Master Theme Quality Of Software

Coordinator: Dr. M.C.J.D. van Eekelen.

Quality of Software is an important aspect of Software Security. Since many security exploits are based on software faults, software quality is one of the main issues addressed in the research of the Nijmegen Security of Systems Department which is led by Prof. dr. B. Jacobs.

Quality of Software is also the main subject of the Laboratory for Quality Software (LaQuSo). LaQuSo is a joint activity of the Radboud University Nijmegen and the Technical University Eindhoven. Many departments participate in LaQuSo. In LaQuSo, research is applied in industry in order to valorise and validate research results and in order to investigate new research issues, improving the applicability of computer science research in practice. It is performed on a semi-commercial basis via projects with industry on actual commercial software. Marko van Eekelen is the director of LaQuSo Nijmegen.

However, many other issues (cryptography and network security among many others) are important for Computer Security: too many to fit into one single theme. For that reason, starting September 2006, the Computer Security master programme is started, offered by the Kerckhoffs Institute. This institute is a collaboration between the Radboud University Nijmegen, the Eindhoven University of Technology and Twente University. Because of this collaboration we are able to offer a much broader and much more challenging computer security master course. Follow the above link for more information. Students who want to delve into security issues, are strongly recommended to do follow this complete Computer Security Master programme.

For students interested in Quality of Software aspects related to security the Quality of Software theme has been made available. Details about this theme are given below.

The Computer Science bachelor programme involves an introductory course on computer security, which is aimed at both computer science and information science students. But this page is about the Computer Science master programme. It is strongly recommended for students to have taken this bachelor course before they follow the Quality Of Software Theme courses.

The ideas about this theme are developing over time. This page reflects the current status. Students started before december 7, 2006 may be interested to still read the ideas about the theme Quality of Software as they were in september 2006. Of course, such students can follow the 'old rules' but they are advised to adhere to the new rules as given below.

The Quality of Software theme provides not only the necessary theoretical background, but also the link between theory and practice. The theme involves the four compulsory courses (1-4) listed below, each amounting to 6 EC. There is no prescribed order. The other courses are optional. Course 7 provides legal background information; it is given within the faculty of law (in dutch).

  1. TestTechnieken (ITA department, Jan Tretmans, fall semester)
    Testing is part of almost any software development project. The course "testing techniques" deals with a number of techniques, methods and tools which may help in the systematic and effective testing of software systems. Established testing techniques as well as some new developments, such as testing with formal specifications and model-based testing, will be presented. Some guest lectures will be given by people from industrial software testing. The goals of the course "testing techniques" are that students: (1) obtain an overview of, and insight in the importance and the place of structured and systematic testing within the software development cycle; (2) are familiar with standard testing concepts, terms, and nomenclature; (3) know and recognize different kinds, phases, and aspects of structured testing; (4) develop skills in applying some techniques for developing tests; (5) get experience in applying some test tools; (6) have knowledge of, and can apply some of the latest research results in formal methods based testing.
  2. Software Security (SoS department, Erik Poll, spring semester).
    This course has been given for the first time in the spring of 2006. It replaces the earlier course Security Protocols. Topics include: What is software security?, Common software vulnerabilities (lack of input validation (buffer overflows, SQL injections, etc.), race conditions, access control, etc. Design flaws. Implementation flaws. Deployment flaws. Case studies.), Guiding principles, Architecture, Design; implementation, Access control, Language level security (typing; tainting input data; untrusted code security.), Application level security (runtime monitoring; static analysis; verification; JML, Spec#), Software evaluation, Case studies.
  3. Reliability of Software Systems (SoS department, Marko van Eekelen and ST department, Rinus Plasmeijer, fall semester)
    The link between theory and practice is a vital aspect of the Quality of Software theme. This link is central to the course Reliability of Software System (Betrouwbaarheid van Software Systems).
    In this course case studies are performed on assessing (and improving) the reliability of actual software systems in practice. This is done using the LaQuSo Case Study methodology. Topics for case studies may be academic but it is also possible to perform actual case studies in industrial context. Topics are mainly in the areas of validation, verification, testing, model checking, validation, verification, code analysis or code improvement.
  4. Analysis of Embedded Systems (ITA department, Frits Vaandrager, spring semester).
    This course focuses on the quality of embedded systems. Using formal techniques, such as model checking, properties of embedded systems are validated and formally verified. More information on the course is available at and at the more general course info page of Analysis of Embedded Systems.
  5. Security in Organisations (SoS department, Martijn Oostdijk, fall semester)
    This course has been given for the first time in the fall of 2005, as master course for information science (informatiekunde) students. It replaces the earlier course Information Security. Topics for this course are: Security policies. Roles. Classifications. Assets and threats. Risk, vulnerability, control, attack, damage. Risk analysis. Methods/tools for risk analysis. CERTs. Risk assessment and risk management. Code of Practise for Information Security (BS7799), evaluation of information security, like ITSEC and the Common Criteria. security plan, attack trees, business continuity planning/incident recovery. legal issues: patents and copyright.
  6. Proof Assistants (Foundations Department, Freek Wiedijk, spring semester) This course covers the general principles behind the implementation of proof assistants and how to use them to implement simple decision procedures. An overview is obtained of the different proof assistants that are used, how they differ and what their respective strengths are. Enough experience is obtained with at least one of the systems to be able to do a theory and proof development in it.
  7. Computer law (Berkvens, Grütters and Oskamp)
    In addition to the above five computer science courses it is strongly recommended that a master student of this theme broadens his/her view on the field by taking the (small version) of one of the Computer law courses informaticarecht and/or rechtsinformatica offered in Nijmegen.

Within Computer Science the following supplemental courses may also be useful.

Students are encouraged to follow additional courses in relevant fields such as

Part of a master program is a master thesis related to the theme of specialisation. Members of the SoS group and teachers within this theme may serve as supervisors for such a master thesis. They may be contacted directly to discuss various options and ideas.