Security Nils Ole Tippenhauer and Giancarlo Pellegrino

News

01.05.2020

Written Re-Exam likely to be held in October 2020

The oral re-examinations are now concluded. The written re-examination is planned to be held after the summer term, and before the winter term starts. There will be a dedicated timeslot then to conduct outstanding exams from the WS19/20. Any student who a) qualified... Read more

The oral re-examinations are now concluded. The written re-examination is planned to be held after the summer term, and before the winter term starts. There will be a dedicated timeslot then to conduct outstanding exams from the WS19/20. Any student who a) qualified for the exam in WS19/20, and b) did not yet take the oral re-examination will be eligible to take that written exam, likely in October 2020. We will update you in time about more concrete plans, once we have more information from the University.

11.04.2020

Second Exam will be oral for now

We hope you are all healthy during the current lockdown. As it is currently unlikely that we will be able to have normal written re-exams for the Security class, we now plan to hold oral exams, in particular for people that need the exam to pass the class. We have... Read more

We hope you are all healthy during the current lockdown. As it is currently unlikely that we will be able to have normal written re-exams for the Security class, we now plan to hold oral exams, in particular for people that need the exam to pass the class. We have created another registration here on CMS for students to indicate their interest to participate. We will have to see how many people require this exam, as we cannot host infinite number of oral exams due to our limited time. We will coordinate with the university afterwards in terms of LSF registrations etc.

Please register for the oral exam within a week (until April 17). We then plan to hold them between April 17 and 24, all timeslots will be coordinated with you individually. You will require a computer with internet connection, we will use Zoom most likely (free to install on Win/OSX/Linux). Please contact Giancarlo and Nils (both in the same mail) if you have questions or comments.
If you do not agree to this alternative oral exam, we expect that you will be able to write a written re-exam after current restrictions are lifted (e.g. end of next term, or next year when the class runs again). As there are a lot of elements out of our control, we cannot guarantee this at the moment though. If you take the oral exam now, you will likely not have a third attempt to take this final.

In general, the oral exam will work as following:
We are going to talk about 2-3 topics, for at total maybe 25 minutes.
Giancarlo and I will let you propose a first topic (from class). You
will then explain that topic to us, and we will ask questions to see how
well you have understood it from the lecture.
After the first topic, we will select 1-2 further topics to discuss.
A TA will take notes.

Content-wise: everything covered in the lecture could be asked. Core
concepts and high level understanding is more important than details
(but those could eventually also be asked).

I might also ask you to do a simple calculation or sketch. Please have
some paper at hand for that.
16.03.2020

Written re-exam postponed/ possible Oral Examinations over Skype

University just decided to postpone all written examinations until after April 24. This means our re-exam for Wednesday unfortunately cannot happen as scheduled.

There is the option to have oral Skype examinations if students agree and there is an urgent need... Read more

University just decided to postpone all written examinations until after April 24. This means our re-exam for Wednesday unfortunately cannot happen as scheduled.

There is the option to have oral Skype examinations if students agree and there is an urgent need (e.g. exchange students, upcoming end of studies, etc).

We are now trying to understand how many students are in such a situation. Please contact us (gpellegrino@cispa.saarland and tippenhauer@cispa.saarland) if you have reasons that you cannot wait with the examination until after April 24. This also includes students for which we scheduled oral exams in the last days due to their travel history.

We are sorry for the late notice, and hope everyone is healthy (and stays healthy).

Regards,

Nils Ole and Giancarlo

11.03.2020

Re-Exam

The mandatory registration on LSF for the re-exam will close by the end of today. So far, we expect to hold the exam as planned on March 18 from 2-4pm. Given the lower number of registrants so far, we will be able to place students at maximal distance to each other... Read more

The mandatory registration on LSF for the re-exam will close by the end of today. So far, we expect to hold the exam as planned on March 18 from 2-4pm. Given the lower number of registrants so far, we will be able to place students at maximal distance to each other to reduce potential health issues. We will update you as soon as possible in case the situation changes.

19.02.2020

Exam: Results & Inspection

You can now find your exam results on your personal status page.

The exam inspection will take place on Friday, 21. February from 13:00 to 15:00 in CISPA Room 0.06.

Solutions to the exam were uploaded to the materials collection here on the CMS.

16.02.2020

Exam Information

The exam starts Monday 17.02. at 14:00 and will take 120 minutes. Please arrive a few minutes earlier!

