Secure Programming Techniques - Project

  • Code: MTAT.07.016 (3 EAP)
  • Seminars: Wed 12-14 Liivi 2 - 202 (only on pre-announced weeks)
  • Lecturer: Meelis Roos
  • Goal: find and fix a new security problem in real software.
  • Grading comes 90% from the result of final presentation and report of the project and 10% from keeping up with the in-term deadlines

First meeting will be on Fri, February 10 2012.

Outline

  • Ideas for projects
  • Simple projects are for one person only
  • 2-3 person projects possible, but you need to plan work distribution ahead and show that it seems possible
  • Incomprehensive list of source code Scanners
  • Find a opensource project for scanning
  • Find suitable tools for first steps, use them
  • Search for security holes manually
  • Find another project if nothing has been found (no later then end of March)
  • Document the bug
  • Fix the bug
  • Fix all bugs of the same kind if possible
  • Test and document the fixes
  • Send a patch upstream, rewriting it if asked
  • Give a presentation

Planned meetings

  • 10.02.2012 - first meeting (audio recording: OGG)
  • 22.02.2012 - demo of source code auditing (audio recording: WMA)
  • 28.03.2012 - how you have succeeded in finding some bugs
  • 25.04.2012 (maybe) - bugs found, fixing in progress
  • 30.05.2012 - final presentations

The course is supported by the European Social Fund project "Development of Master curricula of Informatics and Information Technology at the institute of Computer Science at University of Tartu in cooperation with Estonian IT-companies".

Sidebar
Page edit