SWENG 455: Engineering Quality and Security in Software

LnRiLWNvbnRhaW5lciAudGItY29udGFpbmVyLWlubmVye3dpZHRoOjEwMCU7bWFyZ2luOjAgYXV0b30gLndwLWJsb2NrLXRvb2xzZXQtYmxvY2tzLWNvbnRhaW5lci50Yi1jb250YWluZXJbZGF0YS10b29sc2V0LWJsb2Nrcy1jb250YWluZXI9ImNlODg0MDE5NzQ3ZjQ2YzBmMTAwZWY5MWI0MDk1OGNjIl0geyBib3JkZXItcmFkaXVzOiA1cHg7cGFkZGluZzogMjVweDsgfSAudGItY29udGFpbmVyIC50Yi1jb250YWluZXItaW5uZXJ7d2lkdGg6MTAwJTttYXJnaW46MCBhdXRvfSAud3AtYmxvY2stdG9vbHNldC1ibG9ja3MtY29udGFpbmVyLnRiLWNvbnRhaW5lcltkYXRhLXRvb2xzZXQtYmxvY2tzLWNvbnRhaW5lcj0iNzkxNTVmMTI5Mzk4MTNkNzQ5MzFkOTk2MzRkMjllNDYiXSB7IGJvcmRlci1yYWRpdXM6IDVweDtiYWNrZ3JvdW5kOiByZ2JhKCAyNTUsIDI1NSwgMjU1LCAxICk7cGFkZGluZzogNXB4IDM1cHggNXB4IDM1cHg7IH0gLnRiLWNvbnRhaW5lciAudGItY29udGFpbmVyLWlubmVye3dpZHRoOjEwMCU7bWFyZ2luOjAgYXV0b30gLndwLWJsb2NrLXRvb2xzZXQtYmxvY2tzLWNvbnRhaW5lci50Yi1jb250YWluZXJbZGF0YS10b29sc2V0LWJsb2Nrcy1jb250YWluZXI9IjhlODg0NGUyZjFiMzIxOWE4YWM2NjJhMzgyMWNmY2E4Il0geyBwYWRkaW5nOiAyNXB4OyB9ICAgLnRiLWNvbnRhaW5lciAudGItY29udGFpbmVyLWlubmVye3dpZHRoOjEwMCU7bWFyZ2luOjAgYXV0b30gLndwLWJsb2NrLXRvb2xzZXQtYmxvY2tzLWNvbnRhaW5lci50Yi1jb250YWluZXJbZGF0YS10b29sc2V0LWJsb2Nrcy1jb250YWluZXI9IjViMDQ3MWM0OWIxZDM0YzZkODFkYmI0NmUzYjJjY2YzIl0geyBwYWRkaW5nOiAyNXB4OyB9IC50Yi1ncmlkLC50Yi1ncmlkPi5ibG9jay1lZGl0b3ItaW5uZXItYmxvY2tzPi5ibG9jay1lZGl0b3ItYmxvY2stbGlzdF9fbGF5b3V0e2Rpc3BsYXk6Z3JpZDtncmlkLXJvdy1nYXA6MjVweDtncmlkLWNvbHVtbi1nYXA6MjVweH0udGItZ3JpZC1pdGVte2JhY2tncm91bmQ6I2QzOGEwMztwYWRkaW5nOjMwcHh9LnRiLWdyaWQtY29sdW1ue2ZsZXgtd3JhcDp3cmFwfS50Yi1ncmlkLWNvbHVtbj4qe3dpZHRoOjEwMCV9LnRiLWdyaWQtY29sdW1uLnRiLWdyaWQtYWxpZ24tdG9we3dpZHRoOjEwMCU7ZGlzcGxheTpmbGV4O2FsaWduLWNvbnRlbnQ6ZmxleC1zdGFydH0udGItZ3JpZC1jb2x1bW4udGItZ3JpZC1hbGlnbi1jZW50ZXJ7d2lkdGg6MTAwJTtkaXNwbGF5OmZsZXg7YWxpZ24tY29udGVudDpjZW50ZXJ9LnRiLWdyaWQtY29sdW1uLnRiLWdyaWQtYWxpZ24tYm90dG9te3dpZHRoOjEwMCU7ZGlzcGxheTpmbGV4O2FsaWduLWNvbnRlbnQ6ZmxleC1lbmR9IC53cC1ibG9jay10b29sc2V0LWJsb2Nrcy1ncmlkLnRiLWdyaWRbZGF0YS10b29sc2V0LWJsb2Nrcy1ncmlkPSJjNWJiOGIzYzMwY2MzOWExMzllNTNiZWY3NjMwZDdhMyJdIHsgZ3JpZC10ZW1wbGF0ZS1jb2x1bW5zOiBtaW5tYXgoMCwgMC41ZnIpIG1pbm1heCgwLCAwLjVmcik7Z3JpZC1jb2x1bW4tZ2FwOiAzMnB4O2dyaWQtcm93LWdhcDogNDRweDtncmlkLWF1dG8tZmxvdzogcm93IH0gLndwLWJsb2NrLXRvb2xzZXQtYmxvY2tzLWdyaWQudGItZ3JpZFtkYXRhLXRvb2xzZXQtYmxvY2tzLWdyaWQ9ImM1YmI4YjNjMzBjYzM5YTEzOWU1M2JlZjc2MzBkN2EzIl0gPiAudGItZ3JpZC1jb2x1bW46bnRoLW9mLXR5cGUoMm4gKyAxKSB7IGdyaWQtY29sdW1uOiAxIH0gLndwLWJsb2NrLXRvb2xzZXQtYmxvY2tzLWdyaWQudGItZ3JpZFtkYXRhLXRvb2xzZXQtYmxvY2tzLWdyaWQ9ImM1YmI4YjNjMzBjYzM5YTEzOWU1M2JlZjc2MzBkN2EzIl0gPiAudGItZ3JpZC1jb2x1bW46bnRoLW9mLXR5cGUoMm4gKyAyKSB7IGdyaWQtY29sdW1uOiAyIH0gLndwLWJsb2NrLXRvb2xzZXQtYmxvY2tzLWdyaWQtY29sdW1uLnRiLWdyaWQtY29sdW1uW2RhdGEtdG9vbHNldC1ibG9ja3MtZ3JpZC1jb2x1bW49IjQ2ZGNkMGU3MjI5ZDMwZTI4NmNkNDE0ZTE0NmYyNjRlIl0geyBiYWNrZ3JvdW5kLWNvbG9yOiByZ2JhKCAyNTUsIDI1NSwgMjU1LCAxICk7Ym9yZGVyLXJhZGl1czogNXB4O3BhZGRpbmctcmlnaHQ6IDM1cHg7cGFkZGluZy1sZWZ0OiAzNXB4O2Rpc3BsYXk6IGZsZXg7IH0gLndwLWJsb2NrLXRvb2xzZXQtYmxvY2tzLWdyaWQtY29sdW1uLnRiLWdyaWQtY29sdW1uW2RhdGEtdG9vbHNldC1ibG9ja3MtZ3JpZC1jb2x1bW49IjQ2ZGNkMGU3MjI5ZDMwZTI4NmNkNDE0ZTE0NmYyNjRlIl0gcCB7IGZvbnQtc2l6ZTogMThweDsgfSAgLndwLWJsb2NrLXRvb2xzZXQtYmxvY2tzLWdyaWQtY29sdW1uLnRiLWdyaWQtY29sdW1uW2RhdGEtdG9vbHNldC1ibG9ja3MtZ3JpZC1jb2x1bW49Ijk0MzBmNTg3NTEwMzg3NTI4ZDI4ZGI2MWNmYWQxNDJhIl0geyBiYWNrZ3JvdW5kLWNvbG9yOiByZ2JhKCAyNTUsIDI1NSwgMjU1LCAxICk7Ym9yZGVyLXJhZGl1czogNXB4O3BhZGRpbmctcmlnaHQ6IDM1cHg7cGFkZGluZy1sZWZ0OiAzNXB4O2Rpc3BsYXk6IGZsZXg7IH0gLndwLWJsb2NrLXRvb2xzZXQtYmxvY2tzLWdyaWQtY29sdW1uLnRiLWdyaWQtY29sdW1uW2RhdGEtdG9vbHNldC1ibG9ja3MtZ3JpZC1jb2x1bW49Ijk0MzBmNTg3NTEwMzg3NTI4ZDI4ZGI2MWNmYWQxNDJhIl0gcCB7IGZvbnQtc2l6ZTogMThweDsgfSAgQG1lZGlhIG9ubHkgc2NyZWVuIGFuZCAobWF4LXdpZHRoOiA3ODFweCkgeyAudGItY29udGFpbmVyIC50Yi1jb250YWluZXItaW5uZXJ7d2lkdGg6MTAwJTttYXJnaW46MCBhdXRvfS50Yi1jb250YWluZXIgLnRiLWNvbnRhaW5lci1pbm5lcnt3aWR0aDoxMDAlO21hcmdpbjowIGF1dG99LnRiLWNvbnRhaW5lciAudGItY29udGFpbmVyLWlubmVye3dpZHRoOjEwMCU7bWFyZ2luOjAgYXV0b30gIC50Yi1jb250YWluZXIgLnRiLWNvbnRhaW5lci1pbm5lcnt3aWR0aDoxMDAlO21hcmdpbjowIGF1dG99LnRiLWdyaWQsLnRiLWdyaWQ+LmJsb2NrLWVkaXRvci1pbm5lci1ibG9ja3M+LmJsb2NrLWVkaXRvci1ibG9jay1saXN0X19sYXlvdXR7ZGlzcGxheTpncmlkO2dyaWQtcm93LWdhcDoyNXB4O2dyaWQtY29sdW1uLWdhcDoyNXB4fS50Yi1ncmlkLWl0ZW17YmFja2dyb3VuZDojZDM4YTAzO3BhZGRpbmc6MzBweH0udGItZ3JpZC1jb2x1bW57ZmxleC13cmFwOndyYXB9LnRiLWdyaWQtY29sdW1uPip7d2lkdGg6MTAwJX0udGItZ3JpZC1jb2x1bW4udGItZ3JpZC1hbGlnbi10b3B7d2lkdGg6MTAwJTtkaXNwbGF5OmZsZXg7YWxpZ24tY29udGVudDpmbGV4LXN0YXJ0fS50Yi1ncmlkLWNvbHVtbi50Yi1ncmlkLWFsaWduLWNlbnRlcnt3aWR0aDoxMDAlO2Rpc3BsYXk6ZmxleDthbGlnbi1jb250ZW50OmNlbnRlcn0udGItZ3JpZC1jb2x1bW4udGItZ3JpZC1hbGlnbi1ib3R0b217d2lkdGg6MTAwJTtkaXNwbGF5OmZsZXg7YWxpZ24tY29udGVudDpmbGV4LWVuZH0gLndwLWJsb2NrLXRvb2xzZXQtYmxvY2tzLWdyaWQudGItZ3JpZFtkYXRhLXRvb2xzZXQtYmxvY2tzLWdyaWQ9ImM1YmI4YjNjMzBjYzM5YTEzOWU1M2JlZjc2MzBkN2EzIl0geyBncmlkLXRlbXBsYXRlLWNvbHVtbnM6IG1pbm1heCgwLCAxZnIpO2dyaWQtcm93LWdhcDogMjRweDtncmlkLWF1dG8tZmxvdzogcm93IH0gLndwLWJsb2NrLXRvb2xzZXQtYmxvY2tzLWdyaWQudGItZ3JpZFtkYXRhLXRvb2xzZXQtYmxvY2tzLWdyaWQ9ImM1YmI4YjNjMzBjYzM5YTEzOWU1M2JlZjc2MzBkN2EzIl0gID4gLnRiLWdyaWQtY29sdW1uOm50aC1vZi10eXBlKDFuKzEpIHsgZ3JpZC1jb2x1bW46IDEgfSAud3AtYmxvY2stdG9vbHNldC1ibG9ja3MtZ3JpZC1jb2x1bW4udGItZ3JpZC1jb2x1bW5bZGF0YS10b29sc2V0LWJsb2Nrcy1ncmlkLWNvbHVtbj0iNDZkY2QwZTcyMjlkMzBlMjg2Y2Q0MTRlMTQ2ZjI2NGUiXSB7IGRpc3BsYXk6IGZsZXg7IH0gIC53cC1ibG9jay10b29sc2V0LWJsb2Nrcy1ncmlkLWNvbHVtbi50Yi1ncmlkLWNvbHVtbltkYXRhLXRvb2xzZXQtYmxvY2tzLWdyaWQtY29sdW1uPSI5NDMwZjU4NzUxMDM4NzUyOGQyOGRiNjFjZmFkMTQyYSJdIHsgZGlzcGxheTogZmxleDsgfSAgIH0gQG1lZGlhIG