You can now find your assigned seat for the exam on your personal status page. If your matriculation number is less than 2573514, your assigned seat is in the... Read more

The exam starts Monday 17.02. at 14:00 and will take 120 minutes. Please arrive a few minutes earlier!

You can now find your assigned seat for the exam on your personal status page. If your matriculation number is less than 2573514, your assigned seat is in the Günter-Hotz Lecture Hall. Otherwise, your assigned seat is in Building E2.5, Lecture Hall 1.

The exam will be a closed book exam. Cheatsheets / Calculators / ... are not allowed.

Please make sure to bring your Student ID card to the exam.

If you've got any questions regarding exam registration (i.e. you're registered but don't have a seat assigned) please contact us immediately.

08.02.2020

Exam: Admission and Registration

All points for the MiniCTF are now finalized and published on your personal status page. If you reached half of the points (30 points) in the overall lecture, you are admitted to the exam.

You have to register for the exam in HISPOS/LSF until 10.02. to be... Read more

All points for the MiniCTF are now finalized and published on your personal status page. If you reached half of the points (30 points) in the overall lecture, you are admitted to the exam.

You have to register for the exam in HISPOS/LSF until 10.02. to be able to participate in the exam. If your study course does not support LSF please register on the platform for your course and in the CMS (on your personal status page) until 10.02.

07.02.2020

MiniCTF is over + Dictionaries in Final exam

The MiniCTF deadline passed at 4pm tonight. Final standings are: 1. Dieter Overflow🙅‍👨‍💻, and shared 2. place for Fs0ci3ty and Derivative Donkey. Congratulations to all three teams! 14 teams in total reached the full 10 points. We hope you enjoyed the event. In case... Read more

The MiniCTF deadline passed at 4pm tonight. Final standings are: 1. Dieter Overflow🙅‍👨‍💻, and shared 2. place for Fs0ci3ty and Derivative Donkey. Congratulations to all three teams! 14 teams in total reached the full 10 points. We hope you enjoyed the event. In case you didn't fill the feedback questionnaire yet: https://forms.gle/fwGtjM2EnE6Na98D9
A student asked about bringing a dictionary to the final. In case you would like to do this, please contact Giancarlo or Nils in advance to coordinate. In any case, you will be able to ask us/the tutors for clarifications during the final.
 

06.02.2020

Last lecture tomorrow: Spectre/Meltdown + Exam Q&A + Preliminary MiniCTF results

The lecture tomorrow will have technical content on recent Spectre and Meltdown attacks, followed by a Q&A on the finals. We plan to finish with a quick summary of the (preliminary) MiniCTF results. Although the official MiniCTF deadline will only be at 4pm, the top... Read more

The lecture tomorrow will have technical content on recent Spectre and Meltdown attacks, followed by a Q&A on the finals. We plan to finish with a quick summary of the (preliminary) MiniCTF results. Although the official MiniCTF deadline will only be at 4pm, the top 3 teams might have stabilized by then already. We also prepared a short anonymous and voluntary feedback questionnaire using Google Forms. Please consider filling it to provide feedback on individual topics and the exercises: https://forms.gle/fwGtjM2EnE6Na98D9
 

05.02.2020

Talk on "Software-based Side-Channel Attacks and Defenses"

Dear students,

As promised today during the lecture, on 11/02/20, one of the leading researchers on microarchitectural side channel attacks and author of the Meltdown and ZombieLoad attacks, Micheal Schwarz, will give a talk at CISPA. You are more than welcome to... Read more

Dear students,

As promised today during the lecture, on 11/02/20, one of the leading researchers on microarchitectural side channel attacks and author of the Meltdown and ZombieLoad attacks, Micheal Schwarz, will give a talk at CISPA. You are more than welcome to attend. Below are the details.

Best,
Giancarlo


When: 11/02/20, 10:30-12:00

Where: CISPA Lecture Hall

Title: Software-based Side-Channel Attacks and Defenses
 
Abstract: The primary assumption of computer systems is that processed secrets are inaccessible for an attacker due to security measures in software and hardware. However, side-channel attacks allow an attacker to still deduce the secrets by observing certain side effects of a computation. For software-based attacks, unprivileged code execution is often sufficient to exploit side-channel weaknesses in applications. More recently, it was also shown that native code execution is not strictly necessary for certain attacks. Software-based side-channel attacks are even possible in JavaScript, a sandboxed scripting language found in modern browsers.
 
In this talk, we further investigate software-based side-channel attacks and countermeasures. We present novel side channels, methods to reduce the requirements for existing attacks, and demonstrate attacks in environments that were considered too restricted before. Finally, we show that side-channel attacks are a powerful primitive which allows mounting transient-execution attacks such as Meltdown and ZombieLoad.
 
