Return to CASPIA Home
COEN 225
Back to Courses Syllabus
More ...
(instructor discretionary)

Secure Coding in C and C++

Course Length:

20 hours over 10 weeks (1 two-hour meeting per week)

Course Description:

Writing secure code in C, C++. Vulnerabilities based on strings, pointers dynamic memory management, integer arithmetic, formatted output, file I/O. Attack modes such as (stack and heap based) buffer overflow and format string exploits. Recommended practices.

Course Learning Objective:

Get student to avoid security pitfalls when writing C and C++ code.

Major Topics:

Introduction:   1. Risk Analysis,  2. Security Concepts,  3. C and C++,  4. Platforms; Strings: 1. Common String Manipulation Errors,  2. String Vulnerabilities, 3. Process Memory Organization, 4. Stack Smashing, Code Injection, Arc Injection, 5. Mitigation Strategies; Pointer Subterfuge: 1. Data Locations, 2. Function Pointers, 3. Data Pointers, 4. Modifying the Instruction Pointer, 5. Global Offset Table, 6. The .dtors Section, 7. Virtual Pointers, 8. atexit(), on-exit(), longjmp(), 9. Exception Handling, 10. Mitigation Strategies; Dynamic Memory Management; Integer Security; Formatted Output; File I/O; Recommended Practices

Method of Instruction:

Lecture

Evaluation Methods:

Homework: Detecting and repairing flawed open source code.  Mutual self-evaluation of code, followed by instructor evaluation of code.  Final Exam.


© 2006 Center for Advanced Study and Practice of
Information Assurance (CASPIA), Santa Clara University
                  SCU        COEN        CASPIA Home        Courses        More...