News

Exam inspection

Written on 02.05.24 by Thorsten Holz

We offer an exam inspection next Monday (May 6) between 10:00 and 12:00. If you would like to check your exam sheets, please come to CISPA building, room 0.07.

Info for re-exam

Written on 09.04.24 by Thorsten Holz

The re-exam will take place tomorrow (April 10) from 14:30 - 16:30 in the Hörsaal 002 (Geb. E1 3). Some hints for the exam:

  • Please arrive 15 minutes early so we can start on time. 
  • We will assign fixed seats, you can see your assigned seat in CMS.
  • The exam will take 120 minutes. A… Read more

The re-exam will take place tomorrow (April 10) from 14:30 - 16:30 in the Hörsaal 002 (Geb. E1 3). Some hints for the exam:

  • Please arrive 15 minutes early so we can start on time. 
  • We will assign fixed seats, you can see your assigned seat in CMS.
  • The exam will take 120 minutes. A non-programmable calculator is allowed, you are not allowed to use a cheat sheet or book.
  • Use a document-proof pen and not a pencil. Please bring your student ID.
  • We will provide a reference with common instructions needed to solve the tasks.

Please let us know if you have question. All the best for the exam!

Exam Inspection

Written on 25.03.24 by Ali Abbasi

Hi,

We have an exam inspection date set for 27.03.2024 between 12:00 and 14:00. If you would like to check your exam sheets, please come to CISPA building, room 0.07.

 

Cheers,

Ali

 

Exam and bus lines distruptions

Written on 26.02.24 by Ali Abbasi

Hi Guys,

Considering the significant disruptions to bus lines today, please plan to arrive at the university as early as possible for the exam.

Cheers,

Ali

 

Info for exam

Written on 24.02.24 (last change on 25.02.24) by Thorsten Holz

The exam will take place next Monday (February 26) from 14:30 - 16:30 in the Günter-Hotz Lecture Hall (GHH). Some hints for the exam:

  • Please arrive 15 minutes early so we can start on time. 
  • We will not assign fixed seats, but you can pick a seat.
  • The exam will take 120 minutes. A… Read more

The exam will take place next Monday (February 26) from 14:30 - 16:30 in the Günter-Hotz Lecture Hall (GHH). Some hints for the exam:

  • Please arrive 15 minutes early so we can start on time. 
  • We will not assign fixed seats, but you can pick a seat.
  • The exam will take 120 minutes. A non-programmable calculator is allowed, you are not allowed to use a cheat sheet or book.
  • Use a document-proof pen and not a pencil. Please bring your student ID.
  • We will provide a reference with common instructions needed to solve the tasks.
  • A strike is announced for Monday, so please plan enough time to come to UdS.

Please let us know if you have question. All the best for the exam!

Exam Admission

Written on 19.02.24 by Ali Abbasi

Hi,

Since we have some problems with the grading Task 6 and 7, we are gonna eliminate them for exam admission, and this changes the threshold for admission to 80 points.

If you have gained 80 points from tasks 1 to 5, you can register today for the exam in LSF. Note that we still count the Tasks… Read more

Hi,

Since we have some problems with the grading Task 6 and 7, we are gonna eliminate them for exam admission, and this changes the threshold for admission to 80 points.

If you have gained 80 points from tasks 1 to 5, you can register today for the exam in LSF. Note that we still count the Tasks 6 and 7 for bonus points. 

 

Cheers,

Ali

 

 

 

Task 7

Written on 09.02.24 by Ali Abbasi

Hi,

We had a problem with  REF for task 7. It should be now OK.

 

Cheers,

Ali

Zoom Link for the class

Written on 17.01.24 by Ali Abbasi

Hello Everybody,

 

Below is the Zoom link for the lecture today at 12:15:

https://cispa-de.zoom-x.de/j/62271416226?pwd=bkhWUVF0VnUrQVJrbGt6aWwrVmhzUT09

 

Cheers,

Ali

 

Tomorrow’s class will be online

Written on 16.01.24 by Ali Abbasi

Hello Everybody,

I hope you are all enjoying the weather!

