DD2525 Language-Based Security 7.5 credits

• Introduction to language-based security.
• Fundamental principles, models and concepts for computer security.
• Software security by information flow control.
• Web application and database security.
• Security for mobile applications.
• Hot topics in computer security.
• State-of-the-art in programming language for security.

After completing the course with a passing grade the student should be able to:

• explain and apply programming language-based concepts for computer security,
• identify strengths and weaknesses of language-based protection mechanisms in such domains as web applications, mobile applications and database systems,
• apply best practices of secure programming to design and implement more secure software,
• explain and apply principles of such language-based protection mechanisms as access control, capabilities, static analysis and runtime monitoring,
• explain differences between security policy specifications and security enforcement mechanisms,
• reflect upon security, functionality, usability and efficiency trade offs in the design of formal security requirements,
• use methods from state-of-the-art research in the area of programming languages and security

in order to:

• as security expert be able to identify security threats and propose countermeasures,
• independently design and implement software systems that embrace security from day one,
• contribute to the society by increasing the consumers' trust in software technologies.

Completed course DD2395 Computer Security 6 credits, or equivalent course.

Course from Upper Secondary School equivalent to the Swedish upper secondary course English B/6.

If the course is discontinued, students may request to be examined during the following two academic years.

• LAB1 - Laboratory work, 4.5 credits, grading scale: A, B, C, D, E, FX, F
• PRO1 - Project, 3.0 credits, grading scale: A, B, C, D, E, FX, F

Based on recommendation from KTH’s coordinator for disabilities, the examiner will decide how to adapt an examination for students with documented disability.

The examiner may apply another examination format when re-examining individual students.

Musard Balliu

• All members of a group are responsible for the group's work.
• In any assessment, every student shall honestly disclose any help received and sources used.
• In an oral assessment, every student shall be able to present and answer questions about the entire assignment and solution.

In this course, the EECS code of honor applies, see:
http://www.kth.se/en/eecs/utbildning/hederskodex