Secure software design
MTAT.03.246 Secure software design
MTAT.03.247 Secure software design: Project work
Lectures: Fridays 16:15, J. Liivi 2 - 404
Contact: margus at cyber.ee
- Introductory lecture
- Security analysis
- Human factors and security
- Authenticating people and computers
- Strategies for secure software development
- Internet voting in Estonia
- Strategies for secure software development; developing security protocols
- PKI and digital signatures
- PKI and digital signatures, part 2
- Case study: Estonian x-road
- Security of online games
- Economics of Software Security
- Development Process for Secure Software
- May 27th -- project presentation (10-15 minutes)
- June 20th -- written report
The exam is a written exam. Use of written materials is allowed. The exam questions are based on lectures and mandatory reading material. The exam tries to measure knowledge about main principles/technologies/classes of attack and ability to apply these principles for specific examples.
- May 30th 10:00, J. Liivi 2, room 122
- June 10th 10:00, J. Liivi 2, room 206
Mandatory (examinable) reading
- Ross Anderson, "Programming Satan's Computer"
- Ken Thompson, "Reflections on Trusting Trust"
- Peter Gutmann, "Lessons Learned in Implementing and Deploying Crypto Software"
- Ross Anderson, "The Eternity Service" -- a good example of security analysis of a system
- Chapter 10 from "Security Engineering"
- Chapter 11 from "Security Engineering"
- K. Tsipenyuk, B. Chess, G. McGraw, Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors
- Lifestyle Hackers
- Alma Whitten, J.D. Tygar, "Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0"
- Kevin Mitnick, "The Art of Deception: Controlling the Human Element of Security"
- David Maurer, "The Big Con: The Story of the Confidence Man"
- Frank Stajano, Paul Wilson, "Understanding scam victims: seven principles for systems security"
- Richards J. Heuer, Jr., "Psychology of Intelligence Analysis"
- Rachna Dhamija, Doug Tygar, Marti Hearst. "Why Phishing Works"
- Peter Gutmann, "Security Usability"
- Peter Gutmann, "The Design of a Cryptographic Security Architecture"
- RFC 2119: Key words for use in RFCs to Indicate Requirement Levels
- Peter Gutmann, "X.509 Style Guide"
- Ahto Buldas, Märt Saarepera. "Electronic Signature System with Small Number of Private Keys"
- Arne Ansper, "e-Riigist andmeturbe seisukohalt"
- Arne Ansper, Ahto Buldas, Margus Freudenthal, Jan Willemson "Scalable and Efficient PKI for Inter-Organizational Communication"
- Fraud. The Unmanaged Risk, 8th Global Survey
- Cormac Herley, "So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users"
- Rick Wash, Folk Models of Home Computer Security