News

Re-exam inspection

Written on 17.04.23 by Thorsten Holz

We will offer an inspection of the re-exam on Wednesday (April 19) at 13:30 in room 2.22 / C0 building. If this date does not work for you, please email us and we will find an alternative date.

Info for re-exam

Written on 01.04.23 by Thorsten Holz

The re-exam will take place next Tuesday (April 4) from 14:30 - 16:30 in the Günter-Hotz Lecture Hall (GHH, see Klausurenkalender). 

  • Please arrive 10 minutes early so we can start on time. 
  • The seating assignment is available via CMS, you should find your seat on your personal status… Read more

The re-exam will take place next Tuesday (April 4) from 14:30 - 16:30 in the Günter-Hotz Lecture Hall (GHH, see Klausurenkalender). 

  • Please arrive 10 minutes early so we can start on time. 
  • The seating assignment is available via CMS, you should find your seat on your personal status page. This only affects students who do not have access to LSF. Students who have access to LSF but missed the registration in LSF cannot take the exam. In case you think something is wrong (i.e. you cannot see your seat) please contact us immediately. 
  • The exam will take 120 minutes. A non-programmable calculator is allowed, you are not allowed to use a cheat sheet. We will provide a reference with common instructions needed to solve the tasks.

All the best for the re-exam!

Second Exam Registration

Written on 27.03.23 by Ali Abbasi

Hi Everybody,

Some of you struggled to register for the second exam. Unfortunately, there is a problem with LSF, and people at HIZ are trying to solve it. We heard that if you try multiple times you might be able to register.

In case you could not do it, you can send an e-mail to Read more

Hi Everybody,

Some of you struggled to register for the second exam. Unfortunately, there is a problem with LSF, and people at HIZ are trying to solve it. We heard that if you try multiple times you might be able to register.

In case you could not do it, you can send an e-mail to studium@cs.uni-saarland.de and they will check whether you are registered or not and in case you are not they will register you.

 

Cheers,

Ali

 

Exam inspection

Written on 22.03.23 by Thorsten Holz

The grades are available in CMS since some time. We will offer an exam inspection tomorrow (March 23) at 15:00. Please come to office C 2.17. If this date does not work for you, please email us and we will find an alternate date.

Exam points available on CMS

Written on 15.03.23 (last change on 15.03.23) by Matteo Leonelli

The points from the main exam and your bonus points are now available. You can find them in your personal status. The grading scale and final grade is also available, please let us know if you spot a mistake.

Information about exam inspection will follow soon, likely the exam inspection will take… Read more

The points from the main exam and your bonus points are now available. You can find them in your personal status. The grading scale and final grade is also available, please let us know if you spot a mistake.

Information about exam inspection will follow soon, likely the exam inspection will take place next week.

Info for exam

Written on 15.02.23 by Thorsten Holz

The exam will take place this Friday (February 17) from 14:30 - 16:30 in the Günter-Hotz Lecture Hall (GHH):

  • Please arrive 10 minutes early so we can start on time. 
  • The seating assignment is available via CMS, you should find your seat on your personal status page. In case you think something… Read more

The exam will take place this Friday (February 17) from 14:30 - 16:30 in the Günter-Hotz Lecture Hall (GHH):

  • Please arrive 10 minutes early so we can start on time. 
  • The seating assignment is available via CMS, you should find your seat on your personal status page. In case you think something is wrong (i.e. you cannot see your seat) please contact us immediately. 
  • The exam will take 120 minutes. A non-programmable calculator is allowed, you are not allowed to use a cheat sheet. We will provide a reference with common instructions needed to solve the tasks.

All the best for the exam!

Sheet 7 Grades and Feedbacks Online

Written on 10.02.23 by Matteo Leonelli

Dear students,

the grades and feedback from the last exercise of this class are now online. You can find them in your personal status. 
If you have any questions, please feel free to contact me.

