Syllabus

Description: This course provides an overview of methods (and tools) for producing secure software systems. After completing this course, students will have gained some experience in using these methods and should be able to explain the advantages and disadvantages of each.

Textbook: The primary book for this course is:

Sommerville, Ian (2007) Software Engineering, Addison-Wesley , Boston, MA.
(Order from amazon , order from Barnes and Noble , compare at bigwords , compare at CampusBooks4Less , order from Chegg , or search eFollett )

There are also a variety of other required readings (available to registered students on-line). These readings fall into three categories: general software engineering issues [E], methodological issues [M], and security issues [S].

Outline: This course is organized as follows, though specific topics and dates may change. (Readings are listed in the right-most column.)

Part I: Background

8/24

Introduction

8/26

Systems

and Software Processes

Ch. 1-3, 4 , Skyttner (1996)[M] , Lipner & Howard (2008)[S] and Nakayama (2006)[S]

Part II: Secure Software Engineering Processes

8/31-9/2

Product Design - Identifying Needs & Desires

Ch. 6-7.2, 30.1-30.2 , Fox (2006, Ch. 7)[E] and Alexander (2003)[S]

9/7-9/9

Product Design - Generating Requirements

Ch. 7.3-7.4, 9-10 , Hofmann & Lehner (2001)[E] , Kis (2002)[S] and Verdon & McGraw (2008)[S]

9/14-9/16

Product Design - User Interfaces

Ch. 16 , Yee (2002)[S] and Beckert & Beuster (2004)[S]

9/21-9/23

Engineering Design - Overview

Ch. 11-15

9/28-9/30

Engineering Design - Conceptual Models , Class Models , Interaction Models and State Models

Fox (2006, Ch. 13-14)[E]

10/5-10/7

Engineering Design Patterns - Iterator , Singleton , Composite , Observer and Command

Bernstein (2008, Ap. B)[E] , Firesmith (2003)[S] and Fernandez & Pan (2001)[S]

10/12-10/14

Development

Ch. 17-20

10/19-10/21

Verification & Validation

Ch. 22-24 , Moore et al. (2001)[S] , Chess & McGraw (2004)[S] and Saitta et al. (2005)[S]

10/26-10/28

Assurance Cases and Deployment

Kelly & Weaver (2004)[E] , Goodenough et al. (2007)[S] , Lipson & Weinstock (2008)[S] , Carzaniga et al. (1998)[E] and Hall et al. (1999)[E]

Part III: Managing SSE Projects and Processes

11/2-11/4

Managing Code & Documentation

Ch. 21,29

11/9-11/11

Project Management and Cost Estimation

Ch. 5, 26 , Bernstein (1998, Ch. 3)[M] , Discounting[M] and Risk[M]

11/16-11/18

Managing People & Processes

Ch. 25, 28

11/30-12/2

Managing Quality

Ch. 27

Attendance at lectures is not mandatory but is strongly encouraged. You are expected to come to class prepared to ask and answer questions. Hence, you should complete the readings on a topic before it is discussed in lecture.

Grading: Final grades will be based on your performance on: 1 final exam (40% total) , 1 group project (35% total) , several individual assignments (15% total) and class participation (10% total). You are responsible for reading, understanding, and complying with all policies related to the different types of assignments.

Homework Assignments: 13 homework assignments will be assigned during the semester. Note that their due dates are subject to change. Note also that the links to asssignments on Canvas will only work if you first login to Canvas.

Make sure you read and understand all of the policies related to homework assignments.

Office Hours: You may meet with Prof. Bernstein during his scheduled office hours or you may schedule an appointment with him.