Sven Obser (s9s
David Pfaff (dav.pfaff
Philip Peter (s
Pengming Wang (s9pewan
News
- 2011/02/23: The seating plan for the final exam is online.
- 2011/01/20: The fourth project is online.
- 2011/01/12: The exam inspection will take place next Wednesday (January, 19th) between 11 a.m. and 2 p.m. in our conference room (Building E1 1, Room2.18).
Please come within the assigned time-slots:- 11:00-11:50 Lastnames starting from A-G
- 11:50-12:40 Lastnames starting from H-O
- 12:40-13:30 Lastnames starting from P-Z
- 13:30-14:00 If the assigned timeslot does not fit your schedule
- 2011/01/12: There will be no lecture on January 19th.
- 2010/12/22: Some ProVerif examples from the lecture are now online.
- 2010/12/21: The sample solution for the fourth exercise sheet is online.
- 2010/12/17: The third project is online.
- 2010/12/14: The seating plan for the midterm exam is online.
- 2010/12/07: Time changed: The final exam will take place on Thursday, February 24th, 2011. It will start at 9:00 a.m.
- 2010/11/17: The second project is online.
- 2010/11/10: The second exercise sheet is online.
- 2010/11/07: The sample solutions for the first exercise sheet are online.
- 2010/11/03: We added useful material for the first project.
- 2010/10/29: There is a new email address for reaching the teaching assistants.
- 2010/10/28: Due to the public holiday All-Saints, the tutorials on Monday will be shifted as follows.<br/>Tutorial 1: Wednesday 8-10 in E1 3, HS 001,</br>Tutorial 2: Tuesday 8-10 in E1 1, Room 3.06,<br/> Tutorial 3: Tuesday 10-12 in E1 1, Room 3.06
- 2010/10/28: Office hours of the teaching assistants: Friday 11 - 12.
- 2010/10/27: The first project is online.
- 2010/10/26: The slides from the GDB tutorial are available here.
- 2010/10/25: The room of the tutorial on Monday 14 - 16 (Tutorial 3) has changed.
- 2010/10/22: The rooms of the tutorials on Monday 14 - 16 and Tuesday 12 - 14 have changed.
- 2010/10/20: Registration in the lecture management system is online.
- 2010/10/05: Time changed: Wednesday and Friday 12 - 14
Assignments
The course comprises four practical projects and six theoretical exercise sheets. You can work in teams (which have to be fixed throughout the entire course) of up to two people. For the practical projects the first team that manages to solve a subtask and provides proof of that by e-mail receives additional bonus points for that subtask. Each team can get at most three such extra points. The status of each subtask will be displayed by an internal webpage.
The projects are going to be handed out at the end of the class and posted on the course web page roughly every 3 weeks (the precise dates are listed below). Sample solutions will be posted on an internal web page and discussed in the tutorials.
The theoretical assignments are going to be handed out every second week. The teams from the practical projects are allowed to work together, but every student has to submit an own solution of the exercise sheet.
Lecture Timetable
ERROR OPENING FILE "lectures.txt"Tutorials
| ID | Day | Time | Room | TA |
| 1 | Tue | 12-14 | HS 003 (E1 3) | Philip Peter |
| 2 | Tue | 16-18 | HS 003 (E1 3) | Pengming Wang |
| 3 | Mon | 8-10 | HS 003 (E1 3) | Holger Bornträger |
| 4 | Mon | 12-14 | HS 003 (E1 3) | Sven Obser |
| 5 | Mon | 14-16 | SR 016 (E1 3) | David Pfaff |
Project #1 (Control Hijacking Attacks)
Project description: project1.pdf
Resources: code.tar.gz vm.tar.gz early bird status
Useful references:
- Smashing The Stack For Fun And Profit, Aleph One
- Buffer overflows demystified, Murat
- The Frame Pointer Overwrite, klog
- Basic Integer Overflows, blexim
- Exploiting Format String Vulnerabilities, scut/team teso
- How to hijack the Global Offset Table with pointers for root shells, c0ntex
- Intel Architecture Guide for Software Developers
Project #2 (Web Attacks)
Project description: project2.pdf
Resources: Peanut Foundation useful hints email script peanut.tar.gz txt-db-api.tar.gz early bird status
This project is due on 7 December 2010 at 11:59 p.m.
Project #3 (ProVerif)
Project description: project3.pdf
Resources: ProVerif homepage early bird status
This project is due on 13 January 2011 at 11:59 p.m.
Project #4 (Jif)
Project description: project4.pdf
Resources: Jif homepage Password.jif LStack.java early bird status
This project is due on 08 February 2011 at 11:59 p.m.
Grading
For passing the course the following minimal amount of points is needed:- 50% of the points from the theoretical assignments,
- 50% of the points from the practical projects,
- 50% of the points from the final exam, and
- 50% of the points overall (i.e., including the midterm exam).