Introduction to Software Security

Instructors' Page

Contacts: and

© 2022 Elisa Heymann and Barton P. Miller.
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

1. Overview

Along with the instructional material, we provide a variety of resources to help you teach software security. Currently, these materials include active learning exercises to be used in class and quizzes to help assess the students' understanding of the materials.

Note that these materials are a work in progress and will be expanded and improved as time goes on.

As with all our materials, we welcome feedback and suggestions. And we encourage you, as the instructor, to contribute to new and improved materials. Please feel free to contact us at any point.

While these materials can be used in a variety of modes, they are intended, when taken as a whole, to form the curriculum for an advanced undergraduate or introductory graduate Introduction to Software Security course, much like the CS542 class that we introduced at UW-Madison.

Below is how we structure our semester-long course. We are constantly reevaluating our approach and updating it and appreciate your feedback and suggestions in this area.

We typically schedule the class twice per week, organizing it as an active learning (flipped classroom) course, with the following components:

  1. Online lectures and notes: The videos and text chapters form the core of the teaching materials. Students are expected to watch the videos and/or read the text before class.

  2. Active learning exercises: In class, the students are given an exercise on the topic of the day. Working in small groups (typically 3-6 students), they have between 10-20 minutes to work on approaches to solving the exercise. The exercise is distributed by sharing a link to a Google doc and each group is assigned a page in the document on which to record their ideas about the exercise solution. We then spend a while reviewing the solutions, asking different groups to present their ideas.

    We have used this technique effectively for both a live classroom with the students working at small tables and online with the students being sent to breakout group rooms to work on the solutions with their groups. The discussion is then conducted as a whole class.

  3. Hands-on Homework Exercises: These exercises are linked to the class materials page and are mostly included in the virtual machine that we provide. The exercises are broken down into reasonable sized steps intended to guide the students through the problem but not to give them the answers. We set the due time to be at the start of class so that we can have a discussion of the current exercise and its solution in class. Students are encourage to present their approach to the exercise.

  4. Weekly quizzes: We are fans of frequent assessment to better track the students' understanding and to reinforce the current topic in a timely fashion. The quizzes are short, 10-15 minutes (occasionally a bit longer when they have to look at longer pieces of code). We do not use midterms and a final, as we feel that the cumulative evaluation from the weekly quizzes is more than sufficient. For grading, we automatically drop the lowest one or two scores.

  5. In the News: We encourage the students to track the current news on software security to find articles that are relevant to the class. Each week, we choose one student to present their article in a 10-minute slot. We work with them to help organize their presentation and then moderate the questions and discussion following their presentation. (We offer extra credit to the students as a motivation and reward for taking on this task.) Many students comment on this as a favorite part of the class.

2. The Materials

You can find the class materials on the Software Security Instructor Materials folder on Google Drive. Note that you must be given access to these materials by us (they are not open to the general public so students cannot see them). Once you have access to them, you are free to use them as you need for your class.

2.1 Active Learning Exercises

Each active learning exercise is identified by its topic name and number. The first page contains the question to be addressed and the subsequent pages are for the use of each group to record their ideas and answers. You should make a copy of the exercise in a Google Drive folder that you own and control so that you can make updates and share the document with your students.

Note that we typically include two links on the first page of each exercise:

  1. A link to the current document. That is handy for you as the instructor to be able to quickly cut and paste it into an email message or Piazza post or Slack channel or whatever, to share it with your students.
  2. A link to an online countdown timer. This is useful especially for online classes to know how long they have remaining to discuss and address the question in their group. There are free online sights that allow you to quickly set up a timer and share the link with your students.

2.2 Quizzes

Our quizzes are split by topic and identified by topic name and number. Note that on some weeks, we cover more than on topic on the quiz, so the quizzes on those weeks would consist of multiple smaller quizzes.

We have just started to post solutions to the quizzes. Expect this coverage of quizzes and questions to grow over the coming weeks.

Valid HTML 4.01 Transitional
Last modified: Wed 02 Feb 2022 01:25:49 PM CST by bart