Location: Mathematikon, INF 205, SR 7
Date: Monday, 16:00 - 18:00 ct
Description (in german):
The quantity as well as the quality of attacks on computer systems is steadily increasing. Systems and data of many kinds are affected: personal data, military secrets, but also physical devices or cars. As a result, the security of computer systems became an important topic in research and industry
In this technically oriented seminar, we will address the issue of the security of software, focusing on the approaches to defend attacks by increased software quality (so-called white-box security). This aim is achieved through extensive verification and testing as well as through an appropriate design of the software.
We will first learn about the types and mechanisms of attacks in detail (for example, buffer overflow attacks, SQL injection, and cross-site request forgery) and understand how to prevent them. Afterwards, we will learn how to detect software vulnerabilities through code analysis and testing. Here we study the techniques of static analysis and approaches such as penetration testing and combinatorial security testing. The seminar is completed by further topics, e.g. methods for tracing attacks in networks using forensics.
This seminar is useful for anyone who develops software or is interested in software security. Since these topics are close to research, they can serve as the basis for bachelor's and master's theses.
Registration and participation
The preliminary discussion and the assignment of topics will take place on April 16 at 4.15pm on a first come, first servebasis. The number of participants is limited to 12.
Please note the following requirements for the award of credit points (4 ECTS): regular participation, presentation with handout, mutual evaluation and written summary of the presentation. Details will be announced at the preliminary meeting. Further information:
- The presentation should be a maximum of 40 minutes long, plus 20 minutes for discussion.
- At least one week before the lecture a handout with the summary of the lecture (2 pages) should be submitted.
- The mutual evaluation (with textual comments) for all other participants is part of the requirements.
- The written summary is due on September 2, 2018.
- Memory-based attacks
- Defense against memory-based attacks
- Web-based systems: attacks and defenses
- Designing secure sofware
- Program analysis A: Static analysis
- Program analysis B: Symbolic Execution
- Penetration testing
- TOR network
- Smartphone security
- Certificates and Email encryption
- Principles of Kerberos
- Random generator
- Quantum computing and IT-Security