Clark Atlanta University

 

Information Assurance Design

CIS 476: Programming Languages and Compilers

Overview:

  • Description
  • Objective
  • Goals/Outcome
  • Outline
  • Suggested Assignments
  • References

     

Suggested Time: 2 class periods
 
 

 

 

 

 

 

 

 

 

 

 

Course Length: 3 Hours

Pre-Requisite  : CIS 221, CIS 123

 

                                                                                                                                                                                                                                                                                                                                                                                                                                   

 

 

 

 

 

 

 

 
 
 


                 

 

 

 

     Target Audience

                                                   Levels

Disciplines

CS

 

CIS

Undergraduate

x

 

x

Graduate

 

 

 

 

Description:

This course introduces students to the concepts of Information Assurance as it relates to various programming languages and compilers. It includes a very brief overview of the topic of secure             programming methods, ethical issues in programming security, and the security issues related to encapsulation and data abstraction.

 
 

Objective(s):

The primary purpose of this course is to:

  • Make students understand the importance of program security and how to implement secure control structures such as modularity and data hiding.
  • Discuss ethical issues dealing with program security.
  • Discuss the use of encapsulation and data abstraction as it relates to program security.

 

 

 

 

 

 

 

 

 
 

Goals/Outcome:

The students will be able to understand the following concepts:

·        The importance of program security and how to implement secure control structures such as modularity and data hiding.

·        Encapsulation using classes and securing code against corruption.  Hiding a component’s implementation details.

·        Data abstraction as a design criterion (because most data and procedure are hidden from other parts of the software, inadvertent errors introduced during modification are less likely to propagate to other locations within a software).

 

 

 

 
 

Outline:

·        Secure programs

Ø      What is a secure program?

Ø      Unexpected program behavior

Ø      Types of flaws

o       validation error (incomplete or inconsistent)

o       domain error

o       serialization and aliasing

o       inadequate identification and authentication

o       boundary condition violation

o       other exploitable logic errors

·        Ethical Issues in Computer Security

Ø      Understanding law and ethics

Ø      Protection of programs and data

·        Encapsulation

Ø      What is encapsulation?

o       The wrapping of data and functions into a single unit (called class)

·        Data Abstraction

Ø      What is data abstraction?

Ø      How is it used?

o       ensures security of data from unexpected viewing, changing, or manipulating. (incomplete or inconsistent)

 

 

 

 
 

Suggested Assignments:

  • Students will write a paper discussing a programming language and some of the specific vulnerabilities for that language.
  • Students will chose a programming language and write a program to implement encapsulation and/or data abstraction.

 
 

References:

·        Cannady, James. “Security Models for Object-Oriented Databases”. April 18, 2005. www.cccure.org

·        Hoffman, Lance J. Modern Methods for Computer Security and Privacy. Englewood Cliffs, N.J.: Prentice-Hall, 1977.

·        Pfleeger, Charles P. and Shari Lawrence. Security in Computing. Upper Saddle River, NJ: Prentice-Hall, 2003.