Bio: Michael Schwarz is an infosec postdoctoral researcher at Graz University of Technology with a focus on microarchitectural side-channel attacks and system security. He holds two master's degrees, one in computer science and one in software development with a strong focus on security. He frequently participates in CTFs and has also been a finalist in the European Cyber Security Challenge. He was a speaker at Black Hat Europe 2016, Black Hat Asia 2017, 2018, 2019 & 2020, and Black Hat US 2018, where he presented his research on microarchitectural side-channel attacks. He authored and co-authored several papers published at international academic conferences and journals, including USENIX Security 2016, 2018 & 2019, NDSS 2017, 2018 & 2019, CCS 2019, and IEEE S&P 2018, 2019 & 2020. He was part of one of the research teams that found the Meltdown and Spectre vulnerabilities as well as the ZombieLoad vulnerability.

04.02.2020

Reminder: Office Hour at 16:00

Reminder: We will offer an Office Hour today at 16:00 in CISPA Room 0.06.

03.02.2020

MiniCTF has started!

The MiniCTF has officially started! You can start solving challenges at https://minictf.scy-phy.net/! Each challenge will yield 2 points that count towards your admission for the exam (except for the challenge your team submitted). You can reach a maximum of 10... Read more

The MiniCTF has officially started! You can start solving challenges at https://minictf.scy-phy.net/! Each challenge will yield 2 points that count towards your admission for the exam (except for the challenge your team submitted). You can reach a maximum of 10 points from solving challenges in the MiniCTF. The MiniCTF will run until Friday at 16:00.

Please verify that your challenge is solvable on our platform (e.g. we included all the necessary files). If there are problems with your challenge, please contact your tutor.

The feedback and points for the idea of the challenge are now released. We will award 3 additional points for challenge stability if your challenge runs smoothly during the MiniCTF.

02.02.2020

Tutorials & Office Hour

There will be no tutorials next week (10.11-14.11). Instead, we will offer an office hour on Tuesday 04.02 at 16:00 in CISPA Room 0.06.

The MiniCTF will start tomorrow at 12:00. We will announce more details then!

24.01.2020

MiniCTF: Feedback & Office Hour

The feedback for your challenge proposal has been released and can be found on your personal status page.
Please make sure to submit your final challenge until 30.01.2020.

We will offer another Office Hour on Tuesday 28.02.2020 at 16:00 in Room 3.21 for any... Read more

The feedback for your challenge proposal has been released and can be found on your personal status page.
Please make sure to submit your final challenge until 30.01.2020.

We will offer another Office Hour on Tuesday 28.02.2020 at 16:00 in Room 3.21 for any questions regarding your challenge.

16.01.2020

MiniCTF: Group Assignment & Office Hour

You can now find your MiniCTF group on your personal status page. Remember to submit your challenge idea until 22.01.2020.

We will offer an Office Hour on Tuesday 21.01.2020 at 16:00 in Room 2.22 at the CISPA for any questions about your submission.

14.01.2020

MiniCTF Rules and Guidelines are out

A document with a complete list of rules, guidelines, and deadlines for the MiniCTF is online. See: https://cms.cispa.saarland/sec1920/dl/37/MiniCTF_rules_and_guidelines.pdf

13.01.2020

MiniCTF & Question Sheet 5

Remember to upload a document stating your team preferences until 15.01.2019.
If you did not manage to find a team, please also upload a document containing a team name, your matriculation number and your name if you want to participate in the MiniCTF. We will then... Read more

Remember to upload a document stating your team preferences until 15.01.2019.
If you did not manage to find a team, please also upload a document containing a team name, your matriculation number and your name if you want to participate in the MiniCTF. We will then match you with an existing group. If you are not assigned to a group, you will not be able to submit a challenge for the MiniCTF! For more hints, consider https://cms.cispa.saarland/sec1920/3/MiniCTF.

Question Sheet 5 has been released. This sheet is ungraded, you do not have to submit solutions for it. This sheet will be discussed in this week's tutorials.

