Security

The exam starts Monday 17.02. at 14:00 and will take 120 minutes. Please arrive a few minutes earlier!

You can now find your assigned seat for the exam on your personal status page. If your matriculation number is less than 2573514, your assigned seat is in the Günter-Hotz Lecture Hall. Otherwise, your assigned seat is in Building E2.5, Lecture Hall 1.

The exam will be a closed book exam. Cheatsheets / Calculators / ... are not allowed.

Please make sure to bring your Student ID card to the exam.

If you've got any questions regarding exam registration (i.e. you're registered but don't have a seat assigned) please contact us immediately.

The MiniCTF deadline passed at 4pm tonight. Final standings are: 1. Dieter Overflow🙅‍👨‍💻, and shared 2. place for Fs0ci3ty and Derivative Donkey. Congratulations to all three teams! 14 teams in total reached the full 10 points. We hope you enjoyed the event. In case you didn't fill the feedback questionnaire yet: https://forms.gle/fwGtjM2EnE6Na98D9
A student asked about bringing a dictionary to the final. In case you would like to do this, please contact Giancarlo or Nils in advance to coordinate. In any case, you will be able to ask us/the tutors for clarifications during the final.
 

The lecture tomorrow will have technical content on recent Spectre and Meltdown attacks, followed by a Q&A on the finals. We plan to finish with a quick summary of the (preliminary) MiniCTF results. Although the official MiniCTF deadline will only be at 4pm, the top 3 teams might have stabilized by then already. We also prepared a short anonymous and voluntary feedback questionnaire using Google Forms. Please consider filling it to provide feedback on individual topics and the exercises: https://forms.gle/fwGtjM2EnE6Na98D9
 

Dear students,

As promised today during the lecture, on 11/02/20, one of the leading researchers on microarchitectural side channel attacks and author of the Meltdown and ZombieLoad attacks, Micheal Schwarz, will give a talk at CISPA. You are more than welcome to attend. Below are the details.

Best,
Giancarlo

When: 11/02/20, 10:30-12:00

Where: CISPA Lecture Hall

Title: Software-based Side-Channel Attacks and Defenses
 
Abstract: The primary assumption of computer systems is that processed secrets are inaccessible for an attacker due to security measures in software and hardware. However, side-channel attacks allow an attacker to still deduce the secrets by observing certain side effects of a computation. For software-based attacks, unprivileged code execution is often sufficient to exploit side-channel weaknesses in applications. More recently, it was also shown that native code execution is not strictly necessary for certain attacks. Software-based side-channel attacks are even possible in JavaScript, a sandboxed scripting language found in modern browsers.
 
In this talk, we further investigate software-based side-channel attacks and countermeasures. We present novel side channels, methods to reduce the requirements for existing attacks, and demonstrate attacks in environments that were considered too restricted before. Finally, we show that side-channel attacks are a powerful primitive which allows mounting transient-execution attacks such as Meltdown and ZombieLoad.
 
Bio: Michael Schwarz is an infosec postdoctoral researcher at Graz University of Technology with a focus on microarchitectural side-channel attacks and system security. He holds two master's degrees, one in computer science and one in software development with a strong focus on security. He frequently participates in CTFs and has also been a finalist in the European Cyber Security Challenge. He was a speaker at Black Hat Europe 2016, Black Hat Asia 2017, 2018, 2019 & 2020, and Black Hat US 2018, where he presented his research on microarchitectural side-channel attacks. He authored and co-authored several papers published at international academic conferences and journals, including USENIX Security 2016, 2018 & 2019, NDSS 2017, 2018 & 2019, CCS 2019, and IEEE S&P 2018, 2019 & 2020. He was part of one of the research teams that found the Meltdown and Spectre vulnerabilities as well as the ZombieLoad vulnerability.

The MiniCTF has officially started! You can start solving challenges at https://minictf.scy-phy.net/! Each challenge will yield 2 points that count towards your admission for the exam (except for the challenge your team submitted). You can reach a maximum of 10 points from solving challenges in the MiniCTF. The MiniCTF will run until Friday at 16:00.

Please verify that your challenge is solvable on our platform (e.g. we included all the necessary files). If there are problems with your challenge, please contact your tutor.

The feedback and points for the idea of the challenge are now released. We will award 3 additional points for challenge stability if your challenge runs smoothly during the MiniCTF.

Remember to upload a document stating your team preferences until 15.01.2019.
If you did not manage to find a team, please also upload a document containing a team name, your matriculation number and your name if you want to participate in the MiniCTF. We will then match you with an existing group. If you are not assigned to a group, you will not be able to submit a challenge for the MiniCTF! For more hints, consider https://cms.cispa.saarland/sec1920/3/MiniCTF.