9ubHkgc2NyZWVuIGFuZCAobWF4LXdpZHRoOiA1OTlweCkgeyAudGItY29udGFpbmVyIC50Yi1jb250YWluZXItaW5uZXJ7d2lkdGg6MTAwJTttYXJnaW46MCBhdXRvfS50Yi1jb250YWluZXIgLnRiLWNvbnRhaW5lci1pbm5lcnt3aWR0aDoxMDAlO21hcmdpbjowIGF1dG99LnRiLWNvbnRhaW5lciAudGItY29udGFpbmVyLWlubmVye3dpZHRoOjEwMCU7bWFyZ2luOjAgYXV0b30gIC50Yi1jb250YWluZXIgLnRiLWNvbnRhaW5lci1pbm5lcnt3aWR0aDoxMDAlO21hcmdpbjowIGF1dG99LnRiLWdyaWQsLnRiLWdyaWQ+LmJsb2NrLWVkaXRvci1pbm5lci1ibG9ja3M+LmJsb2NrLWVkaXRvci1ibG9jay1saXN0X19sYXlvdXR7ZGlzcGxheTpncmlkO2dyaWQtcm93LWdhcDoyNXB4O2dyaWQtY29sdW1uLWdhcDoyNXB4fS50Yi1ncmlkLWl0ZW17YmFja2dyb3VuZDojZDM4YTAzO3BhZGRpbmc6MzBweH0udGItZ3JpZC1jb2x1bW57ZmxleC13cmFwOndyYXB9LnRiLWdyaWQtY29sdW1uPip7d2lkdGg6MTAwJX0udGItZ3JpZC1jb2x1bW4udGItZ3JpZC1hbGlnbi10b3B7d2lkdGg6MTAwJTtkaXNwbGF5OmZsZXg7YWxpZ24tY29udGVudDpmbGV4LXN0YXJ0fS50Yi1ncmlkLWNvbHVtbi50Yi1ncmlkLWFsaWduLWNlbnRlcnt3aWR0aDoxMDAlO2Rpc3BsYXk6ZmxleDthbGlnbi1jb250ZW50OmNlbnRlcn0udGItZ3JpZC1jb2x1bW4udGItZ3JpZC1hbGlnbi1ib3R0b217d2lkdGg6MTAwJTtkaXNwbGF5OmZsZXg7YWxpZ24tY29udGVudDpmbGV4LWVuZH0gLndwLWJsb2NrLXRvb2xzZXQtYmxvY2tzLWdyaWQudGItZ3JpZFtkYXRhLXRvb2xzZXQtYmxvY2tzLWdyaWQ9ImM1YmI4YjNjMzBjYzM5YTEzOWU1M2JlZjc2MzBkN2EzIl0geyBncmlkLXRlbXBsYXRlLWNvbHVtbnM6IG1pbm1heCgwLCAxZnIpO2dyaWQtYXV0by1mbG93OiByb3cgfSAud3AtYmxvY2stdG9vbHNldC1ibG9ja3MtZ3JpZC50Yi1ncmlkW2RhdGEtdG9vbHNldC1ibG9ja3MtZ3JpZD0iYzViYjhiM2MzMGNjMzlhMTM5ZTUzYmVmNzYzMGQ3YTMiXSAgPiAudGItZ3JpZC1jb2x1bW46bnRoLW9mLXR5cGUoMW4rMSkgeyBncmlkLWNvbHVtbjogMSB9IC53cC1ibG9jay10b29sc2V0LWJsb2Nrcy1ncmlkLWNvbHVtbi50Yi1ncmlkLWNvbHVtbltkYXRhLXRvb2xzZXQtYmxvY2tzLWdyaWQtY29sdW1uPSI0NmRjZDBlNzIyOWQzMGUyODZjZDQxNGUxNDZmMjY0ZSJdIHsgZGlzcGxheTogZmxleDsgfSAgLndwLWJsb2NrLXRvb2xzZXQtYmxvY2tzLWdyaWQtY29sdW1uLnRiLWdyaWQtY29sdW1uW2RhdGEtdG9vbHNldC1ibG9ja3MtZ3JpZC1jb2x1bW49Ijk0MzBmNTg3NTEwMzg3NTI4ZDI4ZGI2MWNmYWQxNDJhIl0geyBkaXNwbGF5OiBmbGV4OyB9ICAgfSA=

