Fall 2009
JMU CS555 - Secure Software Engineering
Help Policies Solutions Study-Aids Tools
Syllabus


Description: This course provides an overview of methods (and tools) for producing secure software systems. After completing this course, students will have gained some experience in using these methods and should be able to explain the advantages and disadvantages of each.
Textbook: The primary book for this course is:

Sommerville, Ian (2007) Software Engineering, Addison-Wesley , Boston, MA.
(Order from amazon , order from Barnes and Noble , compare at bigwords , compare at CampusBooks4Less , order from Chegg , or search eFollett )

There are also a variety of other required readings (available to registered students on-line). These readings fall into three categories: general software engineering issues [E], methodological issues [M], and security issues [S].

Outline: This course is organized as follows, though specific topics and dates may change. (Readings are listed in the right-most column.)
Part I: Background
8/24 Introduction
8/26 Systems Discussion and Software Processes Discussion Ch. 1-3, 4 , Skyttner (1996)[M] , Lipner & Howard (2008)[S] and Nakayama (2006)[S]
Part II: Secure Software Engineering Processes
8/31-9/2 Product Design - Identifying Needs & Desires Discussion Ch. 6-7.2, 30.1-30.2 , Fox (2006, Ch. 7)[E] and Alexander (2003)[S]
9/7-9/9 Product Design - Generating Requirements Discussion Ch. 7.3-7.4, 9-10 , Hofmann & Lehner (2001)[E] , Kis (2002)[S] and Verdon & McGraw (2008)[S]
9/14-9/16 Product Design - User Interfaces Discussion Ch. 16 , Yee (2002)[S] and Beckert & Beuster (2004)[S]
9/21-9/23 Engineering Design - Overview Ch. 11-15
9/28-9/30 Engineering Design - Conceptual Models , Class Models , Interaction Models and State Models Fox (2006, Ch. 13-14)[E]
10/5-10/7 Engineering Design Patterns - Iterator , Singleton , Composite , Observer and Command Bernstein (2008, Ap. B)[E] , Firesmith (2003)[S] and Fernandez & Pan (2001)[S]
10/12-10/14 Development Ch. 17-20
10/19-10/21 Verification & Validation Discussion Ch. 22-24 , Moore et al. (2001)[S] , Chess & McGraw (2004)[S] and Saitta et al. (2005)[S]
10/26-10/28 Assurance Cases and Deployment Discussion Kelly & Weaver (2004)[E] , Goodenough et al. (2007)[S] , Lipson & Weinstock (2008)[S] , Carzaniga et al. (1998)[E] and Hall et al. (1999)[E]
Part III: Managing SSE Projects and Processes
11/2-11/4 Managing Code & Documentation Ch. 21,29
11/9-11/11 Project Management and Cost Estimation Ch. 5, 26 , Bernstein (1998, Ch. 3)[M] , Discounting[M] and Risk[M]
11/16-11/18 Managing People & Processes Ch. 25, 28
11/30-12/2 Managing Quality Ch. 27

Attendance at lectures is not mandatory but is strongly encouraged. You are expected to come to class prepared to ask and answer questions. Hence, you should complete the readings on a topic before it is discussed in lecture.

Grading: Final grades will be based on your performance on: 1 final exam (40% total) , 1 group project (35% total) , several individual assignments (15% total) and class participation (10% total). You are responsible for reading, understanding, and complying with all policies related to the different types of assignments.
Homework Assignments: 13 homework assignments will be assigned during the semester. Note that their due dates are subject to change. Note also that the links to asssignments on Canvas will only work if you first login to Canvas.
Group Project Part 1 ; Due: 9/7 (Identifying Needs and Desires)
Group Project Part 2 ; Due: 9/14 (Requirements)
Individual Assignment 1 ; Due: 9/21 (Product Design)
Group Project Part 3 ; Due: 9/28 (User Interface Design)
Individual Assignment 2 ; Due: 10/5 (Engineering Design)
Group Project Part 4 ; Due: 10/12 (Engineering Design)
Group Project Part 5a ; Due: 10/19 (Implementation Planning)
Group Project Part 5b ; Due: 10/26 (Implementation)
Group Project Part 6 ; Due: 11/2 (Defect Testing)
Group Project Part 7 ; Due: 11/9 (Assurance Cases)
Individual Assignment 3 ; Due: 11/16 (Risk Analysis)
Group Project Part 8 ; Due: 11/30 (Project Management Plan)
Group Project Part 9 ; Due: 12/3 (Evaluation of Group)

Make sure you read and understand all of the policies related to homework assignments.

Office Hours: You may meet with Prof. Bernstein during his scheduled office hours or you may schedule an appointment with him.

Copyright 2019