Congratulations to everyone who participated in the assignments. 
Best of luck with the exam wink
Read more

Dear students,

the grades and feedback from the last exercise of this class are now online. You can find them in your personal status. 
If you have any questions, please feel free to contact me.

Congratulations to everyone who participated in the assignments. 
Best of luck with the exam wink
Matteo

Q&A Session Friday 2pm

Written on 09.02.23 (last change on 09.02.23) by Joschua Schilling

Dear students,

we want to use our last tutorial session slot as a general Q&A session for any questions you have regarding the lecture or the exercises. Please note, that we do not know the exam ourselves and can therefore not answer, what will or will not be part of it.

We are looking forward… Read more

Dear students,

we want to use our last tutorial session slot as a general Q&A session for any questions you have regarding the lecture or the exercises. Please note, that we do not know the exam ourselves and can therefore not answer, what will or will not be part of it.

We are looking forward to your questions tomorrow at 2pm in the lecture zoom room.

Best,

Simon & Joschua

 

 

Lecture Hall Change

Written on 08.02.23 by Ali Abbasi

Please be advised that today's class will also be in room 01 instead of 05 (so the same as last week)

Sheet 6 Grades and Feedbacks Online

Written on 03.02.23 by Matteo Leonelli

Dear students,

The grades and feedbacks for the exercise 06 are now online. You can find them in your Personal Status. 

If you have any questions, feel free to contact me.

Best :)
Matteo

Lecture Hall Change

Written on 01.02.23 by Ali Abbasi

Please be advised that today meeting will be in room 01 instead of 05.

Sheet 7 + Info Sheet 6

Written on 29.01.23 by Joschua Schilling

Dear students,

sheet 7 is online now. Due to your upcoming exams, we tried to reduce the workload of the last sheet to a minimum. This might also be a good opportunity to get points for those in need.

Another important information regarding the submission of sheet 6 and 7: You may explain… Read more

Dear students,

sheet 7 is online now. Due to your upcoming exams, we tried to reduce the workload of the last sheet to a minimum. This might also be a good opportunity to get points for those in need.

Another important information regarding the submission of sheet 6 and 7: You may explain your code in code comments or in the pdf. But even if you do not have any contents for the pdf, please still submit a file via the CMS. You may write something like "Solutions submitted via REF". Without a submission in the CMS, Matteo can not give the points to you in the CMS!

If you have any questions about the last two sheets, email us or join us in the tutorial session on Friday at 2pm.

Happy Hacking,

Joschua

Sheet 5 Grades and Feedbacks Online

Written on 24.01.23 by Matteo Leonelli

Dear students,

The grades and feedbacks for the exercise 05 are now online. You can find them in your Personal Status. 

If you have any questions, feel free to contact me.
The comments are provided only for the exercises that you submit. If you didn't submit the exercise you get 0 points for… Read more

Dear students,

The grades and feedbacks for the exercise 05 are now online. You can find them in your Personal Status. 

If you have any questions, feel free to contact me.
The comments are provided only for the exercises that you submit. If you didn't submit the exercise you get 0 points for this one.

Best :)
Matteo

Sheet 4 Grades and Feedbacks Online

Written on 20.01.23 (last change on 20.01.23) by Matteo Leonelli

Dear students,

The grades and feedbacks for the exercise 04 are now online. You can find them in your Personal Status. 

If you have any questions, feel free to contact me.
The comments are provided only for the exercises that you submit. If you didn't submit the exercise you get (ofc) 0 points… Read more

Dear students,

The grades and feedbacks for the exercise 04 are now online. You can find them in your Personal Status. 

If you have any questions, feel free to contact me.
The comments are provided only for the exercises that you submit. If you didn't submit the exercise you get (ofc) 0 points for this one.

Enjoy the weekend :)
Matteo

Sheet 6

Written on 20.01.23 by Joschua Schilling

Dear students,

sheet 6 is online now. We have added a minor update regarding task 0. Therefore, please make sure you have the newest version (published at 3pm). If you have any questions, use the forum, email us or join us in the tutorial session on Friday at 2pm.