Textbook Information

Secure Software Design by Theodor Richardson and Charles N Thies. 1^st 2012. Jones & Bartlett Learning. ISBN-13: 97814496266327. ISBN-10: 1449626327
Software Quality Assurance: From Theory to Implementation by Daniel Galin. 1^st 2004. Pearson-Addison Wesley. ISBN-13: 9780201709452. ISBN-10: 0201709457

Published Remarks

None

Hardware Requirements

Software Requirements

Proctored Exams

Course Description

Software systems are becoming an integral part of our daily life. In many domains the failure of a software system in not acceptable. Such a failure will have catastrophic effects. Hence, the quality of such software systems becomes so crucial. In this course we will introduce software quality and the associated quality factors.

As software systems advance in complexity so does the threats that they face. Hence, the security of these systems has became so essential. Traditionally security has been thought off as an add-on to an existing system. In this course, we will understand that this is not sufficient. Security should be considered throughout the software development life cycle.

Prerequisite: SWENG411

Overview

This course provides a detailed explanation of software quality assurance practices and methods throughout the software development life-cycle. It provides a foundation for building secure software by applying security principles to the software development lifecycle. test

Course Outline:

Module 1: Intro to Software Quality
Module 2: Software Errors
Module 3: Introduction to Information Security
Module 4: Security Requirements Planning
Module 5: Vulnerability Mapping
Module 6: Vulnerability Mapping – 2
Module 7: Secure Software Architecture and Design
Module 8: Secure Software Architecture and Design – 2
Module 9: Secure Coding
Module 10: Secure Testing
Module 11: Secure Deployment and Maintenance
Module 12: Microsoft^® Security Development Lifecycle (SDL)

Learning Goals

By the end of this course students are expected to:

Understand the concepts of software quality assurance.
Understand the concept of secure software development.
Understand the current and emerging threats
Understand the effect of security on the software development life cycle (SDLC).
Understand the effect of quality on the SDLC.
Ability to integrate security in the software requirements planning and use Use-Cases to model security requirements.
Ability to integrate security in software design.

Course Requirements and Grading

Grading Policy

Grading is based on three exams, weekly quizzes, weekly assignments, and course project. The following weights are assigned to the different assessed components of the course:

Category	Percentage
Module Quizzes	10%
Module Discussions	5%
Module Assignments	10%
Project (Three Phases)	45%
Exam 1	10%
Exam 2	10%
Exam 3	10%

Assignments: Assignments will be assigned with some Modules. They are designed to enhance your understanding of the material covered in the Module. They are assigned on the Monday of the week and are due by Saturday (11:59pm, US Eastern time) of the same week. Project: This course will have one major group project. In the project you will develop a software system while integrating security in the development cycle. The project is divided intro three phases, requirements, design, and implementation and testing. Each phase is worth 15% of your grade. Quizzes: Quizzes are short and designed to make sure your knowledge on the current topic is sufficient. They are assigned on Monday of the week and are due by Saturday (11:59pm, US Eastern time) of the same week. No late Quizzes will be accepted. Module Discussions: Modules will contain a number of questions that are embedded. You will need to answer these questions through the discussion board. A link to the question will be displayed in the content of the module. It is important that you answer these questions. There will not be a right or wrong answer. It will rather be a pass or fail approach for these questions. I am looking for your best attempt. Answers that are unrelated or unreasonable will not be accepted. Exams: Exams will be given over the course of the semester to encourage your ongoing attention to course material. Covered topics will be drawn largely from the lectures and assigned readings. Test 1 will cover Module 1 to 4. Test 2 will cover Module 5 to 8, and Test 3 will cover Module 9 to 11.

Grade Assignments

Assessments are based on 100 points with final letter grades being assigned as follows:

A	A-	B+	B	B-	C+	C	D	F
100-93	92.9-89	88.9-85	84.9-80	79.9-75	74.9-70	69.9-65	64.9-60	59.9-0

Textbook Information

Published Remarks

Hardware Requirements

Software Requirements

Proctored Exams

Recent Posts

Recent Comments

Archives

Categories