
This course cannot be attended as a single course. Please check our list of single courses to find the ones available for enrolment.
Course syllabus and organization
Single session
Responsible
Lesson period
First semester
More specific information on the delivery modes of training activities for the academic year 2021-22will be provided over the coming months, based on the evolution of the public health situation.
The entire teaching material of the course is available on the following Ariel site.
Link: http://ericcobenepss.ariel.ctu.unimi.it/
The entire teaching material of the course is available on the following Ariel site.
Link: http://ericcobenepss.ariel.ctu.unimi.it/
Course syllabus
1. SOFTWARE SECURITY. Software properties. Properties of secure software. Software life cycle: software development steps, life cycle models.
Security in the software life cycle. The vulnerability cycle. Design-level attacks. Implementation-level attacks. Operations-level attacks.
2. SECURITY ARCHITECTURE. Principles of security architecture. Security architecture guide lines. Criteria for selecting secure technologies The
Java sandbox case study.
3. DESIGN OF SECURE SOFTWARE. Properties of secure software models. Specification methods. Finite state machines. Communicating Machines.
UML state machines. Design by contract. Il Java Modeling Language tool.
4. IMPLEMENTATION. Good and bad implementation practices. Security level of programming languages. Security violations in C code. Secure C
code. An introduction to the Java Language. From models to code: finite state machines in Java.
5. TESTING. The testing activity within the software life cycle. Kinds of testing. Validation and verification techniques. Testing limits. Programbased
testing. Program flow chart. Statement coverage, branch coverage, decision and condition coverage. MCC and MCDC methods. Tools Emma
and JUnit.
Program of the lab actities:
- Java programming language.
- Design contract specification in Java Modeling Language.
- Unit Testing of Java code
- Code coverage
Security in the software life cycle. The vulnerability cycle. Design-level attacks. Implementation-level attacks. Operations-level attacks.
2. SECURITY ARCHITECTURE. Principles of security architecture. Security architecture guide lines. Criteria for selecting secure technologies The
Java sandbox case study.
3. DESIGN OF SECURE SOFTWARE. Properties of secure software models. Specification methods. Finite state machines. Communicating Machines.
UML state machines. Design by contract. Il Java Modeling Language tool.
4. IMPLEMENTATION. Good and bad implementation practices. Security level of programming languages. Security violations in C code. Secure C
code. An introduction to the Java Language. From models to code: finite state machines in Java.
5. TESTING. The testing activity within the software life cycle. Kinds of testing. Validation and verification techniques. Testing limits. Programbased
testing. Program flow chart. Statement coverage, branch coverage, decision and condition coverage. MCC and MCDC methods. Tools Emma
and JUnit.
Program of the lab actities:
- Java programming language.
- Design contract specification in Java Modeling Language.
- Unit Testing of Java code
- Code coverage
Prerequisites for admission
Skills acquired in the courses of Computer Programming and Security in web and mobile systems are fundamental for this course. Passing these
exams is strongly recommended.
exams is strongly recommended.
Teaching methods
Lessons and laboratory activities
Attending the teaching activities is strongly recommended
Attending the teaching activities is strongly recommended
Teaching Resources
· Mark G. Graff, Kenneth R. van Wyk. Secure Coding: Principles and Practices. O'Reilly, 2003.
· Ghezzi Carlo, Jazayeri Mehdi, Mandrioli Dino. Ingegneria del software. Fondamenti e principi. Pearson Education Italia, 2004, 2ª ed.
· Glenford J. Myers, Corey Sandler, Tom Badgett, Todd M. Thomas. The Art of Software Testing. John Wiley & Sons; 2 edition, 2004.
Per la parte di laboratorio:
- G. Pighizzini, M. Ferrari. Dai fondamenti agli oggetti - Corso di Programmazione Java. Quarta Edizione. Pearson Education, 2015
- Cay S. Horstmann, ʺConcetti di informatica e fondamenti di Javaʺ, sesta edizione, Apogeo 2016
Web Site: http://ericcobenepss.ariel.ctu.unimi.it/
· Ghezzi Carlo, Jazayeri Mehdi, Mandrioli Dino. Ingegneria del software. Fondamenti e principi. Pearson Education Italia, 2004, 2ª ed.
· Glenford J. Myers, Corey Sandler, Tom Badgett, Todd M. Thomas. The Art of Software Testing. John Wiley & Sons; 2 edition, 2004.
Per la parte di laboratorio:
- G. Pighizzini, M. Ferrari. Dai fondamenti agli oggetti - Corso di Programmazione Java. Quarta Edizione. Pearson Education, 2015
- Cay S. Horstmann, ʺConcetti di informatica e fondamenti di Javaʺ, sesta edizione, Apogeo 2016
Web Site: http://ericcobenepss.ariel.ctu.unimi.it/
Assessment methods and Criteria
The exam consists of a written test and a practical test, both mandatory and both lasting two hours. The written test aims to verify the student's
knowledge of the theoretical aspects of the course (through open-ended questions and / or exercises). The practical test (to be done in the lab)
aims to ascertain the student's skills on some software tools for the definition of contracts and the validation of Java code. The written test is
evaluated in twentieths, the laboratory test in tenths and the overall mark consists of the sum of the two assessments.
knowledge of the theoretical aspects of the course (through open-ended questions and / or exercises). The practical test (to be done in the lab)
aims to ascertain the student's skills on some software tools for the definition of contracts and the validation of Java code. The written test is
evaluated in twentieths, the laboratory test in tenths and the overall mark consists of the sum of the two assessments.
Unita' didattica laboratorio
INF/01 - INFORMATICS - University credits: 1.5
Laboratories: 24 hours
Professor:
Ciriani Valentina
Unita' didattica lezioni
INF/01 - INFORMATICS - University credits: 4.5
Lessons: 36 hours
Professor:
Riccobene Elvinia Maria
Professor(s)
Reception:
By appointment only
Dipartimento di Informatica - Via Celoria 18 - 20135 - Milano (MI)