This is a graduate class on secure software development. The focus of the class is:
How to think about systems with a security mindset.
As a result, this class will introduce many security stories and general concepts that you may have already discussed in other security courses.
- Vulnerabilities, weaknesses, exploits
- STRIDE, ATT&CK, threat modeling
- Attack trees, attack graphs, attack modeling, CAPEC
- Security architectures, Bell-LaPadula, Biba, Clark-Wilson
- Secure coding guides, data privacy, data security
- Statistical privacy, differential privacy, k-anonymity
- ACLs and capabilities, authN, authZ, Zero trust models
The 2022 series is available on YouTube.
Fall 2024
The class is scheduled for 9:30 AM — 10:45 AM Central Time in Bruner 410, 22 August through 12 December 2024. This is subject to change!
Not sure if this class is for you, or concerned about the content? Contact me and we can discuss it.
- Part 0: Preliminaries – Class structure
- Part 1: Motivation – What is security and why is it hard
- Part 2: Basics – Weaknesses, vulnerabilities, and exploits
- Part 3: Security – Physical vs cyber
- Part 4: Models – Historical security models and properties
- Part 5: Threats – Threat modeling and attack trees
- Part 6: Advanced Models – Capability systems and zero trust
- Part 7: Privacy – Understanding differential privacy
- Part 8: Development – Develop secure software
- Aside: Case study of a secure system
- Part 9: Ethics – The ethical crisis in computing
Do you want more details? I have shared the course plan as it is right now here. It is subject to lots of changes, of course.