I guess you all received the weather alert regarding icy condition tomorrow. Considering that your safety and security is important to us, I decided to make tomorrow’s class online. 
 

I will send the zoom link later tonight.


Read more

Hello Everybody,

I hope you are all enjoying the weather!

I guess you all received the weather alert regarding icy condition tomorrow. Considering that your safety and security is important to us, I decided to make tomorrow’s class online. 
 

I will send the zoom link later tonight.


Cheers,

Ali

Course and Tutorial Survey

Written on 12.01.24 by Ali Abbasi

Hello Everybody,

I trust you're all managing well and finding this week's "easy" homework enjoyable!

We would like to know how you feel about the course and tutorial. Therefore, we would like to ask you to take a few minutes and fill out the survey linked below. The survey will be available… Read more

Hello Everybody,

I trust you're all managing well and finding this week's "easy" homework enjoyable!

We would like to know how you feel about the course and tutorial. Therefore, we would like to ask you to take a few minutes and fill out the survey linked below. The survey will be available until January 31, 2024.  Needless to say, the survey is anonymous. 

Survey link for the course:

https://qualis.uni-saarland.de/eva/?l=147126&p=u3wzem

 

Survey link for the tutorial:

https://qualis.uni-saarland.de/eva/?l=1471261&p=oxc06k

 

Cheers,

Ali

 

PS: Here is my meme for all of you meme makers:

https://imgflip.com/i/8c5411


 

 

 

 

 

 

Change of the class starting time today

Written on 10.01.24 by Ali Abbasi

Hi

 

Due to the reservation of our classroom by another event, and to avoid a possible collision, we are told by the CISPA front office that the class today should start a little bit later.

Instead of usual time of 12:15, we will start around 12:30 sharp. Note that this is a one time… Read more

Hi

 

Due to the reservation of our classroom by another event, and to avoid a possible collision, we are told by the CISPA front office that the class today should start a little bit later.

Instead of usual time of 12:15, we will start around 12:30 sharp. Note that this is a one time occurance, and next week we will go back to our usual 12:15 schedule.

 

Cheers,

Ali

 

 

 

Exercise #3 online

Written on 05.12.23 by Joschua Schilling

Dear students,

sheet 3 is online now. Deadline is the 18th of December, but I recommend that you start early. If you have any questions, use the forum or ask in the tutorial session.

Happy Hacking,

Joschua

Exercise #2 online

Written on 22.11.23 by Joschua Schilling

Dear students,

sheet 2 is online now. Deadline is the 5th of December, but I recommend, that you start early. If you have any questions, use the forum or ask in the tutorial session.

Happy Hacking,

Joschua

Exercise #1

Written on 10.11.23 (last change on 21.11.23) by Thorsten Holz

The first exercise is available online. Please be sure to read the REF documentation. You need to hand in your solution until November 21 28, 23:59. We have extended the deadline by one week to make up for the missed tutorial on Monday.

Show all

About the course

In this course, important theoretical and practical aspects from the area of systems security are presented and discussed. The focus is on various aspects of software security and different attack and defense techniques are presented. More specifically, important attack methods (e.g., buffer overflows, race conditions, use-after-free, heap overflows, etc.) as well as defense strategies (e.g., non-executable memory, Address Space Layout Randomization, memory tagging, etc.) are discussed. Other topics of the lecture are fuzzing, symbolic execution, reverse engineering, obfuscation, and similar aspects of systems security. 

At the end of the course, students should be able to analyze security aspects of various types of software systems, detect vulnerabilities in the design and implementation, and independently develop security mechanisms. In addition, other aspects from the area of systems security, such as fuzzing and security aspects of operating systems, will be discussed. An important part of the course are exercises, which illustrate and deepen the material with practical examples.

 


Prerequisites

There are no formal prerequisites for this course. However, if you want to participate, please take the following aspects into account:

  • You should have experience in systems-oriented programming. In addition, it helps if you have experience in the C programming language to understand some of the topics, Python is helpful as well.
  • You should have a basic understanding of operating systems (e.g., memory management, scheduling, etc.).
  • You should be familiar with Linux, as the exercises are based on a remote exercise framework that is accessible via SSH only.

Background in security is also an advantage (e.g., prior participation in the Foundations of Cybersecurity lecture or Security core lecture). However, we will also cover several relevant aspects as part of the lectures.
 


Time and Location

Lectures will be on Wednesday from 12:15 - 13:45 in C0 - 0.05 (CISPA lecture hall)


Grading

To pass the course, you must score at least 50% on the final exam. In the final exam, you can reach 100 points, so you need to achieve at least 50 points in the final exam to pass the course. To be admitted to the exam, you must achieve at least 50% of the points from the seven exercises. Your final grade is based only on your exam result and you can earn bonus points via the exercises. You can find more details below:

Assignments

During the semester there are seven assignments to be solved with a total of 240 points. You must achieve a total of at least 50% (120 points) to be admitted to the exam. The assignments are related to the topics covered in the lectures and are designed to deepen your knowledge of these topics. We strongly encourage you to solve these assignments, as this will help you understand the topics covered in the lectures in more detail. Note that the first exercise sheets will have less points compared to the later exercise sheets. You can obtain bonus points if you reach more than 120 points: the number of bonus points is (total points - 120) / 10 (rounded to nearest number). So if you achieve 183 points in the exercises, you will receive 6 bonus points, while 195 points lead to 8 bonus points. The final grade will be the points in your final exam + bonus points. 

Assignments must be submitted individually, group work is not permitted. A submission usually consists of a theoretical and a practical part. The solutions to all theoretical tasks (e.g., questions, tables to fill in, etc.) must be submitted in a single PDF file. For all practical tasks, we have prepared a remote environment equipped with all necessary tools and materials. Practical tasks are solved and submitted directly within this environment. We will provide more information in the first assignment sheet. These practical exercises are designed like CTF challenges. You will typically have the task of exploiting a vulnerable program to extract a secret flag.

  • Strict no cheating policy
    You may discuss the assignments with other students, but you are not allowed to collaborate with others on the solution. Your solution should be original and not an existing solution (e.g., from someone else or from the internet). All submissions will be automatically checked for plagiarism, as we have a strict no-cheating policy. If we find a case of plagiarism, we will assign zero points. If you ever get stuck, you can ask questions in the forum or participate in the exercise lessons. We invite you to help fellow students who have asked questions, but avoid giving away the solution. Nobody likes spoilers :)
  • Solutions
    We will upload solutions for all assignments, but the concise nature of solutions might not be able to answer all your questions. We recommend you to use the forum or join the exercise lessons if you have any questions.
  • Writing Assignments
    To simplify the grading of assignments, we only accept digital solutions and not handwritten ones. We recommend using LateX for these tasks. An example template can be found here. If you need an introduction to Latex, the overleaf documentation is a good starting point.

 

Written Exam

At the end of the semester, there will be a written exam and a re-exam, the dates will be announced at the end of October. Note that physical presence is required for the exam. The exam will consist of both theoretical questions and practical questions. The theoretical questions refer to the theoretical parts and concepts of the slides and possibly to additional content presented in the lecture that is not part of the slides. The practical questions are similar (in principle) to the practical assignments. However, the complexity of the questions is naturally scaled to fit the available exam time (e.g., you are not expected to implement a lengthy piece of assembler code). If you score at least 50% of the points, you will pass the class.

All questions of the exam are in English. Answers can be given either in English or in German, at the student’s discretion.

No lecture notes or any other materials are allowed during the exam. All materials required to solve the practical questions are provided at the exam.

The end-term exam will take place on Monday, 26.02.2024, from 14:30–16:30 in Günter-Hotz-Hörsaal (GHH)

The backup exam will take place on Wednesday, 10.04.2024, from 14:30–16:30 in HS002 in E1 3


Registration

Register for the course here in the CISPA CMS. 

Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators.