Subject Secure Software Systems L T P J C

Code: 2 0 0 4 3
1. To learn the development principles and process models of secure
software engineering.
2. To study the requirements, modelling, design testing and validation
Objectives procedures that ensure security.
3. To practice the documentation through reports and their formats in all
phases of secure software development life cycle.
4. To apply secure software engineering principles across cross-disciplines

After successfully completing the course the student should be able to

1. Evaluate a secure software development process including designing
Expected secure applications, writing secure code against attacks.
Outcome 2. Assess the reports through security testing procedures
3. Solve the security issues of vulnerabilities, flaws, and threats.
4. Develop secure coding to help make code more resistant to attacks.

1. Having an ability to apply mathematics and science in engineering

applications
5. Having design thinking capability
Student 6. Having an ability to design a component or a product applying all the
relevant standards and with realistic constraints
Learning
9. Having problem solving ability- solving social issues and engineering
Outcome problems
12. Having adaptive thinking and adaptability
13. Having cross cultural competency exhibited by working in teams
17. Having an ability to use techniques, skills and modern engineering tools
necessary for engineering practice
Module Topics L hrs SLO

1 Introduction
What is System engineering-Systems engineering and the
systems-System engineering processes-Understanding
Software systems engineering-The software system 4 1
engineering processes-Steps in the software development
processes-Functional and non-functional requirements-
Verification and validation
2 Engineering secure and safe systems
Introduction-The approach-security versus safety-Four
approaches to develop critical systems-The dependability
5 5, 9
approach-The safety engineering approach-The secure
systems approach-The real-time systems approach-
Security-critical and safety-critical systems
3 Architecting Secure Software Systems
5 5, 6
Security Requirements Analysis, Threat Modelling,
 Security Design Patterns & Anti-Patterns, Attack
Patterns, Security Design Patterns, Authentication,
Authorization -
Security Coding Security Algorithm, Security Protocol,
Key Generation
4 Validating Security
Generating the Executable, Security Testing vulnerability
assessment, code coverage tools - Secured Deployment, 3 17
Security Remediation, Security Documentation, Security
Response Planning, Safety-Critical Systems
5 Secure Coding Principles
Coding in C String manipulation, vulnerabilities and
exploits, Pointers based vulnerabilities. Coding C++ and
4 6, 9
JAVA - Memory management, common errors, Integer
Security, Double free Vulnerabilities

6 Security in web-facing applications

Overview of web security, Identity Management, public-
key infrastructure, Code injection, Parameter tampering, 4 12
secured web programming, application vulnerability
description language
7 Security and safety metrics
Defining metrics-differentiating measures and metrics-
Software Metrics-Measuring and reporting metrics-
3 13
Metrics for meeting requirements-Risk metrics-Security
metrics for software systems-safety metrics for software
systems
8 Recent Trends 2
Project 60[Non
# Generally a team project [5 to 10 members] Contact
# Concepts studied in theory should have been used ]
# Down to earth application and innovative idea should have
been attempted
# Report in Digital format with all drawings using software
package to be submitted.
# Assessment on a continuous basis with a min of 3 reviews.
Sample Projects
A software product in any of the following category
should be developed
Native platform-based application
Web-based Application
Mobile App
 Web-service
Software component

Practice the processes in Requirements phase

Based on the nature of the product implement the
design phase
Coding & construction based on a suitable
language/platform
Validate and Evaluate the software product
Prepare a complete documentation for the product
(SRS, TRS, Maintenance etc)
Use DevOps or Bluemix in the entire SDLC for your
project

Reference Books
1. C. Warren Axelrod, Engineering Safe and Secure
Software Systems, First Edition, Artech House, 2013
2. Asoke K. Talukder, Manish Chaitanya, Architecting
Secure Software Systems, ISBN 9781420087840, 2008
3. John Musa D, Software Reliability Engineering, 2nd
Edition, Tata McGraw-Hill, 2005

Knowledge Areas that contain topics and learning outcomes covered in the course

Knowledge Area Total Hours of Coverage

CS:SE 11

CE: SWE 9

CE:IAS 10

Body of Knowledge coverage

KA Knowledge Unit Topics Covered Hours

CS: SE SE/Software Understanding Software systems engineering-The 4

Engineering software system engineering processes-Steps in the
software development processes-Functional and
non-functional requirements-Verification and
validation

CS: IAS IAS/Information Introduction-The approach-security versus safety- 5

Assurance & Four approaches to develop critical systems-The
Security dependability approach-The safety engineering
approach-The secure systems approach-The real-
 time systems approach-Security-critical and safety-
critical systems

