Velammal College of Engineering and Technology, Madurai – 625 009

(Autonomous)
Department of Computer Science and Engineering

Course Code-Title 21PIT03 – Engineering Secure Software Systems

Course Component Professional Core
Lecture Tutorial Practical Total Hours Credit
Contact Hours
3 0 0 45 3
Continuous Semester-end
assessment
Course Assessment Tutorials Student Course exit
methods Cycle Tests survey
Model Exam
Assignments
Prerequisite
Knowledge in
Courses:
 Basic Computer skills with security concepts
 To compare various critical and non-critical systems.
 To illustrate software requirements document and formal specification for a
Course Objective
software system.
 To identify the system security failures.
 To build a framework for highly secure software
TOPICS TO BE COVERED

UNIT-I SECURITY A SOFTWARE ISSUE 9

Introduction, the problem, Software Assurance and Software Security, Threats to software security,
Sources of software insecurity, Benefits of Detecting Software Security,What Makes Software Secure:
Properties of Secure Software, Influencing the security properties of software, Asserting and specifying
the desired security properties.
UNIT-II REQUIREMENTS ENGINEERING FOR SECURE SOFTWARE 9
Introduction, Misuse and Abuse Cases, The SQUARE process Model, SQUARE sample outputs,
Requirements elicitation and prioritization..
UNIT-III SECURE SOFTWARE ARCHITECTURE AND DESIGN 9
Introduction, software security practices for architecture and design: architectural risk analysis,
software security knowledge for architecture and design: security principles, security guidelines and attack
patterns Secure coding and Testing: Code analysis, Software Security testing, Security testing
considerations throughput the SDLC.

UNIT-IV SECURITY AND COMPLEXITY 9

System Assembly Challenges: introduction, security failures, functional and attacker perspectives for
security analysis, system complexity drivers and security.

UNIT-V GOVERNANCE AND MANAGING FOR MORE SECURE SOFTWARE 9

Governance and security, Adopting an enterprise software security framework, Risk Management
Framework for software security, Security and project management, Maturity of Practice.

Total
Hours: 45
 At the end of the course, learners will be able to
CO1: Compare and contrast the critical and non-critical systems.
Course CO2: Explain the software requirements document and formal specification for a
Outcomes software system.
CO3: Summarize the distributed system architectures and design.
CO4: Identify the system security failures.
CO5: Build a framework for highly secure software

TEXT BOOK(S):
1. Julia H. Allen, “Software Security Engineering: A Guide for Project Managers”, Addison-Wesley
Professional, Pearson Education, 1st Edition, May 2008.
2. Asoke K. Talukder and Manish Chaitanya, “Architecting Secure Software Systems”, CRC Press, 1st
Edition, Auerbach Publications, 2019.
3. Mark S. Merkow and Lakshmikanth Raghavan, “Secure and Resilient Software”, CRC Press, 1st Edition,
2019
REFERENCES:
1. Gary McGraw, "Software Security Building Security in", 1st Edition, Addison Wesley, 2006.
2. Jason Grembi, "Secure Software Development A Security Programmer's Guide”, 1st Edition, Cengage
Learning, 2009.
3. Nancy R. Mead, Julia H. Allen,et.al., "Software Security Engineering A Guide for Project Managers",1st
Edition, Pearson Education, 2004.
WEB MATERIALS:

Course In-charge Course Coordinator Module Coordinator HoD/CSE