[an error occurred while processing this directive] [an error occurred while processing this directive]
[an error occurred while processing this directive]
[an error occurred while processing this directive]
Monash University

FIT3056 Secure and trusted software systems - Semester 1, 2014

Students are introduced to some of the most common security issues involved in the development of software, including secure coding practices, secure database access, secure data communications, security of web applications, use of encryption techniques and security testing. Students are provided with a range of practical exercises to reinforce their skills, including authenticating and authorising users programmatically, user input validation, developing secure web, mobile/wireless and database applications, encrypting and hashing data programmatically, generating digital signatures programmatically, security testing, designing logging and auditing mechanisms.

Mode of Delivery

Caulfield (Day)

Workload Requirements

Minimum total expected workload equals 12 hours per week comprising:

(a.) Contact hours for on-campus students:

  • Two hours of lectures
  • One 2-hour laboratory

(b.) Additional requirements (all students):

  • A minimum of 2 hours of personal study per one hour of contact time in order to satisfy the reading and assignment expectations.

Unit Relationships

Prerequisites

One of FIT1040 or FIT1002 and one of FIT1019 or FIT2078

Chief Examiner

Campus Lecturer

Caulfield

Mark Creado

Consultation hours: TBA

Tutors

Caulfield

Ping Wu

Consultation hours: TBA

Your feedback to Us

Monash is committed to excellence in education and regularly seeks feedback from students, employers and staff. One of the key formal ways students have to provide feedback is through the Student Evaluation of Teaching and Units (SETU) survey. The University’s student evaluation policy requires that every unit is evaluated each year. Students are strongly encouraged to complete the surveys. The feedback is anonymous and provides the Faculty with evidence of aspects that students are satisfied and areas for improvement.

For more information on Monash’s educational strategy, see:

www.monash.edu.au/about/monash-directions/ and on student evaluations, see: www.policy.monash.edu/policy-bank/academic/education/quality/student-evaluation-policy.html

Previous Student Evaluations of this Unit

Previous feedback from students has shown the importance of this unit as part of the undergraduate degree. Students who did this unit had an advantage in job interviews and when working in software development.

If you wish to view how previous students rated this unit, please go to
https://emuapps.monash.edu.au/unitevaluations/index.jsp

Academic Overview

Learning Outcomes

At the completion of this unit students will have -A knowledge and understanding of:
  • some of the main security concepts and issues involved in the development of software, including: Software security versus other aspects of computer security; goals of secure and trusted software; vulnerabilities versus threats; best software development principles and practices; buffer overflows; security of programming platforms; authentication and authorisation; principle of least privilege; security features are not equal to secure features; secure use of encryption; user input validation; reliable software components; data privacy; auditing and logging; security testing;
  • the importance of developing secure software in today's electronic world.
Developed the skills to:
  • design applications with security in mind;
  • validate user input;
  • implement secure authentication mechanisms;
  • authorise users access to various protected resources;
  • encrypt files and hash passwords;
  • store session data securely in web applications;
  • perform secure database access;
  • set up secure transfer of data;
  • create security logs;
  • test software for security vulnerabilities.

Unit Schedule

Week Activities Assessment
0   No formal assessment or activities are undertaken in week 0
1 Introduction to software design and implementation  
2 Computer software security problems and solutions  
3 Computer software security problems and solutions (continued)  
4 Principles of secure software design and implementation  
5 Concurrent programming and software security  
6 Concurrent programming and software security (continued)  
7 Building secure networked and distributed applications  
8 Building secure networked and distributed applications (continued) Assignment 1 due Week 8, Friday 4pm
9 Building trusted software systems  
10 Secure software testing  
11 Secure software testing (continued)  
12 Revision Assignment 2 due Week 12, Friday 4pm
  SWOT VAC No formal assessment is undertaken in SWOT VAC
  Examination period LINK to Assessment Policy: http://policy.monash.edu.au/policy-bank/
academic/education/assessment/
assessment-in-coursework-policy.html

*Unit Schedule details will be maintained and communicated to you via your learning system.

Teaching Approach

Lecture and tutorials or problem classes
This teaching and learning approach provides facilitated learning, practical exploration and peer learning.

