>
<HEAD><TITLE>
Initial course handout for CS 4330-01  Building Secure Software
for Winter 2008.
</TITLE></HEAD><BODY BGCOLOR="#ffffff">
<CENTER><P><BR>
<BR>
<B> CS 4330-01 Building Secure Software<BR>
 Winter 2008 <BR>
 MWF 9:20--10:30 a.m.<BR>
 Sc S 125</B></P></CENTER>


<P>
<B> Instructor</B>: William R. Nico<BR>
<B> Office</B>: Robinson 239<BR>
<B> Phone</B>: (510)885-3386 <BR>
<B> E-mail</B>: <A HREF="mailto:nico@csueastbay.edu"> <TT>nico@csueastbay.edu</TT></A>  (On the mcs system just ``<TT>nico</TT>'' 
will work.)<BR>
<B> Web</B>: <A HREF="http:www.mcs.csueastbay.edu/~nico"> 
 <TT>www.mcs.csueastbay.edu/~nico</TT></A> <BR>
<B> Office hours</B>: MW 1:00--2:30 p.m. or by appointment. 
<BR>
<B> Text 1</B>: G. McGraw and J. Viega, <I> Building Secure Software</I>,
Addison-Wesley, 2002.<BR>
<B> Text 2</B>: G. McGraw, <I> Software Security: Building Security In</I>,
Addison-Wesley, 2006.<BR>
<B> Recommended</B>:  G. Hoglund and G. McGraw, <I> Exploiting Software: 
How to Break Code</I>, Addison-Wesley, 2004.<BR>
<B> Note</B>: These three volumes are available as a boxed set at a
discounted price.
</P>

<P>
Software flaws---either design flaws or implementation flaws---are
the root cause of the security problems so widely observed in recent
years. One reason is that most development---design, implementation,
and testing---has been concerned primarily with <I>features</I> and
has not directly addressed <I>security</I> issues.

<P>
The purpose of this course is to investigate security issues in
software design and implementation. It will explore both high-level
and low-level issues that need to be addressed.  This means that it
will range over a large area of computer science.  The more knowledge
one brings to such a course, the more valuable it can be. However, 
a good understanding of software, say, at the <I>Data Structures (CS 3240)</I>
level, should be adequate preparation for this course.

<P>
Activities in the course will include readings in the two texts and
perhaps other sources and will involve programs experimenting with
the concepts encountered in the course.

<P>
<B> Grading</B>: The course grade will be computed roughly as follows. 
(The date of the midterm is subject to change. Any change will be announced
in class.)
</P>

<CENTER>
<TABLE BORDER>
<TR> <TD>Written homework and programs<TD>As assigned <TD> 15%</TR>
<TR> <TD>Midterm <TD>Friday, February 8 <TD> 35%</TR>
<TR> <TD>Final exam <TD>Monday, March 17, 9:00--11:50 a.m. <TD> 50%</TR>
</TABLE></CENTER>
  
       <P><B>Late homework and programs</B> will <I> not</I> be accepted. 
Homework  is
to be turned in at the <I>beginning</I> of class on the due date unless
the assignment states otherwise.

<P>
<B> Written work</B>: Any handwritten work submitted for the course,
<I> including in-class tests</I>, must be done in  <I> ink</I>!

<P><B> Advice and Consultation</B>: The programming projects are to be 
<I> individual</I> efforts, not 
group efforts.   This means that there should be no sharing  of 
code; such sharing constitutes <I> academic dishonesty</I>, as
described in the <I> CSUEB Catalog</I>. ``High level'' discussion of 
algorithms (such as takes place 
in class) is acceptable, but detailed discussion is not.
Any essential code included from sample programs must be properly 
acknowledged in comments. Any work not your own, e.g.,
results obtained from reference sources or other individuals,
should receive appropriate
bibliographic <I>citations</I>. <I>Plagiarism</I> will but subject to
appropriate penalties, up to and including failure for the course.


<P>
<B> Test policy</B>: Students should be prepared to display a current 
photo id at test times, if asked.


<P>
<B> Make-up policy</B>:  Make-up tests will be considered only in <I> unusual</I> 
circumstances,  and  then only if arrangements have been made in 
<I>advance</I>.
 </P> 

</BODY></HTML>