Software Security

Course description

Nowadays, software security concerns all areas of our life. Indeed, we interact with complex inter-connected software systems on a regular basis. Bugs or defects in these systems might have severe consequences. In this course, students get familiar with the complexity of making secure software. The lecture covers various undefined and buggy behaviors in several languages, especially in C. In addition, it presents the danger of a hazardous manipulation of the memory. It also sheds some light on the intricate relationship between the optimizer and some security-related code. Students will learn how to manage a security project, and deal with its complexity.

Keywords

MISRA-C, ELF, Undefined Behaviors, Stacks, Dead Store Elimination, ASLR.

Prerequisite

Low-Level Programming.

Bibliography

  • Software Security: Principles, Policies and Protection, by Mathias Payer, 2018
  • The Cert C Secure Coding Standard: 98 Rules for Developing Safe, Reliable, and Secure Systems (2nd edition), by Robert C. Seacord, 2014
  • Règles de programmation pour le développement sécurisé de logiciels en langage C, by Agence nationale de la sécurité des systèmes d’information (ANSSI), 2020
  • Using the GNU Compiler Collection, by Richard M. Stallman and the GCC Developer Community, 2003

Biography

Mohamed Sabt is an Associate Professor (Maître de conférences) at the University of Rennes 1. Mohamed Sabt’s research focuses on:

  •       Identification of flaws inside the design of security protocols as well as their implementations,
  •       Smartphones security, Secure Elements (SE), and Trusted Execution Environment (TEE),
  •       Digital Rights Management (DRM).

Mohamed Sabt carries out his research within the SPICY Team at IRISA.