Description of a course on Application Security (CS916)

Offered Spring 2003

This course aims to educate students in the design and implementation techniques for assuring security of software applications. While many courses in computer security concentrate on cryptographic techniques and prevention of intrusion in computer systems, this course concentrates on writing software programs that make it difficult for intruders to exploit security holes. The course will have emphasis on writing secure distributed programs in Java. We will explore the security ramifications of class, field, and method visibility, sending data between components of a distributed program via Java's Remote Method Invocation mechanism, data integrity, as well as configuring the security policy for distributed program components. The students will be asked to design and implement a program for running online auctions. To make this task less daunting, partial implementation will be provided by the instructor. The security of completed programs will be evaluated by the instructor by attempting to disrupt operations of running student programs.