University of Oxford Logo University of OxfordSoftware Engineering - Home
On Facebook
Facebook
Follow us on twitter
Twitter
Linked in
Linked in
Google plus
Google plus
Digg
Digg
Pinterest
Pinterest
Stumble Upon
Stumble Upon

Secure and Robust Programming

Many system failures and security vulnerabilities arise at the programming level. These can often be attributed to inadequate handling of exceptional situations, poor understanding of the details of the programming language in use, incomplete descriptions of the interfaces between components, and insufficient care in the treatment of concurrency and threading issues.

This course addresses those problems from a programming perspective, with the aim of improving the practitioner's capability in writing and reviewing code.

Course dates

Future courses yet to be planned.

Objectives

The successful participant will be able to explain the sources of failures in software written using modern high-level languages; have an understanding of the conceptual tools needed to mitigate and eliminate those failures; have gained practical experience in using tool-sets which permit the development of robust and correct software; be able to place such practices appropriately within a systems development methodology.

Contents

Motivation
Explore the causes behind some well known software errors and provide some motivating examples. Define terms used throughout the course (e.g. robustness, correctness, defensive programming)
Static Semantics
Introduce types; type checking for core programming languages, modules and objects; ownership issues and generics. Also include a discussion on units checking. Standard type checkers will be used to demonstrate a wide variety of robustness concerns.
Dynamic Semantics
Introduce main concepts in modelling run-time behaviour; provide fragments of semantic definitions, including objects. Describe "managed code" and use relevant software to analyse source programmes. Discuss thread safety.
Design by Contract
Introduce notions of programme correctness and refinement. Use JML or equivalent to demonstrate model checking of example programmes.
Robustness in Context
Summarise the techniques and tools used during the course. Justify coding standards and security metrics in terms of was has been learnt.

Requirements

Because of the discrete mathematics needed to understand and apply these ideas, prior attendance at the Software Engineering Mathematics module is recommended. Participants should also have a good, detailed understanding of programming, to the level offered by the Object-Oriented Programming module.