CS: IAS IAS/Information Security Requirements Analysis, Threat Modelling, 5

Assurance & Security Design Patterns & Anti-Patterns, Attack
Security Patterns, Security Design Patterns, Authentication,
Authorization -
Security Coding Security Algorithm, Security
Protocol, Key Generation

CS: SE SE/Software Generating the Executable, Security Testing 3

Engineering vulnerability assessment, code coverage tools -
Secured Deployment, Security Remediation,
Security Documentation, Security Response
Planning, Safety-Critical Systems

CS: SE SE/Software Coding in C String manipulation, vulnerabilities 4

Engineering and exploits, Pointers based vulnerabilities.
Coding C++ and JAVA - Memory management,
common errors, Integer Security, Double free
Vulnerabilities

CS: SWE SE/Software Overview of web security, Identity Management, 4

Engineering public-key infrastructure, Code injection, Parameter
tampering, secured web programming, application
vulnerability description language

CS: SWE SE/Software Defining metrics-differentiating measures and 3

Engineering metrics-Software Metrics-Measuring and reporting
metrics-Metrics for meeting requirements-Risk
metrics-Security metrics for software systems-safety
metrics for software systems

CS: SE SE/Software Recent Trends 2

Engineering

Total hours 30

Where does the course fit in the curriculum?

This course is a
Elective Course.
Suitable from 2nd semester onwards.
Knowledge of Software Engineering

What is covered in the course?

Part 1: Introduction to Secure and Safe System
Introduction of Software Engineering and approaches to provide safe and secure system.
Part II: Architecting Secure Software System
Study of Secure Design and Security protocol for design pattern
Part III: Coding and Validating
Coding and memory management to vulnerability.
Part IV: Security and Safety Metrics
Study of software metrics, risk metrics and Secure metrics.

What is the format of the course?

This Course is designed with 100 minutes of in-classroom sessions per week, 60 minutes of
video/reading instructional material per week, as well as 200 minutes of non-contact time
spent on implementing course related project. Generally this course should have the
combination of lectures, in-class discussion, case studies, guest-lectures, mandatory off-class
reading material, quizzes.

How are students assessed?

Students are assessed on a combination group activities, classroom discussion, projects,
and continuous, final assessment tests.
Additional weightage will be given based on their rank in crowd sourced projects/ Kaggle
like competitions.
Students can earn additional weightage based on certificate of completion of a related
MOOC course.

Session Wise Plan

S.N Lab
Class levels of Ref
Topic Covered Hour
Hour mastery Book
1. System engineering-Systems engineering and the
systems-System engineering processes- 2 Usage 1
Understanding Software systems engineering-
2. software system engineering processes-Steps in
the software development processes-Functional
2 Usage 1
and non-functional requirements-Verification and
validation
3. The approach-security versus safety-Four
2 Usage 1
approaches to develop critical systems
4. The dependability approach-The safety
engineering approach-The secure systems 2 Usage 1
approach-The real-time systems approach-
5. Familiar
Security-critical and safety-critical systems 1 1
ity
6. Security Requirements Analysis, Threat
Modelling, Security Design Patterns & Anti- 2 Usage 2
Patterns
7. Attack Patterns, Security Design Patterns,
Authentication, Authorization - Security Coding Familiar
3 2
Security Algorithm, Security Protocol, Key ity
Generation
8. Generating the Executable, Security Testing 1 Usage 1
 vulnerability assessment, code coverage tools
9. Secured Deployment, Security Remediation,
Familiar
Security Documentation, Security Response 2 1
ity
Planning, Safety-Critical Systems
10. Coding in C String manipulation, vulnerabilities
2 Usage 1
and exploits, Pointers based vulnerabilities
11. Coding C++ and JAVA - Memory management,
common errors, Integer Security, Double free
2 Usage 1
Vulnerabilities

12. Overview of web security, Identity Management,

2 Usage 1
public-key infrastructure
13. Code injection, Parameter tampering, secured web
Familiar
programming, application vulnerability 2 3
ity
description language
14. Defining metrics-differentiating measures and
metrics-Software Metrics-Measuring and 1 Usage 3
reporting metrics
15. Metrics for meeting requirements-Risk metrics-
Familiar
Security metrics for software systems-safety 2 3
ity
metrics for software systems
16. Emerging Trends Familiar
2
ity
17. 30 Hours (2 Credit hours /week / 15 Weeks
schedule)
30 Hours (2 Credit hours / week )