Master Theme Quality Of Software

Coordinator: Dr. M.C.J.D. van Eekelen.

Quality of Software is an important aspect of Software Security. Since many security exploits are based on software faults, software quality is one of the main issues addressed in the research of the Nijmegen Security of Systems Department which is led by Prof. dr. B. Jacobs.

Quality of Software is also the main subject of the Laboratory for Quality Software (LaQuSo). LaQuSo is a joint activity of the Radboud University Nijmegen and the Technical University Eindhoven. Many departments participate in LaQuSo. In LaQuSo, research is applied in industry in order to valorise and validate research results and in order to investigate new research issues, improving the applicability of computer science research in practice. It is performed on a semi-commercial basis via projects with industry on actual commercial software. Marko van Eekelen is the director of LaQuSo Nijmegen.

However, many other issues (cryptography and network security among many others) are important for Computer Security: too many to fit into one single theme. For that reason, starting September 2006, the Computer Security master programme is started, offered by the Kerckhoffs Institute. This institute is a collaboration between the Radboud University Nijmegen, the Eindhoven University of Technology and Twente University. Because of this collaboration we are able to offer a much broader and much more challenging computer security master course. Follow the above link for more information. Students who want to delve into security issues, are strongly recommended to do follow this complete Computer Security Master programme.

For students interested in Quality of Software aspects related to security the Quality of Software theme has been made available. The teaching will be done by the Security of Systems (SoS) department, together with other members of the department (see below).

The Computer Science bachelor programme involves an introductory course on computer security, which is aimed at both computer science and information science students. But this page is about the Computer Science master programme. It is strongly recommended for students to have taken this bachelor course before they follow the Quality Of Software Theme courses.

The Computer Security master theme provides not only the necessary theoretical background, but also the link between theory and practice. The theme involves the four compulsory courses (1-4) listed below, each amounting to 6 EC. There is no prescribed order. Course 4 is the security master course for information science (informatiekunde). The fifth and sixth course are optional. Course 6 provides legal background information; it is given within the faculty of law (in dutch).

1. Software Security (SoS department, Erik Poll, spring semester).
   This course has been given for the first time in the spring of 2006. It replaces the earlier course Security Protocols. Topics include:
   • What is software security?
   • Common software vulnerabilities: lack of input validation (buffer overflows, SQL injections, etc.), race conditions, access control, etc. Design flaws. Implementation flaws. Deployment flaws. Case studies.
   • Guiding principles
   • Architecture
   • Design; implementation
   • Access control
   • Language level security: typing; tainting input data; untrusted code security.
   • Application level security: runtime monitoring; static analysis; verification; JML, Spec#.
   • Software evaluation.
   • Case studies.
2. Complexity (Fundamentals department, Dick van Leijenhorst, spring semester).
   The course Complexity deals in a fundamental manner with algorithmic complexity.
3. TestTechnieken (ITA department, Jan Tretmans, fall semester)
   Testing is part of almost any software development project. The course "testing techniques" deals with a number of techniques, methods and tools which may help in the systematic and effective testing of software systems. Established testing techniques as well as some new developments, such as testing with formal specifications and model-based testing, will be presented. Some guest lectures will be given by people from industrial software testing. The goals of the course "testing techniques" are that students: (1) obtain an overview of, and insight in the importance and the place of structured and systematic testing within the software development cycle; (2) are familiar with standard testing concepts, terms, and nomenclature; (3) know and recognize different kinds, phases, and aspects of structured testing; (4) develop skills in applying some techniques for developing tests; (5) get experience in applying some test tools; (6) have knowledge of, and can apply some of the latest research results in formal methods based testing.
4. Security in Organisations (SoS department, Martijn Oostdijk, fall semester)
   This course has been given for the first time in the fall of 2005, as master course for information science (informatiekunde) students. It replaces the earlier course Information Security.
   Topics for this course are: Security policies. Roles. Classifications. Assets and threats. Risk, vulnerability, control, attack, damage. Risk analysis. Methods/tools for risk analysis. CERTs. Risk assessment and risk management. Code of Practise for Information Security (BS7799), evaluation of information security, like ITSEC and the Common Criteria. security plan, attack trees, business continuity planning/incident recovery. legal issues: patents and copyright. Reliability of Software Systems (SoS department, Marko van Eekelen and ST department, Rinus Plasmeijer, spring semester)
   Strongly related to the Quality of Software theme is the course Reliability of Software System (Betrouwbaarheid van Software Systems). In this course case studie are performed on assessing (and improving) the reliability of actual software systems in practice.
5. Computer law (Berkvens, Grütters and Oskamp)
   In addition to the above five computer science courses it is strongly recommended that a master student of this theme broadens his/her view on the field by taking the (small version) of one of the Computer law courses informaticarecht and/or rechtsinformatica offered in Nijmegen.

Within Computer Science the following supplemental courses are recommended.

• Protocolvalidatie (PV)
• Ontwikkeling van grote Softwaresystemen (OSS)
• Semantiek (S)
• Proof assistants (PA)
• ...

Students are encouraged to follow additional courses in relevant fields such as

• mathematics
• Law, see the relevant groups Recht en Informatica and Straf- en procesrecht (wo. Computercriminaliteit).

Part of a master program is a master thesis related to the theme of specialisation. Members of the SoS group and teachers within this theme may serve as supervisors for such a master thesis. They may be contacted directly to discuss various options and ideas.