DD2460 Software Safety and Security 7.5 credits

Programvarusäkerhet

The course covers several fundamental techniques for the analysis of programs, with a focus on safety and security. The techniques are based on types and logics for programs, and allow to discover certain types of illicit behaviour or deduce the absence of such behaviour. We consider several successful tools implementing such techniques.

Show course information based on the chosen semester and course offering:

Offering and execution

No offering selected

Select the semester and course offering above to get information from the correct course syllabus and course offering.

Course information

Content and learning outcomes

Course contents *

  • Part I. Introduction to safety and security.
  • Part II. Temporal logics, modeling, model checking, formal specification. Tool: NuSMV.
  • Part III. Information flow security, type system. Tool.
  • Part IV. Concurrency, network programming. Tool: Java Pathfinder.
  • Part V. Memory safety, fuzzing. Tools: valgrind, radamsa.

Intended learning outcomes *

After passing the course, the student should be able to:

  • explain safety and security aspects for systems,
  • construct models of systems,
  • specify and analyse safety and security properties,
  • apply analytical tools on software systems,
  • evaluate and compare different approaches to verification and validation of software systems,

in order to

  • as citizen and expert be able to discuss software safety and security,
  • in professional life and/or research projects be able to formally express safety and security related properties,
  • be able to use and adapt various tools and technologies to verify such properties.

Course Disposition

No information inserted

Literature and preparations

Specific prerequisites *

For the students of the free standing course:

SF1901 Mathematical Statistics, DD1337 Programming, DD1338 Algorithms and Data Structures, SF1630 Discrete mathematics, DD1352 Algorithms, Data Structures and Complexity and DD2395 Data Security, or equivalent courses.

Recommended prerequisites

The course DD2395 Computer Security or corresponding. Good skills in programming, programming languages, and program semantics. Knowledge of first-order logic and finite automata.

Equipment

No information inserted

Literature

No information inserted

Examination and completion

Grading scale *

A, B, C, D, E, FX, F

Examination *

  • LAB2 - Laboratory work, 5.0 credits, Grading scale: A, B, C, D, E, FX, F
  • TEN2 - Examination, 1.0 credits, Grading scale: A, B, C, D, E, FX, F
  • ÖVN2 - Group presentation and report, 1.5 credits, Grading scale: A, B, C, D, E, FX, F

Based on recommendation from KTH’s coordinator for disabilities, the examiner will decide how to adapt an examination for students with documented disability.

The examiner may apply another examination format when re-examining individual students.

In TEN2 and LAB2, the whole grading scale is used, but in ÖVN2, the grades B and D are not used

Opportunity to complete the requirements via supplementary examination

No information inserted

Opportunity to raise an approved grade via renewed examination

No information inserted

Examiner

Cyrille Artho

Further information

Course web

Further information about the course can be found on the Course web at the link below. Information on the Course web will later be moved to this site.

Course web DD2460

Offered by

EECS/Computer Science

Main field of study *

Computer Science and Engineering

Education cycle *

Second cycle

Add-on studies

No information inserted

Contact

Cyrille Artho (artho@kth.se)

Ethical approach *

  • All members of a group are responsible for the group's work.
  • In any assessment, every student shall honestly disclose any help received and sources used.
  • In an oral assessment, every student shall be able to present and answer questions about the entire assignment and solution.

Supplementary information

In this course, the EECS code of honor applies, see:
http://www.kth.se/en/eecs/utbildning/hederskodex

Additional regulations *

This course contains group projects and labs. Course registration after the official registration period is not possible, since we need to create the groups in the beginning of the course.