Introduction to Software Security
© 2022 Elisa Heymann and Barton P. Miller.
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Along with the instructional material, we provide a variety of resources to help you
teach software security.
Currently, these materials include active learning exercises to be used in class and
quizzes to help assess the students' understanding of the materials.
Note that these materials are a work in progress and will be expanded and improved as
time goes on.
As with all our materials, we welcome feedback and suggestions.
And we encourage you, as the instructor, to contribute to new and improved materials.
Please feel free to contact us at any point.
While these materials can be used in a variety of modes, they are intended, when taken as
a whole, to form the curriculum for an advanced undergraduate or introductory graduate
Introduction to Software Security course, much like the
CS542 class that we introduced
Below is how we structure our semester-long course.
We are constantly reevaluating our approach and updating it and
appreciate your feedback and suggestions in this area.
We typically schedule the class twice per week,
organizing it as an active learning (flipped classroom) course, with the following components:
Online lectures and notes:
The videos and text chapters form the core of the teaching materials.
Students are expected to watch the videos and/or read the text before class.
Active learning exercises:
In class, the students are given an exercise on the topic of the day.
Working in small groups (typically 3-6 students), they have between 10-20 minutes to work
on approaches to solving the exercise.
The exercise is distributed by sharing a link to a Google doc and each group is assigned
a page in the document on which to record their ideas about the exercise solution.
We then spend a while reviewing the solutions, asking different groups to present their
We have used this technique effectively
for both a live classroom with the students working at small tables and
online with the students being sent to breakout group rooms to work on the solutions
with their groups.
The discussion is then conducted as a whole class.
Hands-on Homework Exercises:
These exercises are linked to the class materials page and are mostly included in
the virtual machine that we provide.
The exercises are broken down into reasonable sized steps intended to guide the
students through the problem but not to give them the answers.
We set the due time to be at the start of class so that we can have a discussion
of the current exercise and its solution in class.
Students are encourage to present their approach to the exercise.
We are fans of frequent assessment to better track the students' understanding and to
reinforce the current topic in a timely fashion.
The quizzes are short, 10-15 minutes (occasionally a bit longer when they have to
look at longer pieces of code).
We do not use midterms and a final, as we feel that the cumulative evaluation from the weekly
quizzes is more than sufficient.
For grading, we automatically drop the lowest one or two scores.
In the News:
We encourage the students to track the current news on software security to find
articles that are relevant to the class.
Each week, we choose one student to present their article in a 10-minute slot.
We work with them to help organize their presentation and then moderate the questions
and discussion following their presentation.
(We offer extra credit to the students as a motivation and reward for taking on this task.)
Many students comment on this as a favorite part of the class.
2. The Materials
You can find the class materials on the
Security Instructor Materials
folder on Google Drive.
Note that you must be given access to these materials by us (they are not open
to the general public so students cannot see them).
Once you have access to them, you are free to use them as you need for your class.
2.1 Active Learning Exercises
Each active learning exercise is identified by its topic name and number.
The first page contains the question to be addressed and the subsequent pages
are for the use of each group to record their ideas and answers.
You should make a copy of the exercise in a Google Drive folder that you own and
control so that you can make updates and share the document with your students.
Note that we typically include two links on the first page of each exercise:
A link to the current document.
That is handy for you as the instructor to be able to quickly cut and paste it into an
email message or Piazza post or Slack channel or whatever, to share it with your students.
A link to an online countdown timer.
This is useful especially for online classes to know how long they have remaining to discuss
and address the question in their group.
There are free online sights that allow you to quickly set up a timer and share the link
with your students.
Our quizzes are split by topic and identified by topic name and number.
Note that on some weeks, we cover more than on topic on the quiz, so
the quizzes on those weeks would consist of multiple smaller quizzes.
We have just started to post solutions to the quizzes.
Expect this coverage of quizzes and questions to grow over the coming weeks.
Wed 02 Feb 2022 01:25:49 PM CST