09.01.2020

Distinguished Lecture Series talk by Thorsten Holtz (Ruhr University Bochum)

As part of CISPA’s Distinguished Lecture Series, on Fri, January 10, at 11:00am s.t. in CISPA’s lecture hall, we are pleased to announce that Thorsten Holz (Ruhr University Bochum) will give a talk on: Fuzzing Hypervisors and Complex Interpreters

Participation is... Read more

As part of CISPA’s Distinguished Lecture Series, on Fri, January 10, at 11:00am s.t. in CISPA’s lecture hall, we are pleased to announce that Thorsten Holz (Ruhr University Bochum) will give a talk on: Fuzzing Hypervisors and Complex Interpreters

Participation is optional and will not influence your exercise points or grade. Please join if you are interested in the topic.

 

Title: Fuzzing Hypervisors and Complex Interpreters

When: Fri, January 10, at 11:00am s.t.

Where: CISPA’s lecture hall

Abstract: In recent years, randomized fuzz-testing (“fuzzing”) has progressed rapidly, mainly driven by tools such as afl and lots of academic work on this topic. In practice, fuzzing is often superior to seemingly "smarter" approaches such as symbolic or concolic execution. We provide an overview of our recent results, including fuzzing hypervisors, grammar-based fuzzing of complex interpreters, and fuzz-testing of stateful systems. In total, the different methods enabled us to find hundreds of software bugs that lead to more than 100 CVEs.

Bio: Thorsten Holz is full professor in the Horst Görtz Institute for IT Security at Ruhr-University Bochum. His research focuses on system security. He obtained his PhD in computer science from the University of Mannheim. He received the DFG Heinz Mai­er-Leib­nitz-Price in 2011 and an ERC Star­ting Grant in 2014. He is one of the three spokespersons of the CASA (Cyber Security in the Age of Large-Scale Adversaries) BMBF Cluster of Excellence in Bochum.

 

/edit: highlighted that participation is optional

07.01.2020

Exercise Sheet 4

Exercise Sheet 4 has been released. This is a graded exercise sheet. Please submit your solution until 19.01.2020 in the CMS. For your submission please also consider the notes on the sheet.

03.01.2020

Tutorials & MiniCTF

There will be no tutorials in the next week (06.01 - 10.01). The first tutorials of 2020 will take place in the week of 13.01-17.01.

Please upload your group assignment for the MiniCTF until 15.01.2020. Please consider ... Read more

There will be no tutorials in the next week (06.01 - 10.01). The first tutorials of 2020 will take place in the week of 13.01-17.01.

Please upload your group assignment for the MiniCTF until 15.01.2020. Please consider https://cms.cispa.saarland/sec1920/3/MiniCTF for details.

18.12.2019

Important Announcement: Graded MiniCTF starting mid of January 2020

Dear students,

Please read this announcement very carefully, especially if you did not attend the lecture today. 

As announced today during the lecture, on 15/01//2020, it will take place the graded MiniCTF competition. This message is for all students,... Read more

Dear students,

Please read this announcement very carefully, especially if you did not attend the lecture today. 

As announced today during the lecture, on 15/01//2020, it will take place the graded MiniCTF competition. This message is for all students, especially those that were not attending the lecture. 

Your first deadline is on 15/01/2020. Please read below and stay tuned for more details!

 

I - What is the MiniCTF competition?

The idea of the MiniCTF competition is to form groups of about four students. Each group will create one MiniCTF-style challenge. Then, all challenges will be made available for all students in a CTF competition.

 

II - How will it be graded?

Grading is per group:

  • 50%: Quality of the challenge, documentation, and implementation (see point VI)
  • 50%: Number of solved challenges (at least 5)

 

III - What are these milestones, and what are the deadlines?

  1. The first milestone is creating groups of students. When: 15/01/2020 (firm deadline)
    • Find your group mates and finalize your group by 15/01 (not “after” but “by”).
  2. The second milestone is the submission of the idea for the MiniCTF challenge. When: TBA, approx one weak after Milestone 1
    • The idea is a document describing the challenge, the expected solution, the backstory, pseudo-code, and more. We will share the exact specs of such a document.
    • The goal of this milestone is to give us (the lectures and TAs) to check the quality and fairness of the challenges
  3. The third milestone is the implementation and submission of the challenge. When: TBA, approx one weak after Milestone 2​
    • ​You will need to submit the flags too
    • Expect to have a CTF website to hour your challenges
  4. The actual CTF competition with all challenges begin. When: TBA, approx one weak after Milestone 3

 

​IV - Do you have any guidelines/tips for creating a good quality challenge?

