Systems Security

Thorsten Holz

News

Re-Exam

Written on 25.03.22 (last change on 25.03.22) by Thorsten Holz

Dear students,

please note the following information on the re-exam:

  • The Systems Security re-exam will take place on Thursday, 31.03. at 10:45 in HS 1 in E2 5. Please arrive 15 minutes early so we can start on time. Note that we start 15 minutes later than initially planned due to another… Read more

Dear students,

please note the following information on the re-exam:

  • The Systems Security re-exam will take place on Thursday, 31.03. at 10:45 in HS 1 in E2 5. Please arrive 15 minutes early so we can start on time. Note that we start 15 minutes later than initially planned due to another appointment.

  • The seating assignment for the re-exam has been released. You should find your seat on your personal status page. In case you think something is wrong (i.e. you cannot see your seat) please contact us immediately. 

  • The exam will take 120 minutes. A non-programmable calculator is allowed, you are not allowed to use a cheat sheet. We will provide a reference with common Intel x86 instructions.

The typical Corona regulations apply for the re-exam:

  • A medical mouth-nose-protection mask (surgical mask or FFP2/KN95/N95 mask) must be worn during the entire exam. Please bring such a mask with you, as we are unable to provide them for you.

  • Saarland University follows the 3G rule. Thus, to participate in the exam you have to be completely vaccinated, recovered, or have a negative test certificate (a negative antigen rapid test is valid 24 hours, a negative PCR test certificate is valid 48 hours). If you fail to provide proof of your vaccination status, you must leave the campus and your exam is discarded.
    Note: A single dose of “COVID-19 Vaccine Janssen” (Johnson & Johnson) is no longer considered fully vaccinated.

  • Students who have the typical symptoms of SARS-Cov2 disease are not be allowed to take exams. This does not include students who have a negative daytime test result. Students who have had close contact with a Corona-positive person may only attend exams and courses if they can show sufficient vaccination protection (basic immunization not longer than 3 months or booster vaccination) or convalescent status (not older than 3 months) or vaccination protection after recovery and are asymptomatic (see § 4 b Ordinance on Corona Pandemic (VO-CP)).

  • Students who are unable to take an examination due to isolation or quarantine in accordance with the Ordinance on the Control of the Corona Pandemic (VO-CP) may effectively withdraw from the examinations without receiving a failed attempt. The regulations for withdrawal from examinations of the respective valid examination regulations apply. Proof of the withdrawal must be submitted without culpable hesitation.

Exam Q&A

Written on 15.02.22 (last change on 15.02.22) by Moritz Schlögel

We will hold another Q&A tomorrow (Wednesday 16.02) at 13:00 (using the usual Zoom room https://ruhr-uni-bochum.zoom.us/j/66060407187?pwd=a2FzN0N5am5MS1BQOEh2ZkJIcU5lUT09). There will be no active content, we will only answer questions from your side. All documents regarding the exam (e.g., seating… Read more

We will hold another Q&A tomorrow (Wednesday 16.02) at 13:00 (using the usual Zoom room https://ruhr-uni-bochum.zoom.us/j/66060407187?pwd=a2FzN0N5am5MS1BQOEh2ZkJIcU5lUT09). There will be no active content, we will only answer questions from your side. All documents regarding the exam (e.g., seating plan) are available in CMS.

Re-exam on March 31

Written on 10.02.22 by Thorsten Holz

The date for the re-exam had to be moved to March 31. The exam will start at 10:30 am and we use the room HS I in E2 5 (Math).

No lecture today / Evaluation

Written on 02.02.22 by Thorsten Holz

Unfortunately we need to cancel today's lecture due to a CISPA internal event, we are sorry for the inconvenience! We will link some material in CMS such that you can use the time to learn about other kinds of software vulnerabilities. See you again next week, we will wrap-up the lecture and provide… Read more

Unfortunately we need to cancel today's lecture due to a CISPA internal event, we are sorry for the inconvenience! We will link some material in CMS such that you can use the time to learn about other kinds of software vulnerabilities. See you again next week, we will wrap-up the lecture and provide an overview of the exam. About one week before the exam, we will also offer a Q&A session during which you can ask questions.

 

Please fill in the evaluation form available at https://qualis.uni-saarland.de/eva/?l=133660&p=by69t8 to provide feedback for the course, we will use it to update the course in the next iteration.

Access restrictions for the Remote Exercise Framework

Written on 21.01.22 by Thorsten Holz

As a security measure, the Remote Exercise Framework (REF) will be only accessible via VPN from January 26, 2022. Every student registered for the System Security course will receive an e-mail with further instructions and credentials required for authentication via VPN. In case you did not receive an… Read more

As a security measure, the Remote Exercise Framework (REF) will be only accessible via VPN from January 26, 2022. Every student registered for the System Security course will receive an e-mail with further instructions and credentials required for authentication via VPN. In case you did not receive an email until February 24, please contact us. Make sure your setup is working in a timely manner since there will be no grace period if you request support shortly before the current task's deadline.

The VPN solution is implemented via WireGuard, you need a private key sent to you via email as mentioned above. In case of problems or questions, please contact nils.bars@ruhr-uni-bochum.de, moritz.schloegel@ruhr-uni-bochum.de, or use the forum. Please mind supplying important information such as your OS and WireGuard version.

Online-only lecture on November 24

Written on 23.11.21 by Thorsten Holz

As announced in the last lecture, the lecture on November 24 will be online-only via Zoom. 

Stay safe and healthy!