Assessment Summary

Examination (3 hours): 60%; In-semester assessment: 40%

Assessment Task Value Due Date
Assignment 1 - Identify software design and implementation vulnerabilities, and propose solutions 20% Week 8, Friday 4pm (Assignment Box on level 6 H building)
Assignment 2 - Design and implementation of secure and trusted applications using cryptography either in wired or wireless environments 20% Week 12, Friday 4pm
Examination 1 60% To be advised

Assessment Requirements

Assessment Policy

Assessment Tasks

Participation

  • Assessment task 1
    Title:
    Assignment 1 - Identify software design and implementation vulnerabilities, and propose solutions
    Description:
    This assignment does not require you to write your own code. You will research and study other people' programs, identify possible vulnerabilities and propose solutions to secure those programs either in wired or wireless environments. 

    If you analyse the vulnerabilities of the programs correctly in your report and understand the problems well, this will give you 30% of the total marks. Your demonstration will give you another 40% and your proposed security solutions another 30%. 

    More details will be provided on the assignment specification.
    Weighting:
    20%
    Criteria for assessment:

    Assessment will depend mainly on how well you can demonstrate a clear understanding of your work, theoretically and practically.

    Due date:
    Week 8, Friday 4pm (Assignment Box on level 6 H building)
  • Assessment task 2
    Title:
    Assignment 2 - Design and implementation of secure and trusted applications using cryptography either in wired or wireless environments
    Description:
    You will need to complete a programming task with well explained documentation, write a report to explain why your code is secure and meets the requirements of secure and trusted software, demonstrate your program to the tutor, and answer the tutor's questions at an interview. 

    Your report will give you 30% of the total marks. If your code works and meets the assignment requirements of secure and trusted software, this will give another 50% of the total marks. Your demonstration and answers to interview questions will give you another 20%.

    More details will be provided on the assignment specification.
    Weighting:
    20%
    Criteria for assessment:

    Assessment will depend mainly on how well you can demonstrate a clear understanding of your work, theoretically and practically.

    Due date:
    Week 12, Friday 4pm

Examinations

  • Examination 1
    Weighting:
    60%
    Length:
    3 hours
    Type (open/closed book):
    Closed book
    Electronic devices allowed in the exam:
    None

Learning resources

Monash Library Unit Reading List (if applicable to the unit)
http://readinglists.lib.monash.edu/index.html

Faculty of Information Technology Style Guide

Feedback to you

Examination/other end-of-semester assessment feedback may take the form of feedback classes, provision of sample answers or other group feedback after official results have been published. Please check with your lecturer on the feedback provided and take advantage of this prior to requesting individual consultations with staff. If your unit has an examination, you may request to view your examination script booklet, see http://intranet.monash.edu.au/infotech/resources/students/procedures/request-to-view-exam-scripts.html

Types of feedback you can expect to receive in this unit are:

  • Informal feedback on progress in labs/tutes

Extensions and penalties

Returning assignments

Assignment submission

It is a University requirement (http://www.policy.monash.edu/policy-bank/academic/education/conduct/student-academic-integrity-managing-plagiarism-collusion-procedures.html) for students to submit an assignment coversheet for each assessment item. Faculty Assignment coversheets can be found at http://www.infotech.monash.edu.au/resources/student/forms/. Please check with your Lecturer on the submission method for your assignment coversheet (e.g. attach a file to the online assignment submission, hand-in a hard copy, or use an online quiz). Please note that it is your responsibility to retain copies of your assessments.

Online submission

If Electronic Submission has been approved for your unit, please submit your work via the learning system for this unit, which you can access via links in the my.monash portal.

Other Information

Policies

Monash has educational policies, procedures and guidelines, which are designed to ensure that staff and students are aware of the University’s academic standards, and to provide advice on how they might uphold them. You can find Monash’s Education Policies at: www.policy.monash.edu.au/policy-bank/academic/education/index.html

Key educational policies include:

Faculty resources and policies

Important student resources including Faculty policies are located at http://intranet.monash.edu.au/infotech/resources/students/

Graduate Attributes Policy

Student Charter

Student services

Monash University Library

Disability Liaison Unit

Students who have a disability or medical condition are welcome to contact the Disability Liaison Unit to discuss academic support services. Disability Liaison Officers (DLOs) visit all Victorian campuses on a regular basis.

[an error occurred while processing this directive]