Security

Core Lecture, Summer 2016

Instructor Prof. Dr. Matteo Maffei
Teaching Assistants Manuel Reinert, Ilya Grishchenko, Niklas Grimm
Tutors Inken Hagestedt, Vineet Rajani, Ahmed Salem, Mark Schuegraf
First Lecture Wednesday, April 20, 2016 14-16
Time and Place
Wed, Thu 14-16 E2.2 (Günter Hotz Hörsaal)
Tutorials
Time Place
Mo 10-12 SR 015 (E1.3)
Mo 14-16 SR 015 (E1.3)
Tue 8-10 SR 015 (E1.3)
Tue 10-12 SR 015 (E1.3)
Tue 14-16 SR 014 (E1.3)
Tutor Office Hours
Office Hour Time Place
OH 1 Tue 16-18 1.07 (E9.1)
OH 2 Thu 16-18 1.07 (E9.1)
TA Office Hours whenever our doors are open
Form/Credits Core Lecture, 9 ECTS
Language English
Contact <manuel's surname> at cs dot uni-saarland dot de, <ilya's surname> at cs dot uni-saarland dot de, <niklas's surname> at cs dot uni-saarland dot de

Latest News

  • 2016-04-14: registration is open
  • 2016-04-14: please register in Piazza, the platform we use for announcements, discussion, and for uploading the material
  • 2016-04-05: the website is online

Description and Resources

In this course, you will acquire a deep understanding and hands-on experience on a broad spectrum of attack and defense techniques for IT systems. The content of the course comprises different topics, see the tentative schedule below (notice that the resources will be provided on Piazza):

Date Topic
20.04.16 Introduction
21.04.16 Memory Attacks I
27.04.16 Memory Attacks II
28.04.16 Memory Defenses I
04.05.16 Memory Defenses II
05.05.16 No lecture (Ascension Day)
11.05.16 Javascript
12.05.16 Browser Security
18.05.16 Web Security: CSRF, SQL Injection
19.05.16 Web Security: XSS
25.05.16 Introduction to Cryptography
26.05.16 No lecture (Corpus Christi)
01.06.16 Authentication
02.06.16 Cryptographic Protocols
08.06.16 Kerberos and TLS
09.06.16 Applied-Pi Calculus
15.06.16 ProVerif
16.06.16 Observational Equivalence
22.06.16 Information Flow Control I
23.06.16 Information Flow Control II
29.06.16 Mobile Security I
30.06.16 Mobile Security II
06.07.16 Anonymity
07.07.16 Electronic Voting
13.07.16 Cryptographic Device Security
14.07.16 Viruses and Rootkits
20.07.16 Worms and Stuxnet
21.07.16 Question and Answer
27.07.16 No lecture
28.07.16 Final Exam (14-18)
2.5-3 hours
The lecture notes, exercise sheets, and project instructions will be placed on Piazza.

Assignments, Exams, and Grading

We will have three practical projects, one on web security, one on cryptographic protocol analysis, and one on mobile security. You can work on the project in teams of 2-3 people. The group will be supported by their tutor with whom they may meet every week. We also offer office hours in which you can ask questions related to everything concerning the lecture (project, homework, lecture, administrative issues).

Theoretical exercise sheets will be released every week and are discussed in the tutorials in the week thereafter. You can hand in your exercise sheets if you like and we will correct them. This is, however, not mandatory.

There will be no midterm exam.

There will be a final exam.

To pass the course you have to fulfill the following minimal requirements:

  • 50% in the practical projects and
  • 50% in the final exam.

Your grade is then computed from the final or re-exam (F), depending on which one is better, and the projects (P) as

  • Grade = 0.6 * F + 0.4 * P

How to register

You have to register in our L:admin system in order to take the course.

We use Piazza as a discussion forum and for all class announcements. So please also register there in order not to miss anything.

As usual, you have to register in the LSF/HISPOS system of the university.