Info
Foto sezione
Logo Bocconi

Course 2019-2020 a.y.

20649 - SOFTWARE METHODOLOGIES AND ARCHITECTURES FOR SECURITY - MODULE 2: SOFTWARE ENGINEERING METHODOLOGIES FOR SECURITY

CYBER
Cross-institutional study L. Bocconi - Politecnico Milano

Course taught in English

Go to class group/s: 25

CYBER (6 credits - I sem. - OB  |  ING-INF/05)
Course Director:
MARCELLO MARIA BERSANI

Classes: 25 (I sem.)
Instructors:
Class 25: MARCELLO MARIA BERSANI


Lezioni della classe erogate in presenza

Mission & Content Summary
MISSION

he development of complex software systems requires different many skillscooperating in a coordinated manner, ranging from technical abilities and managerial attitudes. Insuch a complex job, designers must be supported by suitable, and possibly standardized, tools andpractices that can be used throughout the whole life of the software product. In addition to thedesign practices and techniques, including, for instance, the analysis of requirements, the designof the architecture, the verification and validation activities and the process maintenance, theawareness of software vulnerabilities that might expose the user data to potential attack isbecoming nowadays more and more important. Developing secure systems is a hard problemmixing elements of cryptography, software engineering, secure networking, besides political andsocial challenges.The focus of the course is on the development of secure complex softwaresystem and aim to provide a coherent view of the foundation of software design combined andthe main techniques defining the basis of the development of secure software.

CONTENT SUMMARY

The course is about the design, the verification and validation and the maintenance of complexsoftware with a specific focus on the identification of the requirements of the software productand some classes of vulnerabilities that might expose the application to potential dangerousbreach compromising the security.


Intended Learning Outcomes (ILO)
KNOWLEDGE AND UNDERSTANDING
At the end of the course student will be able to...
  • Understand the paradigms and the models for developing a software system and the main tools for estimating the size of a software system and the needed resources.
  • Analyze the goals, assumptions and requirements associated with a software system.
  • Comprehend the architecture of a software system.
  • Understand the verification and validation activities needed for software systems.
  • Analyze the main software vulnerabilities.
  • Work in a distributed development project
APPLYING KNOWLEDGE AND UNDERSTANDING
At the end of the course student will be able to...
  • Determine the paradigm and the model for developing a software and the apply techniques to improve the development process of the software.
  • Apply a methodology to describe the goals, assumptions and requirements of the software through scenarios and use-cases.
  • Describe and comprehend the software system by using UML diagrams.
  • Apply/understand data-flow analysis and symbolic testing in simple scenarios and collaborate to testing activities.
  • Discover software vulnerabilities in some classes of applications.
  • Use fundamental features offered by the main tools for distributed developmen

Teaching methods
  • Face-to-face lectures
  • Exercises (exercises, database, software etc.)
DETAILS

The learning experience of the course is mainly based on face-to-face lectures, exercises and also includes examples taken from realistic scenarios


Assessment methods
  Continuous assessment Partial exams General exam
  • Written individual exam (traditional/online)
  • x    
    ATTENDING STUDENTS

    For attending students:written exam aims to assess the learning level of the theoretical models andtheir application.

    NOT ATTENDING STUDENTS

    For non attending students:written exam aims to assess the learning level of the theoretical modelsand their application.


    Teaching materials
    ATTENDING STUDENTS
    • Hans van Vliet, Software Engineering: Principles and Practice, 3rd Edition, Editore: Wiley,Annoedizione:2008,ISBN:978-0-470-03146-9Note: Available also as e-book with ISBN 978EUDTE00263
    • Carlo Ghezzi, Mehdi Jarayeri, Dino Mandrioli, Fundamentals of Software Engineering, Editore: Prentice-Hall, Anno edizione: 2002, ISBN: 0133056996
    • Ross Anderson, Security Engineering, Editore: Wiley, ISBN: 0-471-38922-6 http://www.cl.cam.ac.uk/~rja14/book.html
    • Dieter Gollmann, Computer Security - 3rd edition, Editore: Wiley, Anno edizione: 2011, ISBN: 978-0-470-74115-3
    NOT ATTENDING STUDENTS
    • Hans van Vliet, Software Engineering: Principles and Practice, 3rd Edition, Editore: Wiley,Annoedizione:2008,ISBN:978-0-470-03146-9Note: Available also as e-book with ISBN 978EUDTE00263
    • Carlo Ghezzi, Mehdi Jarayeri, Dino Mandrioli, Fundamentals of Software Engineering, Editore:Prentice-Hall, Anno edizione: 2002, ISBN: 01330569963•
    • Ross Anderson, Security Engineering, Editore: Wiley, ISBN: 0-471-38922-6 http://www.cl.cam.ac.uk/~rja14/book.html
    • Dieter Gollmann, Computer Security - 3rd edition, Editore: Wiley, Anno edizione: 2011, ISBN:978-0-470-74115-3
    Last change 07/06/2019 11:22