DD2525 Language-Based Security 7.5 credits

Språkbaserad datasäkerhet

This is an advanced course in the area of software security. The course will focus on advanced programming languages and security methods to enforce software security in a principled manner. The course combines hands-on experience, by exploring both attacks and defenses, with cutting-edge security research, by reasoning about security policies and protection mechanisms rigorously.
  • Education cycle

    Second cycle
  • Main field of study

    Computer Science and Engineering
  • Grading scale

    A, B, C, D, E, FX, F

Course offerings

Spring 20 langsec20 for programme students

Intended learning outcomes

After passing the course, the students should be able to:
- explain and apply program language based concepts for computer security,
- identify strengths and weaknesses of language based protection mechanisms in such domains as web applications, mobile applications and database systems,
- apply best practices of secure programming to design and implement more secure software,
- explain and apply principles of such language-based protection mechanisms as access control, capabilities, static analysis and runtime monitoring,
- explain differences between security policy specifications and enforcement security mechanisms,
- reflect upon security, functionality, usability and efficiency trade offs in the design of formal security requirements,
- use methods from stete-of-the-art research in the area of programming languages and security in order to:
- as security expert be able to identify security threats and propose countermeasures,
- independently design and implement software systems that embrace security from day one,
- contribute to the society by increasing the consumers' trust in software technologies.

Course main content

- Introduction to language based security.
- Basic principles, models and concepts for computer security.
- Software security by information flow control.
- Web application and database security.
- Security for mobile applications.
- Hot topics in computer security.
- State-of-the-art in programming language for safety.

Disposition

Eligibility

Completed course DD2395 Computer Security 6 credits, or equivalent course.

Literature

Information about the course literature will be announced in the course memo.

Required equipment

Examination

  • LAB1 - Laboratory work, 4.5, grading scale: A, B, C, D, E, FX, F
  • PRO1 - Project, 3.0, grading scale: A, B, C, D, E, FX, F

The examiner decides, in consultation with KTH's coordinator for disabilities (Funka), about possible adapted examination for students with documented, permanent disabilities. The examiner may permit other examination format for re-examination of individual students.

Requirements for final grade

Offered by

EECS/Theoretical Computer Science

Examiner

Version

Course syllabus valid from: Autumn 2019.
Examination information valid from: Autumn 2019.