IFN657 Software Security


To view more information for this unit, select Unit Outline from the list below. Please note the teaching period for which the Unit Outline is relevant.


Unit Outline: Semester 2 2025, Gardens Point, Internal

Unit code:IFN657
Credit points:12
Pre-requisite:IFN635 or IFN581 or ((IFN555 or IFQ555) and (IFN556 or IFQ556))
Equivalent:IFQ657
Assumed Knowledge:

Familiarity with principles of information security. General knowledge in software engineering and testing. Sound skills in solving computational problems and implementing these solutions in a programming language.

Coordinator:Yi Lu | yt.lu@qut.edu.au
Disclaimer - Offer of some units is subject to viability, and information in these Unit Outlines is subject to change prior to commencement of the teaching period.

Overview

A software system is secure if it satisfi­es a speci­fied or implied security objective related to the con­fidentiality, integrity and availability requirements for the system’s data and functionality. A security failure is a scenario where the software system does not achieve its security objective. They can often be attributed to poor software design and implementation, including poor understanding of code-level security requirements, inadequate handling of exceptional cases, incomplete descriptions of the interface between components for secure interactions, and insufficient care in the use of programming languages.

This Software Security unit provides a structured overview of known categories of software vulnerabilities, and of techniques that can be used to prevent or detect such vulnerabilities, or to mitigate their exploitation.

Learning Outcomes

On successful completion of this unit you will be able to:

  1. Explain the fundamental principles of software security, including the role of security requirements in software development.
  2. Identify common security vulnerabilities in software systems.
  3. Apply appropriate security testing and analysis techniques to detect security vulnerabilities in a variety of contexts (systems applications, web-based and database software).
  4. Evaluate the security of real-world software using secure programming techniques and tools.
  5. Recommend and justify methods to prevent software vulnerabilities or mitigate the exploitation of vulnerabilities.

Content

In this unit, you will learn about:

  • Fundamental principles of software security
  • Security requirements and their role in software development
  • Security issues in software implementation in different programming languages
  • Categories of software vulnerabilities
  • Prevention of software vulnerabilities
  • Detection of software vulnerabilities
  • Mitigating Exploitation of software vulnerabilities

Learning Approaches

You are responsible for your academic progression through this unit. Unit staff will provide a learning environment designed to maximise your learning experience. In order to realise your full potential, it is strongly recommended that you actively participate in all of the learning activities offered in this unit.

This unit engages you in your learning through a problem-based learning approach with the objective of preparing you to solve problems that you will meet during your professional or academic career:

  • Weekly lectures introduce theoretical aspects of software security and technology relevant to each week’s topic.
  • Tutorials reinforce lecture materials through real-world applications centred on practical aspects relevant to each lecture.
  • Online resources (such as reading materials) will help you enhance your understanding of the technical concepts introduced in this unit.

You should expect to spend, on average, 10 - 15 hours per week involved in preparing for and attending scheduled classes, preparing and completing assessment tasks as well as in independent study to consolidate your learning. You must be able to manage your time and prioritise activities to complete the required unit activities.

The unit coordinator will use email and the unit's QUT Learning Management System to make announcements and post various types of information throughout the semester. It is your responsibility to access your email account and the unit's QUT Learning Management System regularly. 

Feedback on Learning and Assessment

You will have a range of opportunities to receive feedback on your learning and progress in this unit, including:

  • formative in-class individual and whole-of-class feedback provided by unit staff during tutorial classes
  • responses to questions posed through the unit communication channel from your peers and teaching staff
  • feedback given on your assessment items via the rubric and written feedback, individually and during scheduled review sessions
  • have a private consultation with teaching staff

Assessment

Overview

This unit introduces foundational concepts and principles, so the assessment is based on the knowledge acquired throughout the semester. The programming projects will be multifaceted, combining elements of analysis, design, development and evaluation.

Unit Grading Scheme

7- point scale

Assessment Tasks

Assessment: Assignment 1

The objective of this assessment is to gain practical experience with memory corruption security vulnerabilities, specifically buffer overflow and format string attacks. This understanding will be demonstrated by crafting simple exploits and describing the principles underpinning the exploitation.

This assignment is eligible for the 48-hour late submission period and assignment extensions. 

Weight: 20
Individual/Group: Individual
Due (indicative): Week 8
Related Unit learning outcomes: 1, 2, 5

Assessment: Assignment 2

The objective of this assignment is to analyse vulnerabilities present in real-world software using AFL (American Fuzzy Lop). This exercise aims to provide practical experience in investigating and documenting vulnerabilities, with the option to exploit them if desired. By engaging in this assignment, you will also gain an understanding of the advantages and drawbacks of fuzz testing.

This assignment is eligible for the 48-hour late submission period and assignment extensions. 

Weight: 30
Individual/Group: Group
Due (indicative): Week 12
Related Unit learning outcomes: 1, 2, 3, 4, 5

Assessment: Examination (written)

The final exam assesses the understanding and application of both theoretical concepts and practical skills covered in the unit.

Weight: 50
Individual/Group: Individual
Due (indicative): During central examination period
Central exam duration: 2:40 - Including 10 minute perusal
Related Unit learning outcomes: 1, 2, 3, 4, 5

Academic Integrity

Academic integrity is a commitment to undertaking academic work and assessment in a manner that is ethical, fair, honest, respectful and accountable.

The Academic Integrity Policy sets out the range of conduct that can be a failure to maintain the standards of academic integrity. This includes, cheating in exams, plagiarism, self-plagiarism, collusion and contract cheating. It also includes providing fraudulent or altered documentation in support of an academic concession application, for example an assignment extension or a deferred exam.

You are encouraged to make use of QUT’s learning support services, resources and tools to assure the academic integrity of your assessment. This includes the use of text matching software that may be available to assist with self-assessing your academic integrity as part of the assessment submission process.

Breaching QUT’s Academic Integrity Policy or engaging in conduct that may defeat or compromise the purpose of assessment can lead to a finding of student misconduct (Code of Conduct – Student) and result in the imposition of penalties under the Management of Student Misconduct Policy, ranging from a grade reduction to exclusion from QUT.

Requirements to Study

Costs

There are no out of the ordinary costs associated with the study of this unit.

Resources

This advanced unit covers state-of-the-art software development and related security technology. Hence, there is no prescribed textbook for this unit. No extraordinary charges and costs are associated with the requirements of this unit.

The IFN657 Canvas site will provide all reading materials, library resources and links to online resources as well as sample tools. Students are encouraged to read tutorials, standards specifications, technical papers, and scientific papers available on the Internet.

Resource Materials

Other

Canvas site

Risk Assessment Statement

There are no extraordinary risks associated with the classroom/ lecture activities in this unit.