Schedule

The table below shows the topics intended to be covered in each week of semester. The order or delivery date of lectures on this page may change during the semester.

For lecture slides and lab worksheets see the Resources page.
For recordings of the lectures, visit UWA’s LMS (Learning Management System).

Recommended readings

In most cases, a good C textbook and a good operating systems textbook will cover all the background you need to know for a topic on the schedule.

However, if something in the lectures or labs is unclear, you may find it useful to refer to a textbook on security or secure coding. Unfortunately there is no one textbook that covers all the topics we look at in CITS3007, but the schedule below gives recommended readings for each topic. Online copies of most readings are available via the LMS (look under “Unit Readings”). The readings may be added to or modified as the semester progresses.

References in the reading list are to the sources listed here (click here to expand):

Good11

Goodrich, M, and R Tamassia, Introduction to Computer Security (Pearson, 2011)

Koh21

Kohnfelder, L, Designing Secure Software (No Starch Press, 2021)

Sea13

Seacord, R, Secure Coding in C and C++ (2nd ed; Addison-Wesley, 2013)

Sea20

Seacord, R, Effective C: An Introduction to Professional C Programming (No Starch Press, 2020)

Smi08

Smith, S and J Marchesini, The Craft of System Security (Addison-Wesley, 2008)

Vie03

Viega, J and M Messier, Secure Programming Cookbook for C and C++ (O’Reilly Media, 2003)

Week	Lecture	Lab	Reading	Assessment
1 26 Feb	Unit info Security & OS concepts C language	No labs this week	Good11 chaps 1 (Introduction) & 3 (Operating systems security) Your C textbook (or Sea20) Sea13 chap 5 (Integer security) Further reading: Koh21 chaps 1–3 (Foundations, threats and mitigations)
2 4 Mar	Memory and arithmetic errors	Linux C development environment Mon university holiday (Labour day): Monday lab students attend another session	Good11 chap 3 (Operating systems security) Sea13 chap 5 (Integer security) Further reading: Koh21 chap 9 (Low-level coding flaws)
3 11 Mar	Access control	Static and dynamic analysis tools	Good11 chap 3 (Operating systems security) Sea13 chap 8 (File IO) Further reading: Koh21 chap 9 (Low-level coding flaws), Chen et al “Setuid demystified” (11th USENIX Security Symposium, 2002).
4 18 Mar	Input validation and sanitization	String-handling and `setuid`	Koh21 chap 10 (Untrusted input) Further reading: Sea13 chap 9 (Recommended practices); Erik Poll, “Secure Input Handling”; Vie03 chap 3 (Input validation)	Week 4 online quiz: Available 5:00 pm Wed 20 Mar Week 4 online quiz: Closes 5:00 pm Thu 21 Mar
5 25 Mar	Program analysis and testing	Memory and arithmetic errors	Sea20 chap 11 (Debugging, testing and analysis) Sea13 chap 9 (Recommended practices) Further reading: Koh21 chap 12 (Security testing)
1 Apr	no class – non-teaching week
6 8 Apr	Concurrency bugs	Input validation and IPC	Good11 chap 3 (Operating systems security) Sea13 chap 7 (Concurrency)
7 15 Apr	Inter-process communication	Multi-language analysis tools	Smi08 chap 5 (Network security) Further reading: Koh21 chap 11 (Web security); Vie03 chap 9 (Networking)	Week 7 mid-semester test: Available 5:00 pm Wed 17 Apr Week 7 mid-semester test: Due 5:00 pm Thu 18 Apr
8 22 Apr	Secure software development	Fuzzing Thurs university holiday (ANZAC day): Thursday lab students attend another session	Koh21 chaps 6-7 (Secure design), 12 (Security testing) & 13 (Secure development best practices) Sea13 chap 9 (Recommended practices) Saltzer & Schroeder, “The protection of information in computer systems” (Proceedings of the IEEE, 1975) (PDF; HTML version available) Further reading: Sea20 chap 11 (Debugging, testing and analysis)
9 29 Apr	Secure software development	TBA	Refer to previous week
10 6 May	Cryptography introduction	Race conditions and secure file operations	Koh21 chap 5 (Cryptography) Good11 chap 8 (Cryptography) Good11 chap 3 (Operating systems security) sec 3.2 (Password-based authentication) OWASP “Password storage cheat sheet”
11 13 May	Cryptography	Cryptography	Refer to previous week
12 20 May	revision	no labs		Project: Due 5:00 pm Thu 23 May