Clark Atlanta University

Information Assurance Design

CIS 105: Structured Programming

Overview:

Description

Objective

Goals/Outcome

Outline

Suggested Assignments

References

Suggested Time: 3 class periods

Course Length: 3 Hours

Pre-Requisite : None

Target Audience

Levels	Disciplines
Levels	CS	CIS
Undergraduate	x	x
Graduate

Description:

This course introduces students to the concepts of Information Assurance as it relates to Structured Programming. It includes a very brief overview of the topic of secure programming methods, ethical issues in programming security, and the use of class loaders and security managers.

Objective(s):

The primary purpose of this course is to:

Introduce students to the importance of program security.

Introduce ethical issues dealing with program security.

Goals/Outcome:

The students will be able to:

·        Understand the importance of program security and how to implement secure control structures such as modularity and data hiding.

·        Identify class loaders and their responsibility for determining when and how classes can be added to a running Java environment, as well as making sure that important parts of the Java runtime environment are not replaced by impostor code.

·        Identify security managers and the methods that could be used with it.

Outline:

·        Secure programs

Ø      What is a secure program?

Ø      Unexpected program behavior

Ø      Types of flaws

o       validation error (incomplete or inconsistent)

o       domain error

o       serialization and aliasing

o       inadequate identification and authentication

o       boundary condition violation

o       other exploitable logic errors

·        Class Loaders

Ø      What is a class loader?

o       enable the JVM to load classes without knowing anything about the underlying file system semantics

o       allow applications to dynamically load Java classes as extension modules

Ø      How are they used?

·        Security Managers

Ø      What are security managers?

o       Establishes a custom security policy for Java applications

Ø      What are the different security manager methods and how are they implemented?

o       checkRead

o       checkWrite

o       checkConnect

Suggested Assignments:

Write a paper to discuss the security issues surrounding network class loaders.

Install a security manager and write a program that uses one of the “check” methods of the security manager.

References:

·        Hoffman, Lance J. Modern Methods for Computer Security and Privacy. Englewood Cliffs, N.J.: Prentice-Hall, 1977.

·        Mahmoud, Qusay H. “Understanding Network Class Loaders.” Sun Microsystems. October 2004. April 11, 2005.< http://java.sun.com>

·        Oaks, Scott. Java Security. Sebastopol, CA : O'Reilly, 1999, 1998.

·        Pfleeger, Charles P. and Shari Lawrence. Security in Computing. Upper Saddle River, NJ: Prentice-Hall, 2003.

·        Venners, Bill. “Java security: How to install the security manager and customize your security policy.” Java World. November 1997. April 11, 2005.< http://www.javaworld.com>