Sicurezza nelle Applicazioni Software
Security in Software Applications
2° semestre
A.A. 2014-2015
PAGINA AGGIORNATA PERIODICAMENTE
Docente
: Francesco Parisi-Presicce
Studio
: Via Salaria 113, terzo piano,
stanza 342
telefono
06 4991 8512
Email: parisi (AT) di
(DOT) uniroma1 (DOT) it
(include SoftSecurity in Subject )
Orario ricevimento studenti (Office Hours): Mon/Wed after
class
(until 13 June 2015) and by
Appointment
AVVISI
- NEWEST:
The next and final round of exams for students who have submitted all
three
individual projects and the group project will take place, by
appointment, between February 15 and February 19 2016
Sign-up via infostud
- almost NEW:
The next round of exams for students who have submitted all three
individual projects and the group project will take place, by
appointment, between January 19 and January 23 2016
- The additional round of exams, restricted to student workers, 2nd
year
students and par-time students, will take place from November 9 to
November 13 and will be by
appointment only
- The third round of exams will take place from September 14 to
September
18 and
will be by
appointment only
Sign-up via infostud
- DUE
TO A SIMPLE COPYING MISTAKE and CONFLICT with other exams, I AM
FORCED TO
MOVE THE EXAM TO TUESDAY JULY 14
Per errore materiale, questo appello è in conflitto con un altro
mio esame, e sono quindi costretto a spostare l'appello.
Controllare di nuovo la pagina twiki
- The
second round of exams will start on Tuesday July 14 at 3 p.m. and
will be by
appointment
Sign-up via infostud
and also from this
page
- The
first round of exams will start on Wednesday June 10 and will be by
appointment
Sign-up via infostud
and also from this
page
- NO CLASS on Monday May 25
-
The Specification of Project 4 is available HERE
This is a group project
Reports must be submitted by 10 p.m. (ore 22) Saturday
6 June 2015
from
THIS page
- OLD but URGENT :
--
If not done already, send the composition of your group for the 4th and
last project
- almost-NEW:
The Specification of Project 3 is available
This is an individual project
Solutions must be submitted by 10 p.m. (ore 22) Sunday
19 April 2015
from
This page
- no-longer- NEW:
The Specification of Project 2 is available
This is an individual project
Solutions must be submitted by 10 p.m. (ore 22) Tuesday
31 March 2015
from
this page
- Obsolete:
The Specification of Project 1 is available
This is an individual project
Solutions must be submitted by 10 p.m. (ore 22) Sunday 22 March
2015
from
THIS page
- Double lecture on Monday March 2, from 10:30 to 12:00
and
from 12:15 to
13:45
- Students,
who have not done so already, are asked to get an account on
twiki, to be used to submit the results of the individual projets
- The material will not always be available before class
- PRIMA LEZIONE / FIRST LECTURE lunedì 23 febbraio
- Students who attend this course are required to send to the
instructor their email address with which they can be contacted to
access course material (homework, project, slides, etc.)
DESCRIPTION
Theory and practice
of software security, focusing in particular on some common software
security
risks, including buffer overflows, race conditions and random number
generation, and on the identification of potential threats and
vulnerabilities
early in the design cycle. The emphasis is on methodologies and tools
for
identifying and eliminating security vulnerabilities, techniques to
prove the
absence of vulnerabilities, and ways to avoid security holes in new
software,
and on essential guidelines for building secure software: how to design
software with security in mind from the ground up and to integrate
analysis and
risk management throughout the software life cycle.
MODALITÀ
D'ESAME
L'esame consiste in una prova orale, la risoluzione di alcuni problemi
e piccoli progetti assegnati periodicamente durante il corso dal
docente, e (forse:
dipende dalle dimensioni della classe) la
presentazione a lezione e discussione
di un progetto concordato con il
docente. Il progetto può essere sviluppato in gruppi di uno o
due studenti e può riguardare sia aspetti teorici che aspetti
pratici della sicurezza nelle applicazioni.
La consegna delle soluzioni dei problemi e la prova orale sono
individuali.
Se ci sono significativi indizi che portano a credere che il
progetto o le soluzioni consegnati siano stati copiati in tutto o
in parte, il progetto o le soluzioni
è/sono considerati nulli.
The exam will consist of an oral part, the solution of some homework
problems / small projects periodically assigned by the instructor and
possibly
(depending on the size of the class) the presentation in class and
discussion of a project agreed upon with the instructor. The project
could be developed in teams and deal with theoretical aspects or
practical aspects of software security. The solutions to the assigned
problems and the oral examination are *individual* endavours.
Substantial overlap or the indication that they have been "shared" will
make them void and will cause the 'perpetrators' to skip an exam
session.
PREREQUISITI
Non è richiesto il superamento di un corso di sicurezza della
triennale, ma conoscenze di sicurezza sono ovviamente utili.
Si presume che lo studente abbia conoscenze adeguate dei linguaggi C,
Java ed SQL.
An undergraduate security course is not a prerequisite..
Students are expected to have some basic knowledge of the languages C,
Java and SQL