Ogni modulo equivale a 3 crediti ECTS. È possibile scegliere un totale di 10 moduli/30 ECTS nelle seguenti categorie:
- 12-15 crediti ECTS in moduli tecnico-scientifici (TSM)
I moduli TSM trasmettono competenze tecniche specifiche del profilo e si integrano ai moduli di approfondimento decentralizzati. - 9-12 crediti ECTS in basi teoriche ampliate (FTP)
I moduli FTP trattano principalmente basi teoriche come la matematica, la fisica, la teoria dell’informazione, la chimica ecc. I moduli ampliano la competenza scientifica dello studente e contribuiscono a creare un importante sinergia tra i concetti astratti e l’applicazione fondamentale per l’innovazione - 6-9 crediti ECTS in moduli di contesto (CM)
I moduli CM trasmettono competenze supplementari in settori quali gestione delle tecnologie, economia aziendale, comunicazione, gestione dei progetti, diritto dei brevetti, diritto contrattuale ecc.
La descrizione del modulo (scarica il pdf) riporta le informazioni linguistiche per ogni modulo, suddivise nelle seguenti categorie:
- Insegnamento
- Documentazione
- Esame
Students shall gain an overview over current methods for software assurance. This includes
- automatic test case minimisation;
- negative test case generation ("fuzzing");
- side channels and their avoidance ("constant-time computing");
- security implications when designing safety systems
- exposure to standards-compliant software development;
- software verification and validation;
- safe testing according to the standards; and
- fault tolerance.
Requisiti
Students will need knowledge in software engineering, specifically testing.
Students will need to be reasonably fluent in a variety of languages including but not limited to C and Python. Knowledge of some assembly (e.g., x86, x86-64, or ARM) will be advantageous.
Students will need to be familiar with the idea that there are standards for software development and testing.
Obiettivi di apprendimento
- Students can apply test case minimisation techniques to their own
test cases.
- Students know how fuzzing works, to what class of faults it applies, how to interpret its output, and how to use it in their own projects.
- Students know that side channels exist and how they are exploited,
that they are a serious danger to software assurance and security,
and how to avoid certain types of side channel, especially those that have to do with variable-time computation based on secret inputs.
- Students know about the safety life cycle according to IEC 61508 and its adaptation to automotive security in ISO 26262, and can
apply it in their own projects.
- Students can apply probabilistic methods used to estimate the impact of device failures on overall safety.
- Students know what options there are to certify, validate, and verify software components, and what that means.
Contenuti del modulo
- Safety life cycle according to IEC 61508 (2 lectures)
- Application of ISC 61508 to automotive software (ISO 26262) (1 lecture)
- Probabilistic methods to estimate impact of failure (2 lectures)
- Certification, validation, and verification of software (2 lectures)
- Test cases and their minimisation (2 lectures)
- Negative test case generation ("fuzzing") (2 lectures)
- Side channels (3 lectures)
Metodologie di insegnamento e apprendimento
Lectures will be part ex-cathedra, part in-class exercises. These
exercises are designed to be done either individually or in groups and
can therefore be done remotely.
Bibliografia
Andreas Zeller, Why Programs Fail. Morgan Kaufman. Second
Edition, 1770. (Yes, that's the date that Amazon has for the book. In reality, the second edition is from 2008.)
Ari Takanen, Fuzzing for Software Security Testing and Quality
Assurance. Artech House Publishers. Second Edition, 2018.
Seokhie Hong (Ed.), Side Channel Attacks. MDPI. 2019.
David J. Smith and Kenneth G. L. Simpson, The Safety Critical Systems
Handbook: A Straightforward Guide to Functional Safety: IEC 61508
(2010 Edition), IEC 61511 (2015 Edition) and Related Guidance. Butterworth-Heisman. Fifth edition, 2020.
Scarica il descrittivo completo del modulo
Indietro