《安全編程》課程介紹
安全編程是計算機科學與技術(網絡與信息安全)專業的專業必修課,本課程的目的是使學生掌握安全程序設計的基本過程,基本的安全編碼技術,針對應用程序攻擊的各種防範技術等。
通過本課程的學習,使學生掌握安全程序設計的基本理論和基本知識,培養學生分析問題和解決問題的能力,并使其具備安全系統的分析能力和初步設計能力。
本課程主要内容包括:編寫安全程序的基本過程和基本法則、威脅建模技術、緩沖區溢出、SOCKET編程、SOCKET安全、程序的可移植性與并發安全、确定适當的訪問控制、以最小特權運行、拒絕服務攻擊的防範、ShellCode開發和Exploit等。
本課程第三學年第2學期開設,計劃學時32,先修課為:彙編語言程序設計,操作系統,計算機安全,網絡安全。。
Introduction to the course "Secure Programming"
"Secure Programming" is one of the Obligatory courses for the major of computer science and technology (network and information security), it brings to students the core concepts, knowledge and theories of secure programming, improve the students’ abilities to analyzing and solving the problems. By this course, the students need to understand the basic process of secure programming, the basic skills of writing secure codes and the technologies of preventing attacks to the applications.
This course contains: the basic process and rules to writing secure programs, the technologies of threat modeling, buffer overflow, socket programming, socket security, concurrence security, how to give the application the appropriate accesses control lists, how to give the application the minimum priorities, how to prevent the DoS attacks, developing the Shellcodes and Exploits.
This course starts at 2nd semester of 3rd academic year, 32 academic hours in all. Its prerequisite courses are: Assembly Language programming, Principles of Computer Organization, Operating System, Computer Security and Network Security.
