I. Introduction A. Who ------------------------------------------ Instructor: Gary T. Leavens HEC 329 Leavens@ucf.edu 407-823-4758 All the course materials are on Webcourses@UCF Office Hours: also on Zoom and by appointment ------------------------------------------ B. subject matter 1. what is security? Did you lock your apartment when you left this morning? Your car? Do you use the same key for your apartment and your car? Do you use a password manager to track your online passwords? Do you use two-factor authentication? What is some software that you rely on in your daily life? Is there software that UCF relies on? NASA? What does it mean for software to be secure? What is a good everyday analogy for security? 2. security bugs Is there a difference between (normal) bugs and security bugs? What are some false reasons people have for feeling secure? 3. approaches to preventing security bugs Is it possible to completely prevent security bugs? What do analgous situations in everyday life teach us? When is the best, least expensive, time to find and prevent security bugs? What are worse times to prevent bugs and why are they worse? What approaches to preventing security problems are in use? How much do these approaches cost? Which approaches give assurance that no new security problems will happen in the future? Why is that? Which of these approaches prevents bugs at the best time? C. Plan of course (syllabus) Would you make any changes to the plan? D. Objectives 1. summary 2. details a. Objectives ------------------------------------------ OBJECTIVES - [Strategize] plan a strategy to to assure software safety - [Design] Design a set of mitigations to the likely and important threats - [Implement] Implement a tool to support a secure development process - [Evaluate] Evaluate the adequacy of a threat model and mitigations ------------------------------------------ b. Outcomes ------------------------------------------ OUTCOMES - [Plan] plan a strategy for protecting a software system against important threats - [Architect] create a plan for processes and tools that will protect a system - [Judge] Give well-reasoned critical judgment about strategy, architencture, tool implementations ------------------------------------------ E. How I'll run the course 1. Grading ------------------------------------------ GRADING Final Grade based on: Homework: 45% Project: 55% ------------------------------------------ 2. Reduced Seat Time Section ------------------------------------------ COURSE OPERATION Section 0R01, mode RS: 1. Review the material before meetings On webcourses in the Modules Readings Videos Do the: Quizzes Assignments (some are discussions) 2. Come to class with questions 3. Discuss and think ------------------------------------------ 3. Web section ------------------------------------------ COURSE OPERATION Online seciton 0W61, mode W: 1. Follow the Webcourses modules A module every week Readings Videos Do the: Quizzes Assignments (some are discussions) 2. Ask questions: Discussions Office Hours: HEC 329 and Zoom Email or Webcourses messages ------------------------------------------ 4. red tape ------------------------------------------ TEXTBOOKS RECOMMENDED Matt Bishop. Computer Security: Art and Science. Addison-Wesley Professional, 2002. M. Howard, D. LeBlanc, and J. Viega. 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them. McGraw-Hill, 2010. ISBN: 978-0-07-162676-7. ------------------------------------------ F. summary any other questions about the course?