Secure Programming Techniques - Project

  • Code: MTAT.07.016 (3 EAP)
  • Seminars: Wed 16.15-18.00 Liivi 2 - 404 (only on pre-announced weeks)
  • Lecturer: Meelis Roos
  • Goal: find and fix a new security problem in real software.
  • Grading comes 90% from the result of final presentation of the project and 10% from keeping up with the in-term deadlines

First meeting will be on Wed, February 16 2011.

Outline

  • Ideas for projects
  • Simple projects are for one person only
  • 2-3 person projects possible, need to plan work distribution ahead and show that it seems possible
  • Incomprehensive list of source code Scanners
  • Find a opensource project for scanning
  • Find suitable tools for first steps, use them
  • Search for security holes manually
  • Find another project if nothing has been found (no later then end of March)
  • Document the bug
  • Fix the bug
  • Fix all bugs of the same kind if possible
  • Test and document the fixes
  • Send a patch upstream, rewriting it if asked
  • Give a presentation

Planned meeting dates:

  • 16.02.2011 - Introduction
  • 23.02.2011 - Scanning and bug-searching demo (maybe moved one week)
  • 09.03.2011 - project must be chosen, mail sent me, meeting for discussion
  • 20.04.2011 - searching for security problems must have reached preliminary results (bugs should have been found), or emergency selection of another project should have been done already.
  • 25.05.2011 - final presentation and written report
Sidebar
Page edit