Secure Software Engineering

This is a reminder for tomorrow's exam and its regulations:

• Be there on time (around 11:45 hrs) in the Guenter-Hotz-Hoersaal. We aim to start at 12:00 sharp.
• The exam lasts 120 mins and you can earn up to 120 points. You'll pass with 50% or more.
• Bring your student ID.
• You may bring and use one handwritten double-sided A4 sheet that contains any notes you like to have. We will rigorously reject any printed A4 sheet.
• You can bring and use an English/German dictionary.
• Use a non-erasable pen to answer the exam.
• Respect the seating plan to see where you are seated. It's uploaded to CMS and will also be made available tomorrow.

We just published the results for the last exercise sheet, and the exam admission. Please take a look on your Personal Status in the CMS.

• If you are admitted, you have to register in the LSF / Hispos system by tomorrow (Thursday)! Otherwise you will not be allowed to take the exam.
• If you are not admitted, you have to unregister in the LSF / Hispos system by tomorrow (Thursday)! Otherwise we have to count this exam as a failed attempt.

Please do so as soon as possible. We can't accept registrations / unregistrations later that Thursday. In case of problems, please contact us as soon as possible.

Information to those of you who have missed today's lecture:

• The final SSE lecture will be next week Thu, 21.07. and cover Future Internet concepts and Software Defined Network (no prior reading required)
• We will give a (short!) overview of exam topics in this lecture.
• You should sign up for the course in LSF if you have not done so ASAP.
• This week's exercise sheet will be the last one. The deadline is Wed, 20th at 7:59 am (one day earlier than usual to allow for corrections).
• If, after the final sheet correction, you have less than 50% of the total points, do not forget to unregister from the course in LSF (otherwise we have no choice to grade you 5.0).
• UPDATE: You need at least 117 points in total to be able to participate in the exam.

This week's lecture will be on two topics:

Topic 1 - Denial-of-service (continued from last week)

Topic 2 - Content delivery and peer-to-peer networking. See Tanenbaum chapters:

• 7.5.0: Content Delivery
• 7.5.2-a) Server Farms (skip Web Proxies)
• 7.5.3: Content Delivery Networks
• 7.5.4: Peer-to-Peer Networks

Short heads-up as usual: Tomorrow we will cover two topics: email security and denial-of-service. For email security, you can prepare reading Stalling's section on Pretty Good Privacy (PGP). On top of that, we will cover anti-spam methods. For denial-of-service, there is unfortunately little good book material available. Instead, you can read the English Wikipedia introductory article to get a brief overview over DoS, and use the slide material after the lecture to study the topic in more detail.

Next lecture will be on data link layer security. The topics that we will cover are from both “Computer Networks” by Tanenbaum and "Network Security Essentials, Applications and Standards" by Stallings.

“Computer Networks” by Tanenbaum:

• Section 2.3: Wireless Transmission
• Section 4.4: Wireless LANs

Network Security Essentials, Applications and Standards by William Stallings

• Section 5.2:Extensible Authentication Protocol
• Section 5.3 IEEE 802.1X Port-Based Network Access Control
• Section 7.1: Wireless Security
• Section 7.3: Wireless LAN Overview
• Section 7.4: Wireless LAN security

Tomorrow's lecture will be on Network Programming, i.e., how to apply our conceptual knowledge of IP and UDP/TCP in real client/server programs. We will not use lots of book material for this lecture, but instead focus on networking APIs offered by Python. If you want to prepare for the lecture, it is best to go over the following two online documentations:

• https://docs.python.org/2.7/library/socket.html
• https://docs.python.org/2.7/howto/sockets.html

More detailed information on Network Programming is in Steven's "UNIX® Network Programming Volume 1". Although this book is very detailed and helpful, it is written for C network programming, whereas our focus is Python programming (which is much easier!). More on that tomorrow.

