Course syllabus adopted 2019-02-08 by Head of Programme (or corresponding).
Overview
- Swedish nameSpråkbaserad datasäkerhet
- CodeTDA602
- Credits7.5 Credits
- OwnerMPALG
- Education cycleSecond-cycle
- Main field of studyComputer Science and Engineering, Software Engineering
- DepartmentCOMPUTER SCIENCE AND ENGINEERING
- GradingTH - Pass with distinction (5), Pass with credit (4), Pass (3), Fail
Course round 1
- Teaching language English
- Application code 02127
- Block schedule
- Open for exchange studentsYes
Credit distribution
Module | Sp1 | Sp2 | Sp3 | Sp4 | Summer | Not Sp | Examination dates |
---|---|---|---|---|---|---|---|
0112 Project 4.5 c Grading: TH | 4.5 c | ||||||
0212 Laboratory 3 c Grading: UG | 3 c |
In programmes
- MPALG - COMPUTER SCIENCE - ALGORITHMS, LANGUAGES AND LOGIC, MSC PROGR, Year 1 (compulsory elective)
- MPCSN - COMPUTER SYSTEMS AND NETWORKS, MSC PROGR, Year 1 (elective)
- MPSOF - SOFTWARE ENGINEERING AND TECHNOLOGY, MSC PROGR, Year 2 (elective)
Examiner
- Andrei Sabelfeld
- Full Professor, Computing Science, Computer Science and Engineering
Eligibility
General entry requirements for Master's level (second cycle)Applicants enrolled in a programme at Chalmers where the course is included in the study programme are exempted from fulfilling the requirements above.
Specific entry requirements
English 6 (or by other approved means with the equivalent proficiency level)Applicants enrolled in a programme at Chalmers where the course is included in the study programme are exempted from fulfilling the requirements above.
Course specific prerequisites
The entry requirement for the course is to have successfully completed two year studies within the subject Computer Science or equivalent.The knowledge of the material covered in the courses DAT151 Programming language technology and EDA263 Computer security is recommended but not required as a prerequisite.
Aim
Modern attacks often succeed at circumventing standard security mechanisms. While operating-system security policies are low-level (such as access control policies, protecting particular files), many attacks are high-level, or application-level (such as email worms that pass by access controls pretending to be executed on behalf of a mailer application). Because applications are typically specified and implemented in programming languages, application-level security is a part of the more general area of language-based security. A direct benefit of language-based security is the ability to naturally express security policies and enforcement mechanisms using the techniques of the well-developed area of programming languages.
Learning outcomes (after completion of the course the student should be able to)
After the course, you should be able to apply practical knowledge of security for modern programming languages. This includes the ability to identify application- and language-level security threats, design and argue for application- and language-level security policies, and design and argue for the security, clarity, usability, and efficiency of solutions, as well as implement such solutions in expressive programming languages.You should be able to demonstrate the critical knowledge of:
principles behind application-level attacks (such as Trojan horses,worms, buffer overrun attacks, web application attacks, covert channels, and malicious code)
and
language-based protection mechanisms (such as static security analysis, reference monitoring, program transformation, and stack inspection).
You should gain experience in technical writing.
Content
This course combines practical and cutting-edge research material. For the latter part, the courses particular emphasis is on the use of formal, or semantic, models of program behavior for specifying and enforcing security properties.The dual perspective of attack vs. protection is threaded through the lectures, laboratory assignments, and projects.