Organizers:

Invited guest speaker:

ECTS: 5

This course is intended for PhD students and advanced Master students and it is designed to give an introduction to formal methods, teach the basics of code scanning theory, and allows students to gain first-hand experience with the state of the art code scanners. Code scanners are tools that inspect source code automatically for bugs, security problems and other issues. Code scanners are often used to evaluate software used in safety critical systems. Contingent on our ability to secure licenses, we will discuss five different tools, such as Coverity, Fortify, Code Sonar, AppScan, and FindBugs. The course is organized in two parts. The first part takes place in April, where we (the organizers) will give several lectures about the formal under pinnings of code scanners. During the last lecture, we, will present some sample code, and assign (groups of) students to tools. The dates for the first part are

The second part of the course is then going to be tutorial like presentations of the PhD students who take the course for credit.

DEADLINE for the final report. May 16, 2014.

To sign up for this course, please send email to Christina Rasmussen (crasm@itu.dk)

Details

Date Time Topic References
07.04. 9:00-12:00 Introduction and Fundamentals See literature list
08.04. 9:00-10:15 Dependency Graphs and Slicing Dependence Graphs and Program Slicing, Software Inspection Using CodeSurfer,Program Analysis via Graph Reachability
10:30-11:45 Safe Pointers Protecting C Programs from Attacks via Invalid Pointer Dereferences, Pointer Analysis for Programs with Structures and Casting
09.04. 13:00-16:00 Tools and Case studies See below

Recommended literature

Case Studies

Norwegian Internet Voting Protocol

Literature:

Verificatum Mixnet