• 6.3.1: Desirable Bandwidth Allocation
• 6.3.2: Regulating the Sending Rate
• 6.4.0: UDP (goals and overview)
• 6.4.1: Introduction to UDP
• 6.5.0 – 6.5.6: TCP
• 6.5.8: TCP Sliding Window
• 6.5.10: TCP Congestion Control

Some of your fellow students still have the problem that they selected the Mon 10am tutorial slot both for SSE and SysArch and now have a conflict. We are thus searching for volunteers that want to swap their Tuesday tutorial slot with the Monday 10am slot. Please send an email to crossow@mmci.uni-saarland.de if you choose to volunteer. Note that your fellow students are in a fairly bad situation and they would be very grateful if you could help out. Also note that you will be at the university anyway on Mon 10am, given that the SysArch lecture is Mon 8-10am, so Mon 10am is actually not that inconvenient.

We have uploaded exercise sheet #1 (Data Link Layer). Solutions are due Thu 05.05.2016 07:59:59 CEST. Remember that you have to upload digital solutions to CMS, one solution per group; submissions via email and/or late submissions are not accepted (even if cats have died!). You can either scan your hand-written solution, or submit a machine-written solution. Solutions can be in German or English; in either way, please use the English terminology that we use in the lecture.

Further updates:

• We have uploaded an updated version of the Data Link Layer slides (fixing the source/destination MAC swap in the Ethernet header)
• We have uploaded the initial set of the Network Layer slides

In case you have a conflict with the tutorial at Mon 10am: We just talked to the SysArch lecturers to resolve the conflict of the tutorial at Mon 10am. The situation can likely be solved by moving your SysArch tutorial to another slot. Please write an email to Jan Reineke <reineke@cs.uni-saarland.de> and Christian Rossow <crossow@mmci.uni-saarland.de> to resolve these cases (even if you already did so in other emails) and state that you wish to move your SysArch slot. Do so ASAP, but latest by Thursday.

We've just assigned you to the three SSE tutorial slots. We managed to avoid any "not OK" or "very bad" conflicts, matched 71 (!) times your preference, and 10 times had "just" an "okay" assignment. So all of you are in a slot which you preferred to be in. Log in to SysSecCMS to see your tutorial slot.

Remember: Tutorials will start on Mon 09.06./Tue 10.06.

We have just published the Python tutorial slides and an exercise sheet, which you can find here:

  https://sysseccms.mmci.uni-saarland.de/sse16/materials/

There are three items:

• A link to the Python tutorial slides
• The exercise sheet (as PDF)
• A test.py script to test your solutions (self control)

Note that you do not have to (and you should not) submit solutions to the Python exercise sheet. Doing this exercise sheet is purely for fun and to get familiar with Python. We will also not discuss this exercise sheet in the tutorials. In case you have questions, please just raise them at Askbot, we're glad to help.

Short reminder for the thrilling Python tutorials on Tuesday (tomorrow!) taught by Michael Brengel:

• Tue 10:15 - 12:00: in E2.1 (Bioinformatics building) room 001 ("Aquarium")
• Tue 16:15 - 18:00: in E1.3 (CS building) room 003 (next to our usual lecture room)

Both tutorials feature the exact same content, so it is advised to attend just one session. Will be fun!

And also: As promised in the lecture, we have set up an Askbot [1] instance. Askbot is a Stackoverflow-like system where you can ask questions about topics related to the lecture and other students can help out and gain (toy) credits. Try it out! No need to say that the Askbot participation will not influence your grade.

[1]: https://sysseccms.mmci.uni-saarland.de/askbot/sse16/questions/

The course material of the first two lectures is online.

A minor correction regarding the LSF registration: In contrast to what we said in the lecture, there is no need to sign up at LSF as of now. Please just register at SysSecCMS and sign up for the SSE lecture (as you already did when you receive this email). We will let you know as soon as LSF registration starts.

Please remind your fellow students that they have to register by Sunday: https://sysseccms.mmci.uni-saarland.de/sse16/