Secure Programming: Guide to Background Needed
Here is a rough guide to the background needed for the Secure Programming course. The course is aimed at an advanced undergraduate or masters level, and assumes a good background in computer science and computer security. Please do not take the course if you are not confident you have the appropriate background.
- Security Concepts: basic security notions including CIA (confidentiality, integrity and availability), and other security properties such as non-repudiation and privacy. What these mean and how they can be provided. Basic concepts of access control including authentication and authorization, ACLs and capabilities.
- Practical abilities: for lab exercises and the coursework, you will need to be comfortable using the command line in Linux, and have an understanding of the basic Unix security model and how to use it (access control with permissions, users, and groups).
- Attacks and Defences: Background knowledge in computer security is desirable, especially of types of attacks and their defences. Knowledge of network security (transport/applications layer) techniques will be helpful.
- Cryptography: principles of public-key (asymmetric) and shared-key (symmetric) cryptography; other cryptographic operations including secure hash functions (keyed and unkeyed), digital signatures and their verification. Knowledge of some common cryptographic mechanisms (RSA, El Gamal) and their implementations in real-world protocols (SSL/TLS) will be useful.
- Programming: an understanding of assembly language and programming in high-level languages such as C, Python, Java. Experience of web programming languages (e.g., JavaScript, PHP) may also help. Strong background will be an advantage for lab exercises but you may get by if you are confident about programming in general and believe that you can pick up essentials of languages quickly.
- Programming theory and technology: not essential but you will benefit from a background knowledge of how compilers work and some programming language theory, e.g., lexical analysis, parsing, type-checking, semantic analysis.
In general, our Computer Security or an equivalent course is strongly recommended as a pre-requisite.
Disclaimer: this list is not guaranteed to be complete. Please tell me during the course if you think something important else should be mentioned.