Lecture and tutorial formats

Written on 19.10.21 by Thorsten Holz

This year's lecture format will be hybrid, i.e., we will have in-person lectures in the CISPA lecture hall (0.05), which are also streamed through a Zoom webinar. You can find the Zoom link and other information at https://cms.cispa.saarland/syssec/2/Access_to_lectures. The tutorial will be online, we… Read more

This year's lecture format will be hybrid, i.e., we will have in-person lectures in the CISPA lecture hall (0.05), which are also streamed through a Zoom webinar. You can find the Zoom link and other information at https://cms.cispa.saarland/syssec/2/Access_to_lectures. The tutorial will be online, we will provide more information in the first lecture.

In-person meetings include mask mandates and students have to register through the Staysio app for each lecture. Should you not wish to use the app, you have to bring in the "alternative sheet" (https://www.uni-saarland.de/fileadmin/upload/page/coronavirus/Alternativformular-Staysio.pdf) to the lectures, which we then have to collect. Beyond that, we recommend usage of the Corona Warn App.
Show all

About the course

In this course, important theoretical and practical aspects from the area of systems security are presented and discussed. The focus is on various aspects of software security and different attack and defense techniques are presented. More specifically, important attack methods (e.g., buffer overflows, race conditions, microarchitectural attacks, etc.) as well as defense strategies (e.g., non-executable memory, Address Space Layout Randomization, memory tagging, etc.) are discussed. Other topics of the lecture are fuzzing, obfuscation, and similar aspects of systems security. 

At the end of the course, students should be able to analyze security aspects of various types of software systems, detect vulnerabilities in the design and implementation, and independently develop security mechanisms. In addition, other aspects from the area of systems security, such as privacy and anonymity, will be discussed. An important part of the course are exercises, which illustrate and deepen the material with practical examples.

At the end of the class, the students know important theoretical and practical aspects of security mechanisms of modern software systems. They are able to independently analyze the security of a given program, detect vulnerabilities in the design, and independently develop possible solutions and protective mechanisms. In addition, they have become familiar with basic terms from the field of systems security. They are able to create new security models themselves and defend them argumentatively. 
 

Prerequisites

There are no formal prerequisites for this course. However, if you want to participate, please take the following aspects into account:

  • You should have experience in systems-oriented programming. In addition, it helps if you have experience in the C programming language to understand some of the topics, Python is helpful as well.
  • You should have a basic understanding of operating systems (e.g., memory management, scheduling, etc.).
  • You should be familiar with Linux, as the exercises are based on a remote exercise framework that is accessible via SSH.

Background in security is also an advantage (e.g., prior participation in the Foundations of Cybersecurity lecture or Security core lecture). However, we will also cover several relevant aspects as part of the lectures.
 

Time and Location

The lecture will take place every Wednesday from 12:15-13:45 o'clock, starting on October 20, 2021. The lecture will be offered in a hybrid format: we will have regular lectures in the CISPA lecture hall (0.05) and also record the lectures. The tutorial will be offered via Zoom on Monday at 12:00 o'clock, you can find more information on the page "Access to lectures".
 

Grading

For passing the course, you need to obtain at least 50% of the points from the final exam. For admission to the exam, you need to obtain at least 50% of the points from the exercises (120 110 points). The final grade is based on your exam results only. More details can be found below:
 

Assignments

During the semester, there will be seven six assignments with a total of 240 220 points. You need at least 50% in total (120 110 points) to be admitted to the exam. The assignments cover the topics discussed in the lectures and aim to deepen your knowledge of the topics. We encourage you to solve these assignments because this helps to understand the topics covered in the lectures.

Assignments have to be submitted individually, no group work is allowed. A submission typically consists out of a theoretical and practical part. Submit solutions to all theoretical tasks (e.g., questions, charts to fill out, etc.) in a single PDF file. For all practical tasks, we have prepared a remote environment equipped with all necessary tools and materials. Practical tasks are solved and submitted directly within this environment. Check the Remote Exercise Framework (REF) PDF for more information. These practical exercises are designed like CTF challenges. You will typically be tasked to exploit a vulnerable program to extract a secret flag.

  • Strict no cheating policy
    You can discuss the assignments with other students, but you are not allowed to collaborate on the solution with anyone. Your solution should be original and not be an existing solution (e.g., from someone else or from the Internet). All submissions will be automatically checked for plagiarism, we have a strict no-cheating policy. If we detect a case of plagiarism, we will assign zero points. If you are stuck at some point, you may ask questions in the forum or join the digital consultation-hours. We invite you to help fellow students that asked questions but avoid giving away the solution. Nobody likes spoilers :)
  • Solutions
    We will upload solutions for all assignments but the concise nature of solutions can be insufficient to answer all your questions. We recommend you use the forum or join the digital consultation-hour if you have questions.
  • Writing Assignments
    To simplify grading assignments, we only accept digital not handwritten solutions. We recommend using LateX for these tasks. An example template can be found here. If you need an introduction to Latex, the overleaf documentation is a good starting point.

 

Written Exam

At the end of the semester, there will be a written exam on February 21 and a re-exam on March 30. Note that physical presence is required for the exam. The exam consists of both theoretical questions and practical questions. Theoretical questions are based on the theoretic parts and concepts of the slides and possibly additional content presented in the lecture, which is not part of the slides. Practical questions are, in principle, similar to the practical assignments. However, the complexity of the questions is of course scaled to make them adequate for the time available during an exam (e.g., you are not expected to implement a longer piece of assembler code). If you have at least 50% of the points, you will pass the class.

All questions of the exam are in English. Answers can be given either in English or in German, at the student’s discretion.

No lecture notes or any other materials are allowed during the exam. All materials required to solve the practical questions are provided at the exam.

 

Registration

Register for the course here in the CISPA CMS. Registration will open on September 15, 2021. 

Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators.