Your browser does not support JavaScript!
http://iet.metastore.ingenta.com
1887

Software security: experiments on the .NET common language run-time and the shared source common language infrastructure

Software security: experiments on the .NET common language run-time and the shared source common language infrastructure

For access to this article, please select a purchase option:

Buy article PDF
£12.50
(plus tax if applicable)
Add to cart
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)
Add to cart

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
IEE Proceedings - Software — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

IEE
Published

As more and more software applications are directly or indirectly accessible from the Internet, the importance of the security of these applications grows steadily. Hence, it is important that university curricula for computer scientists and software engineers include courses on secure software development. Such courses should make students familiar with the programming language technology, run-time support and available APIs for security, and they should also teach them how to use these technological means appropriately. The .NET framework is a good example of the current state-of-the-art support for secure development. The Shared Source Common Language Infrastructure (SSCLI) provides a source for some of the security related aspects of the framework. The paper describes how the secure software development course at the Katholieke Universiteit Leuven uses the .NET framework and the SSCLI. An overview is given of the contents of the course, and a number of example project assignments based on .NET or the SSCLI are presented.

Inspec keywords: educational courses; computer science education; programming languages; security of data; software engineering

Other keywords: software engineers; SSCLI; .NET common language run-time; secure software development course; software security; Katholieke Universiteit Leuven; computer scientists; university curricula; Shared Source Common Language Infrastructure

Subjects: Software engineering techniques; Computing education and training; Data security

References

    1. 1)
      • C. Lai , L. Gong , L. Koved , A. Nadalin , R. Schemers . (1999) User authentication and authorization in the Java platform, 15th Annual Conf. on Computer Security Applications.
    2. 2)
      • Fändrich, M., Leino, K.R.M.: `Declaring and checking non-null types in an object-oriented language', Proc. Conf. on Object-Oriented Programming, Systems, Languages and Applications (OOPSLA), Anaheim, CA, October 2003.
    3. 3)
      • http://www.go-mono.org, accessed July 2001.
    4. 4)
      • A. Sabelfeld , A.C. Myers . Language-based information-flow security. IEEE J. Sel. Areas Commun. , 1 , 5 - 19
    5. 5)
      • Kennedy, A., Syme, D.: `The design and implementation of generics for the .NET common language runtime', Proc. ACM SIGPLAN Conf. on Programming Language design and implementation (PLDI), June 2001, , Snowbird, UT, p. .
    6. 6)
      • OWASP, ‘The open web application security project (homepage)’. http://www.owasp.org/ accessed September 2000.
    7. 7)
      • Lagaisse, B., and Piessens, F.: ‘PAM .NET: A .NET framework for pluggable authentication modules’. Technical Report CW361, K.U. Leuven, Department of Computer Science, 2003.
    8. 8)
      • T. Neward , D. Stutz , G. Shilling . (2003) Shared source CLI essentials.
    9. 9)
      • T. Thai , H.Q. Lam . (2002) .NET framework essentials.
    10. 10)
      • Piessens, F., Joosen, W.: `Security support for running partially trusted code in modern application platforms', Proc. 2003 Int. Course on the State of the art and evolution in computer security and industrial cryptography, Lect. Notes Comput., Sci., to be published.
    11. 11)
      • Boyapati, C., Lee, R., Rinard, M.: `Ownership types for safe programming: Preventing data races and deadlocks', Proc. Conf. on Object-Oriented Programming, Systems, Languages and Applications (OOPSLA), November 2002, p. 211–230.
    12. 12)
      • http://securitytf.cs.kuleuven.ac.be/teaching/, accessed October 2003.
    13. 13)
      • K. Brown . (2000) Programming windows security.
    14. 14)
      • Linn, J.: ‘Generic security service application program interface, version 2.’ Request for Comments 2078, January 1997.
    15. 15)
      • Samar, V., Lai, C.: `Making login services independent from authentication technologies', Presented at the SunSoft Developer Conf., March 1996.
    16. 16)
      • B. LaMacchia , S. Lange , M. Lyons , R. Martin , K. Price . (2002) .NET frame-work security.
    17. 17)
      • F. Piessens , B. Jacobs , E. Truyen , W. Joosen . (2003) Support for metadata-driven selection of run-time services in .NET is promising but immature.
    18. 18)
      • M. Howard , D. LeBlanc . (2003) Writing secure code.
http://iet.metastore.ingenta.com/content/journals/10.1049/ip-sen_20030985
Loading

Related content

content/journals/10.1049/ip-sen_20030985
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
Print this page
This is a required field
Please enter a valid email address