More details later, but, for now, you will need to keep in mind that a good challenge has four main ingredients:

  1. Fun: solving challenges must be fun
    • Elements increasing the fun factor are a backstory and originality​
  2. Technical: challenges are “challenging” not obvious. Students need to learn something
    • Relating to (or build on) the topics of this lecture 
  3. Fair: A good challenge always has a solution.
    • Harder solutions can be fixed with hints (hints can also be original, fun, related to the backstory)
  4. Novelty: Don’t just copy and paste a challenge from another CTFs or the exercises
    • Plagiarism will be checked for, detected, and not tolerated.

 

 

03.12.2019

Exercise Sheet 3

Exercise Sheet 3 has been released. This is a graded exercise sheet. Please submit your solution until 15.12.2019 in the CMS. For your submission please also consider the notes on the sheet.
22.11.2019

Question Sheet 3 & Results Exercise Sheet 1

Question Sheet 3 has been released. This sheet is ungraded, you do not have to submit solutions for it. It will be discussed in the tutorials next week.

We have finished correcting your submission. You can now see your points as well as feedback on your personal... Read more

Question Sheet 3 has been released. This sheet is ungraded, you do not have to submit solutions for it. It will be discussed in the tutorials next week.

We have finished correcting your submission. You can now see your points as well as feedback on your personal status page.

18.11.2019

Exercise Sheet 2

Exercise Sheet 2 has been released. This is a graded exercise sheet. Please submit your solution until 01.12.2019 in the CMS. For your submission please also consider the notes on the sheet.

15.11.2019

Distinguished Lecture Series talk by Yongdae Kim (KAIST)

As announced in the lecture last week, there is a talk at CISPA before the lecture today, which might be of interest. Yongdae Kim from KAIST will talk on "Forecasting 5G Security from LTE Experience". The talk starts at 10:30 s.t. in the big CISPA lecture hall.... Read more

As announced in the lecture last week, there is a talk at CISPA before the lecture today, which might be of interest. Yongdae Kim from KAIST will talk on "Forecasting 5G Security from LTE Experience". The talk starts at 10:30 s.t. in the big CISPA lecture hall. Attendance is optional and not related to grades or anything in the class.

08.11.2019

Question Sheet 2

Question Sheet 2 has been released. This sheet is ungraded, you do not have to submit solutions for it. It will be discussed in the tutorials next week.

04.11.2019

Exercise Sheet 1

Exercise Sheet 1 has been released. This is a graded exercise sheet. Please submit your solution until 17.11.2019 in the CMS. For your submission please consider the notes on the sheet.
Note that there was a bug in the task "Diffie-Hellman", which is now fixed.... Read more

Exercise Sheet 1 has been released. This is a graded exercise sheet. Please submit your solution until 17.11.2019 in the CMS. For your submission please consider the notes on the sheet.
Note that there was a bug in the task "Diffie-Hellman", which is now fixed. Please have a look at it again if you did not manage to solve it yet.

25.10.2019

Tutorial Assignment & Question Sheet 1

The tutorial assignment has been released. You can now see your tutorial on your personal status page. Tutorials will start next week (28.10-01.11.).

Question Sheet 1 has been released. This sheet is ungraded, you do not have to submit solutions for it. It will... Read more

The tutorial assignment has been released. You can now see your tutorial on your personal status page. Tutorials will start next week (28.10-01.11.).

Question Sheet 1 has been released. This sheet is ungraded, you do not have to submit solutions for it. It will be discussed in the tutorials next week.

18.10.2019

Question Sheet 0 & Office Hour

Question Sheet 0 has been released. This sheet is ungraded, you do not have to submit solutions for it. We have set up a CTF platform for our practical tasks. You can reach it at https://sec19.scy-phy.net/.

There will be no tutorial next week. Instead, we offer... Read more

Question Sheet 0 has been released. This sheet is ungraded, you do not have to submit solutions for it. We have set up a CTF platform for our practical tasks. You can reach it at https://sec19.scy-phy.net/.

There will be no tutorial next week. Instead, we offer an office hour to deal with technical problems and questions about this sheet. The office hour will take place on Tue. 22 Oct. from 10:00 to 12:00 in CISPA Room 0.06.

Show all
 

Security

The Security core lecture ("Stammvorlesung") will be offered in winter term '19/'20. Tutorials will be assigned in the first/second week. Details to follow soon. Please check this website regularly to see updates. Our periodic schedule for the two lectures a week will be:

  • Wednesday 12:15-13:45 (in Guenter-Hotz lecture room)
  • Fri 12:15-13:45 (in Guenter-Hotz lecture room)

The first lecture will be on October 16. Registration in this CMS is required until 23.10.2019 at 4pm. LSF exam registration is required to participate in the exams (and well be possible until ~1 week before the finals).



Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators