Cybersecurity
Beschrijving
Course goals
After finishing this course, students will
- be intimately familiar with the theory of ecosystem security.
- be able to analyze the characteristics and types of attacks and vulnerabilities that can threaten the worldwide software ecosystem, and identify appropriate technical and managerial strategies for mitigating these risks.
- know and apply different technical solutions for creating trust, resilience, and compartmentalization within software ecosystems.
- be aware of the research methods in empirical software engineering to research software security, and be able to apply one of them in a research project.
- synthesize information from multiple sources to generate new insights into the security challenges and opportunities facing software ecosystems.
- communicate effectively about software ecosystem security to an academic audience, using appropriate technical language and media.
The result for the course on Software Ecosystems Security is based on the grades provided for each of the deliverables and an exam.
- students need to pass the team assignments with a grade 5.5 or higher. All other assignments can be passed with a grade 4 or higher.
- assignments with no weight still need to be fulfilled to complete the course, in particular the two presentations.
- students need to achieve a grade 5.5 or higher on the exam to pass the course.
- for the final paper the grade must be at least a 5.5
- bonus points can be awarded for results of publication level quality for the team project.
Content
Software ecosystems refer to sets of organizations that collaborate and compete in providing software and related services to a specific market.
The Worldwide Software Ecosystem (WSE), which encompasses all individuals and entities involved in software production, faces persistent threats from cybersecurity risks that range from software supply chain vulnerabilities to data breaches due to inadequate infrastructure management and weaknesses in the WSE. This concerns effectively all organizations dealing with software, ranging from open source organizations to commercial software producing organizations.
Given the global scale of software ecosystems, it is imperative to adopt a new perspective on cybersecurity.
This course aims to equip students with a comprehensive understanding of cybersecurity in the worldwide software ecosystem, utilizing modern theories, research methods, techniques, and technologies.
Through an emphasis on research, students will be able to design, develop, and analyze their own initiatives for enhancing the anti-fragility of the WSE.
The course consists of two meetings per week.
During the first sessions of the course the lecturer discusses some of the prime challenges in this research area. During the meetings and as homework, students design and develop a research project of their own.
The second round of sessions consists of student presentations.
During a third round of presentations external experts are invited to provide a guest lecture and provide comments on the student topics.
During the fourth round of presentations students are asked to present their topic in full.
Please note: due to the special nature of this course, students are expected to attend at least 90% of all classes.
Literature
This course is based on several books, articles, and papers.
- Zimmermann, Staicu, Tenny & Pradel (August 2019), "Small World with High Risks: A Study of Security Threats in the npm Ecosystem". In USENIX security symposium (Vol. 17).
- Jansen, S., Cusumano, M., Brinkkemper, S. "Software Ecosystems: Analyzing and Managing Business Networks in the Software Industry". Edward Elgar Publishers. (please note a cheap paperback is can be obtained through the course coordinator)
- Hou, F., & Jansen, S. (2023). "A systematic literature review on trust in the software ecosystem. Empirical Software Engineering", 28(1), 8.
- Scacchi, W., & Alspaugh, T. A. (2018). "Securing software ecosystem architectures: challenges and opportunities." IEEE Software, 36(3), 33-38.
- Massacci, F., & Pashchenko, I. (2021, May). "Technical leverage in a software ecosystem: Development opportunities and security risks". In 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE) (pp. 1386-1397). IEEE.
Reviews0 reviews
Heb jij dit vak gevolgd?
Deel je ervaring met toekomstige studenten. Inloggen met je Universiteit Utrecht mailadres duurt één minuut.
Schrijf een review