IBM®
Skip to main content
    Country/region change    Terms of use
  
 
 
    Home    Products    Services & solutions    Support & downloads    My account    
IBM Research

Security Courses


 

Security Courses

These are security courses that have been offered within IBM. These course materials are only available from within IBM. Please contact Larry Koved if you would like to use them outside IBM. Thanks!
A course on Java 2 security (IBM internal web site)
A course on "Secure Coding Practices and Concepts" is now available on-line. This course is brought to by the leading IBM Researchers working in the Secure Software Engineering area. The course, consists of a number of general section on security followed by more domain specific security topics (Unix/Linux, Windows, Java, Privacy) . We are making the course available in two formats:
  • Presentation materials (IBM internal web site)
  • On-line video recordings (IBM internal web site)
    Note: On the bottom left side of the page, select the link for "Security Engineering" to navigate to the recorded course presentations.

Secure Coding Practices and Concepts

Day 1:
  • Introduction, Common Attacks, Case Studies (Part 1) - David Safford
  • Introduction, Common Attacks, Case Studies - (Part 2) - David Safford
  • Environment Specific Issues: C/Unix (Part 1) - Wietse Venema
Day 2:
  • Environment Specific Issues: C/Unix (Part 2) - Wietse Venema
  • Environment Specific Issues: Java (Part 1) - Marco Pistoia
  • Environment Specific Issues: Java (Part 2) - Marco Pistoia
Day 3:
  • Environment Specific Issues: Outline of Windows Issues - Ken Goldman
  • From Requirements to Design: Understanding Privacy and Security Needs - John Karat
Mental models, Common Attacks, Case Studies - David Safford
  • Introduction - Overview of full course. What is security engineering? Threat taxonomies.
  • What can go wrong? - security issues across the software development life cycle. Lessons Learned. Special issues related to crypto.
  • Ethical Hacking - Detailed examples of software errors, how the hacker exploits them, and how to spot them in design/code reviews.
  • Secure Development - processes for developing secure software, including Common Criteria, development and testing tools.

Environment Specific Issues: C/Unix - Wietse Venema
  • The broken file shredder. A very small and obviously correct program does not work at all, and for more reasons than most people can think of.
  • Traps and pitfalls in the UNIX file system. Common and not so common mistakes in real-life software, and how to avoid them.
  • Traps and pitfalls of set-uid software. Examples of why set-uid is such a dangerous feature, real-life examples of mistakes, and possible alternatives.
  • The Postfix MTA as an example of secure programming. Postfix started as an alternative to the widely used Sendmail mail transport agent, with the express purpose of being faster, easier to use and more secure. All three goals were easily met.

Environment Specific Issues: Java - Marco Pistoia
  • The Foundations of Java Security
  • The so called "three legs" of Java security: the class loading system, class file verifier, and security manager
  • The Java 2 Stack-Based Access Control Model
  • JAAS and J2EE
  • Authentication and Authorization with JAAS - support for user authentication and authorization
  • The J2EE Role-Based Access Control Model - how to protect resources in J2EE and make a J2EE application secure
  • Java cryptography and general secure coding guidelines
  • Java and Cryptography - how to use the Java Cryptography Architecture (JCA), Java Cryptography Extension (JCE), and Java
  • Secure Socket Extension (JSSE)
  • Secure Coding Guidelines - a set of guidelines to write secure code and minimize a program's vulnerability to attacks.

Environment Specific Issues: Outline of Windows Issues - Ken Goldman
  • Windows legacy problems - Why programs assume and require administrator privileges
  • ACL's
  • Privileges
  • Restricting the administrator rights
  • (Very brief) Overview of MS crypto API's
  • Misc Windows gotchas
  • Install scripts

From Requirements to Design: Understanding Privacy and Security Needs - John Karat
  • Introduction - Focus on methods for requirements gathering in Software Engineering.
  • What challenges do Security and Privacy issues raise?
  • A case study of developing a Privacy Policy workbench -
  • Illustration of issues drawn from our experience in understanding organizational needs for privacy management technology.
  • What are the organizational and end user requirements for secure systems?



    About IBM    Privacy    Contact