Search programme

​Use the search function to search amongst programmes at Chalmers. The study programme and the study programme syllabus relating to your studies are generally from the academic year you began your studies.

Syllabus for

Academic year
TDA600 - Language-based security
 
Owner: TDATA
4,0 Credits (ECTS 6)
Grading: TH - Five, Four, Three, Not passed
Level: D
Department: 37 - COMPUTER SCIENCE AND ENGINEERING


Teaching language: English
Minimum participants: 12

Course module   Credit distribution   Examination dates
Sp1 Sp2 Sp3 Sp4 No Sp
0104 Design exercise + laboratory 4,0c Grading: TH   4,0c    
0204 Laboratory 0,0c Grading: UG   0,0c    

In programs

TITEA SOFTWARE ENGINEERING, Year 4 (elective)
TITEA SOFTWARE ENGINEERING, Year 3 (elective)
DCMAS MSc PROGR IN DEPENDABLE COMPUTER SYSTEMS - Dependable Architectures, Year 1 (elective)
DCMAS MSc PROGR IN DEPENDABLE COMPUTER SYSTEMS - Dependable Programming, Year 1 
TDATA COMPUTER SCIENCE AND ENGINEERING - Computer security, Year 4 (compulsory)

Examiner:

Professor  Andrei Sabelfeld



Eligibility:

For single subject courses within Chalmers programmes the same eligibility requirements apply, as to the programme(s) that the course is part of.

Course specific prerequisites

Knowledge of the material covered in the courses Programming Languages and Computer Security.

Aim

Traditionally, computer security has been largely enforced at the level of operating systems. However, as operating systems grow in size and complexity, it is becoming increasingly difficult to handle security. Consequently, modern attacks often succeed at circumventing operating-system security mechanisms. Furthermore, while operating-system security policies are low-level (such as access control policies, protecting particular files), many attacks are high-level, or application-level (such as email worms that pass by access controls pretending to be executed on behalf of a mailer application).

This key to defending against application-level attacks is application-level security. Because applications are typically specified and implemented in programming languages, this area is generally known as language-based security. A direct benefit of language-based security is the ability to naturally express security policies and enforcement mechanisms using the developed techniques of programming languages.

Goal

The goal of this course is understanding the principles behind application-level attacks (such as Trojan horses, worms, buffer overrun attacks, exploit attacks, covert channels, and malicious code) and language-based protection mechanisms (such as static security analysis, program transformation, and stack inspection).

Content

This course combines practical and cutting-edge research material. For the latter part, the course's particular emphasis is on the use of formal, or semantic, models of program behavior for specifying and enforcing security properties. Previous knowledge of semantics, automata, and compiler construction is helpful (although not required as a prerequisite). Courses on Programming Languages and Computer Security (or equivalent background) are prerequisites.

Organisation

The course consists of lectures, group meetings and project presentations.

Literature

The literature mainly consists of research articles on the topic. Besides, the following book will be used for additional reading:

*Building Secure Software: How to Avoid Security Problems the Right Way, John Viega, Gary McGraw, 2001.

Examination

In order to pass the course, the students must complete programming projects and/or produce a survey/position paper.


Published: Mon 28 Nov 2016.