Happy Fuzzing,

Joschua

Sheet 5 online

Written on 07.01.23 by Joschua Schilling

Dear students,

sheet 5 is online now. Especially the heap exercise can be quite tricky, so I suggest, that you start early. If you have any questions, use the forum, email us or join us in the tutorial session on Friday at 2pm.

Happy Hacking,

Joschua

Sheet 3 Grades and Feedbacks Online

Written on 07.01.23 by Matteo Leonelli

Dear students,

The grades and feedbacks for the third exercise sheet are now online. You can find them in your Personal Status. 

If you have any questions, feel free to contact me.

Best,
Matteo

Happy New Year!

Written on 04.01.23 by Thorsten Holz

We wish you a Happy New Year! The next two lectures (i.e., today's lecture and next week's lecture on control and data structure recovery) will be available as pre-recorded videos, we will publish the videos today and tomorrow. Please use the forum to ask questions about the content of the lectures,… Read more

We wish you a Happy New Year! The next two lectures (i.e., today's lecture and next week's lecture on control and data structure recovery) will be available as pre-recorded videos, we will publish the videos today and tomorrow. Please use the forum to ask questions about the content of the lectures, we can also discuss open questions by mail or at an appointment (please mail Prof. Holz).

Sheet 4 online

Written on 19.12.22 by Joschua Schilling

Dear students,

sheet 4 is online now. It is a bit exploitation heavy, so I suggest, that you start early. If you have any questions, use the forum, email us or join us in the tutorial session on Friday at 2pm.

Happy Hacking,

Joschua

Sheet 3 deadline extended

Written on 13.12.22 by Joschua Schilling

Dear students,

we have extended the deadline for the current (3rd) exercise sheet to December 22 23:59pm. However, to avoid scheduling conflicts for the upcoming sheets, the 4th sheet will be published end of this week, so that you can work on both sheets in parallel. We hope that this solution… Read more

Dear students,

we have extended the deadline for the current (3rd) exercise sheet to December 22 23:59pm. However, to avoid scheduling conflicts for the upcoming sheets, the 4th sheet will be published end of this week, so that you can work on both sheets in parallel. We hope that this solution will give you more flexibility.

A short reminder: As every week, there will be a tutorial session on Friday at 2pm, where you can ask questions.

Best regards,

Joschua

Sheet 2 Grades + Feedbacks

Written on 12.12.22 (last change on 12.12.22) by Matteo Leonelli

Dear students,

The grades and feedbacks for the second exercise sheet are now online. You can find them in your Personal Status. 

I will ask you again to please take care of the following points for the next submission:

  • Place your name AND matriculation number in the pdf
  • Remember to do… Read more

Dear students,

The grades and feedbacks for the second exercise sheet are now online. You can find them in your Personal Status. 

I will ask you again to please take care of the following points for the next submission:

  • Place your name AND matriculation number in the pdf
  • Remember to do the task submit to receive the point for your code
  • Submit the right pdf on CMS

If you have any questions, feel free to contact me.

Best,
Matteo

Sheet 1 Feedback online

Written on 08.12.22 by Joschua Schilling

Dear students,

another update regarding the grading. You should be able to find your feedback in the CMS right next to your submission.

To everyone who joined last week's tutorial: Thank you for your feedback regarding the phrasing of the exercise sheet. We have updated the sheet for the next… Read more

Dear students,

another update regarding the grading. You should be able to find your feedback in the CMS right next to your submission.

To everyone who joined last week's tutorial: Thank you for your feedback regarding the phrasing of the exercise sheet. We have updated the sheet for the next course. If you have any questions left, feel free to ask us.

See you at the tutorial session tomorrow at 2pm,

Joschua

Sheet 1 Graded

Written on 07.12.22 (last change on 07.12.22) by Matteo Leonelli

Dear students,

The grades for the first exercise sheet are now online. You can find them in your Personal Status. 