Question Sheet 5 has been released. This sheet is ungraded, you do not have to submit solutions for it. This sheet will be discussed in this week's tutorials.

As part of CISPA’s Distinguished Lecture Series, on Fri, January 10, at 11:00am s.t. in CISPA’s lecture hall, we are pleased to announce that Thorsten Holz (Ruhr University Bochum) will give a talk on: Fuzzing Hypervisors and Complex Interpreters

Participation is optional and will not influence your exercise points or grade. Please join if you are interested in the topic.

Title: Fuzzing Hypervisors and Complex Interpreters

When: Fri, January 10, at 11:00am s.t.

Where: CISPA’s lecture hall

Abstract: In recent years, randomized fuzz-testing (“fuzzing”) has progressed rapidly, mainly driven by tools such as afl and lots of academic work on this topic. In practice, fuzzing is often superior to seemingly "smarter" approaches such as symbolic or concolic execution. We provide an overview of our recent results, including fuzzing hypervisors, grammar-based fuzzing of complex interpreters, and fuzz-testing of stateful systems. In total, the different methods enabled us to find hundreds of software bugs that lead to more than 100 CVEs.

Bio: Thorsten Holz is full professor in the Horst Görtz Institute for IT Security at Ruhr-University Bochum. His research focuses on system security. He obtained his PhD in computer science from the University of Mannheim. He received the DFG Heinz Mai­er-Leib­nitz-Price in 2011 and an ERC Star­ting Grant in 2014. He is one of the three spokespersons of the CASA (Cyber Security in the Age of Large-Scale Adversaries) BMBF Cluster of Excellence in Bochum.

/edit: highlighted that participation is optional

Dear students,

Please read this announcement very carefully, especially if you did not attend the lecture today. 

As announced today during the lecture, on 15/01//2020, it will take place the graded MiniCTF competition. This message is for all students, especially those that were not attending the lecture. 

Your first deadline is on 15/01/2020. Please read below and stay tuned for more details!

I - What is the MiniCTF competition?

The idea of the MiniCTF competition is to form groups of about four students. Each group will create one MiniCTF-style challenge. Then, all challenges will be made available for all students in a CTF competition.

II - How will it be graded?

Grading is per group:

• 50%: Quality of the challenge, documentation, and implementation (see point VI)
• 50%: Number of solved challenges (at least 5)

III - What are these milestones, and what are the deadlines?

1. The first milestone is creating groups of students. When: 15/01/2020 (firm deadline)
   • Find your group mates and finalize your group by 15/01 (not “after” but “by”).
2. The second milestone is the submission of the idea for the MiniCTF challenge. When: TBA, approx one weak after Milestone 1
   • The idea is a document describing the challenge, the expected solution, the backstory, pseudo-code, and more. We will share the exact specs of such a document.
   • The goal of this milestone is to give us (the lectures and TAs) to check the quality and fairness of the challenges
3. The third milestone is the implementation and submission of the challenge. When: TBA, approx one weak after Milestone 2​
   • ​​You will need to submit the flags too
   • Expect to have a CTF website to hour your challenges
4. The actual CTF competition with all challenges begin. When: TBA, approx one weak after Milestone 3

​IV - Do you have any guidelines/tips for creating a good quality challenge?

More details later, but, for now, you will need to keep in mind that a good challenge has four main ingredients:

1. Fun: solving challenges must be fun
   • Elements increasing the fun factor are a backstory and originality​
2. Technical: challenges are “challenging” not obvious. Students need to learn something
   • Relating to (or build on) the topics of this lecture 
3. Fair: A good challenge always has a solution.
   • Harder solutions can be fixed with hints (hints can also be original, fun, related to the backstory)
4. Novelty: Don’t just copy and paste a challenge from another CTFs or the exercises
   • Plagiarism will be checked for, detected, and not tolerated.

As announced in the lecture last week, there is a talk at CISPA before the lecture today, which might be of interest. Yongdae Kim from KAIST will talk on "Forecasting 5G Security from LTE Experience". The talk starts at 10:30 s.t. in the big CISPA lecture hall. Attendance is optional and not related to grades or anything in the class.

Exercise Sheet 1 has been released. This is a graded exercise sheet. Please submit your solution until 17.11.2019 in the CMS. For your submission please consider the notes on the sheet.
Note that there was a bug in the task "Diffie-Hellman", which is now fixed. Please have a look at it again if you did not manage to solve it yet.

Question Sheet 0 has been released. This sheet is ungraded, you do not have to submit solutions for it. We have set up a CTF platform for our practical tasks. You can reach it at https://sec19.scy-phy.net/.

There will be no tutorial next week. Instead, we offer an office hour to deal with technical problems and questions about this sheet. The office hour will take place on Tue. 22 Oct. from 10:00 to 12:00 in CISPA Room 0.06.