css4501 Software Analysis and Application

CS 4501 Software Analysis and Applicstions
Instructor: Prof. Mary Lou Soffa

Lecture time: Tues and Thursday 12:30 - 1:45

Course Description
This course provides an in-depth look into privacy issues on the Internet and introduces privacy enhancing technologies. We will cover topics such as anonymous communications, traffic analysis and location privacy. We will also examine the trade-offs between security and privacy, and the interactions with other fields such as machine learning and policy.

Prerequisites
CS2150. Some background in cybersecurity (CS3710) and computer networks (CS4457) will be helpful but not required.

Disruptive shifts in software application types and software development environments create challenges to software reliability that need to be addressed to ensure software quality and reduce the cost of software development time. Over the years, the size and complexity of software have grown as well as the need for fast-changing codebases, security, fault detection strategies, testing, debugging and automatic test case generation and selection. As software technology has become increasingly pervasive causing software systems to affect all aspects of our society, there is an urgent need for the development of efficient techniques for creating high-quality software. To help meet these challenges, software analyses, a body of work that discovers and predicts facts about a program, has been developed.

In this course, we will explore various software development application areas, including testing, input generation, debugging, and security, and the types of software analyses needed to meet their needs. In general, we will study the underlying principles of static, dynamic and hybrid methods of analyses. We will explore analysis techniques including data-flow analysis, code coverage, dynamic analysis, impact analysis, automated test case generation, and symbolic execution. These topics will be addressed through lectures and both written and programming assignments.

Course Objectives
To study traditional static and dynamic analyses, such as data-flow, slicing, and profiling, along with the use of analyses in various software development applications.
To study other uses of analysis, such as the impact of software changes, mobile phones software, program understanding, and debugging as well as new applications, such as security and component-based systems.
To explore important areas for research in analysis and use of software artifacts.
To apply these analyses and applications through lectures, research papers and both written home works and short programming assignments.

Besides lectures, we will read articles such as

Four of The Worst Computer Bugs in History
Coming Software Apocalypse
What is soundness in static analysis?
Lessons from Building Static Analysis Tools at Google
What developers Want and Need from Program Analysis
Fuzzing
The Role of Static Analysis in a Secure Software Development Life Cycle
Boeing-software-errors-jeopardized-starliner-spaceship-737-max-planes-2020-2