Please take care of the following point for the next submission:

  • Place your name AND matriculation number in the pdf
  • The assignments have to be answered in… Read more

Dear students,

The grades for the first exercise sheet are now online. You can find them in your Personal Status. 

Please take care of the following point for the next submission:

  • Place your name AND matriculation number in the pdf
  • The assignments have to be answered in English
  • Remember to do the task submit to receive the point for your code

If you have any questions, feel free to contact me.

Best,
Matteo

Solutions for the exercise sheets

Written on 01.12.22 by Joschua Schilling

The solution for the first exercise sheet is online and can be found in Materials. The grading itself, will take a bit longer, but Matteo is already working on it.

The solutions for the next exercises will be automatically unlocked right after the deadline. This allows you to have a look at the… Read more

The solution for the first exercise sheet is online and can be found in Materials. The grading itself, will take a bit longer, but Matteo is already working on it.

The solutions for the next exercises will be automatically unlocked right after the deadline. This allows you to have a look at the solutions before the exercise sessions on Friday. However, if something is unclear, or you have any remaining questions regarding a past or the current exercise sheet, feel free to ask us on Friday.

See you tomorrow,

Simon & Joschua

Lecture on November 30 / Second exercise

Written on 30.11.22 by Thorsten Holz

As a quick reminder: there is no lecture this week, we have uploaded a video for the remaining content of the Software Security I/II block. The second exercise sheet is available as well, CMS now should show the correct times for all exercises.

Tutorial on Fridays at 2pm (s.t.)

Written on 25.11.22 by Thorsten Holz

In case you missed it in the last lecture: The time for the tutorial is now set, we have the tutorial on Fridays at 2:00pm (s.t.). The tutorial is organized in an online form, we use the same Zoom link as in the lecture (see "Information" => "Access to lectures").

First exercise

Written on 18.11.22 by Thorsten Holz

The first exercise is now available, you can find it under Materials.

No lecture on Wednesday, Nov 16

Written on 16.11.22 by Thorsten Holz

We will not have a lecture today, there is a CISPA-internal event and hence the room is blocked. The next lecture is on November 23, we will publish the first exercise sheet tomorrow.

Welcome!

Written on 26.10.22 by Thorsten Holz

Welcome to Systems Security! The first course meeting is on Wednesday, Oct 26, 2022, at 10:15 am. You can participate in-person (ZSHZ - 0.05 Hörsaal - CISPA building) or remotely (you can find the Zoom link under "Information" while logged in). See you then!

Show all

About the course

In this course, important theoretical and practical aspects from the area of systems security are presented and discussed. The focus is on various aspects of software security and different attack and defense techniques are presented. More specifically, important attack methods (e.g., buffer overflows, race conditions, use-after-free, heap overflows, etc.) as well as defense strategies (e.g., non-executable memory, Address Space Layout Randomization, memory tagging, etc.) are discussed. Other topics of the lecture are fuzzing, symbolic execution, reverse engineering, obfuscation, and similar aspects of systems security. 

At the end of the course, students should be able to analyze security aspects of various types of software systems, detect vulnerabilities in the design and implementation, and independently develop security mechanisms. In addition, other aspects from the area of systems security, such as fuzzing and security aspects of operating systems, will be discussed. An important part of the course are exercises, which illustrate and deepen the material with practical examples.

 


Prerequisites

There are no formal prerequisites for this course. However, if you want to participate, please take the following aspects into account:

  • You should have experience in systems-oriented programming. In addition, it helps if you have experience in the C programming language to understand some of the topics, Python is helpful as well.
  • You should have a basic understanding of operating systems (e.g., memory management, scheduling, etc.).
  • You should be familiar with Linux, as the exercises are based on a remote exercise framework that is accessible via SSH only.

Background in security is also an advantage (e.g., prior participation in the Foundations of Cybersecurity lecture or Security core lecture). However, we will also cover several relevant aspects as part of the lectures.
 


Time and Location

The lecture will take place every Wednesday from 10:15-11:45 o'clock, starting on October 26, 2022. The lecture will be offered in a hybrid format: we will have regular lectures in the CISPA lecture hall (ZSHZ / 0.05) and also record the lectures. We will also offer a tutorial, more information will follow soon. You can find more information on the page "Access to lectures".


Grading

To pass the course, you must score at least 50% on the final exam. In the final exam, you can reach 100 points, so you need to achieve at least 50 points in the final exam to pass the course. To be admitted to the exam, you must achieve at least 50% of the points from the seven exercises. Your final grade is based only on your exam result and you can earn bonus points via the exercises. You can find more details below:

Assignments

During the semester there are seven assignments to be solved with a total of 240 points. You must achieve a total of at least 50% (120 points) to be admitted to the exam. The assignments are related to the topics covered in the lectures and are designed to deepen your knowledge of these topics. We strongly encourage you to solve these assignments, as this will help you understand the topics covered in the lectures in more detail. Note that the first exercise sheets will have less points compared to the later exercise sheets. You can obtain bonus points if you reach more than 120 points: the number of bonus points is (total points - 120) / 10 (rounded to nearest number). So if you achieve 183 points in the exercises, you will receive 6 bonus points, while 195 points lead to 8 bonus points. The final grade will be the points in your final exam + bonus points. 

Assignments must be submitted individually, group work is not permitted. A submission usually consists of a theoretical and a practical part. The solutions to all theoretical tasks (e.g., questions, tables to fill in, etc.) must be submitted in a single PDF file. For all practical tasks, we have prepared a remote environment equipped with all necessary tools and materials. Practical tasks are solved and submitted directly within this environment. We will provide more information in the first assignment sheet. These practical exercises are designed like CTF challenges. You will typically have the task of exploiting a vulnerable program to extract a secret flag.

  • Strict no cheating policy
    You may discuss the assignments with other students, but you are not allowed to collaborate with others on the solution. Your solution should be original and not an existing solution (e.g., from someone else or from the internet). All submissions will be automatically checked for plagiarism, as we have a strict no-cheating policy. If we find a case of plagiarism, we will assign zero points. If you ever get stuck, you can ask questions in the forum or participate in the exercise lessons. We invite you to help fellow students who have asked questions, but avoid giving away the solution. Nobody likes spoilers :)
  • Solutions
    We will upload solutions for all assignments, but the concise nature of solutions might not be able to answer all your questions. We recommend you to use the forum or join the exercise lessons if you have any questions.
  • Writing Assignments
    To simplify the grading of assignments, we only accept digital solutions and not handwritten ones. We recommend using LateX for these tasks. An example template can be found here. If you need an introduction to Latex, the overleaf documentation is a good starting point.

 

Written Exam

At the end of the semester, there will be a written exam and a re-exam, the dates will be announced at the end of October. Note that physical presence is required for the exam. The exam will consist of both theoretical questions and practical questions. The theoretical questions refer to the theoretical parts and concepts of the slides and possibly to additional content presented in the lecture that is not part of the slides. The practical questions are similar (in principle) to the practical assignments. However, the complexity of the questions is naturally scaled to fit the available exam time (e.g., you are not expected to implement a lengthy piece of assembler code). If you score at least 50% of the points, you will pass the class.

All questions of the exam are in English. Answers can be given either in English or in German, at the student’s discretion.

No lecture notes or any other materials are allowed during the exam. All materials required to solve the practical questions are provided at the exam.

The exam will take place on February 17th from 14:30 - 16:30 in the Günter-Hotz Lecture Hall (GHH). The re-exam will be on April 4th from 14:30 - 16:30 in the Günter-Hotz Lecture Hall (GHH).

 


Registration

Register for the course here in the CISPA CMS. Registration will open on October 1, 2022. 

Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators.