Secure Software Engineering Christian Rossow

News

23.11.2016

Room for reexam inspection

Quick reminder: the exam inspection will be tomorrow at 11am in room 1.07 at CISPA (E9 1).

11.11.2016

Reexam Inspection

We have published the reexam grades in CMS. The exam inspection will take place on Thu, Nov 24th, from 11am-noon. Room will be announced.

13.10.2016

Re-Exam reminder

Just a quick reminder that the re-exam will take place tomorrow in lecture hall 1 in E2.5 (maths building) at 10:00. As last time:

  • Please be there a few minutes in advance (~9:45), so we can start timely.
  • The exam lasts 120 mins and you can earn up to 120... Read more

Just a quick reminder that the re-exam will take place tomorrow in lecture hall 1 in E2.5 (maths building) at 10:00. As last time:

  • Please be there a few minutes in advance (~9:45), so we can start timely.
  • The exam lasts 120 mins and you can earn up to 120 points. You'll pass with 50% or more.
  • Bring your student ID.
  • You may bring and use one handwritten double-sided A4 sheet that contains any notes you like to have. We will rigorously reject any printed A4 sheet.
  • You can bring and use an English/German dictionary.
  • Use a non-erasable pen to answer the exam.
  • Respect the seating plan to see where you are seated. It's uploaded to CMS and will also be made available tomorrow.
06.10.2016

Re-Exam and LSF Registration

Our re-exam takes place next week, Friday 14.10.2016.

  • If you are admitted, you have to register in the LSF / Hispos system by today (Thursday)! Otherwise you will not be allowed to take the re-exam.
  • If you are not admitted but already registered for the... Read more

Our re-exam takes place next week, Friday 14.10.2016.

  • If you are admitted, you have to register in the LSF / Hispos system by today (Thursday)! Otherwise you will not be allowed to take the re-exam.
  • If you are not admitted but already registered for the re-exam, you have to unregister in the LSF / Hispos system by today (Thursday)! Otherwise we have to count this exam as a failed attempt.

You are admitted to the re-exam if and only if you have been admitted to the first exam. Please do so as soon as possible. The LSF does not accept registrations / unregistrations later that Thursday. In case of problems, please contact us as soon as possible.

01.09.2016

Exam results & review

We have just published the results of the exam. Congratulations to all of you who passed. You should have received an email about this and can see your grade in CMS. We will hand over the grades to the examination office after the post-exam review... Read more

We have just published the results of the exam. Congratulations to all of you who passed. You should have received an email about this and can see your grade in CMS. We will hand over the grades to the examination office after the post-exam review ("Klausureinsicht"). The review will be on Mon 12.09. from 10am to noon in room 1.07 in E9.1 (first floor CISPA building).

28.07.2016

Exam regulations reminder

This is a reminder for tomorrow's exam and its regulations:

  • Be there on time (around 11:45 hrs) in the Guenter-Hotz-Hoersaal. We aim to start at 12:00 sharp.
  • The exam lasts 120 mins and you can earn up to 120 points. You'll pass with 50% or more.
  • Bring... Read more

This is a reminder for tomorrow's exam and its regulations:

  • Be there on time (around 11:45 hrs) in the Guenter-Hotz-Hoersaal. We aim to start at 12:00 sharp.
  • The exam lasts 120 mins and you can earn up to 120 points. You'll pass with 50% or more.
  • Bring your student ID.
  • You may bring and use one handwritten double-sided A4 sheet that contains any notes you like to have. We will rigorously reject any printed A4 sheet.
  • You can bring and use an English/German dictionary.
  • Use a non-erasable pen to answer the exam.
  • Respect the seating plan to see where you are seated. It's uploaded to CMS and will also be made available tomorrow.
20.07.2016

Exam Admission and LSF Registration

We just published the results for the last exercise sheet, and the exam admission. Please take a look on your Personal Status in the CMS.

  • If you are admitted, you have to register in the LSF / Hispos system by tomorrow (Thursday)! Otherwise you will not be... Read more

We just published the results for the last exercise sheet, and the exam admission. Please take a look on your Personal Status in the CMS.

  • If you are admitted, you have to register in the LSF / Hispos system by tomorrow (Thursday)! Otherwise you will not be allowed to take the exam.
  • If you are not admitted, you have to unregister in the LSF / Hispos system by tomorrow (Thursday)! Otherwise we have to count this exam as a failed attempt.

Please do so as soon as possible. We can't accept registrations / unregistrations later that Thursday. In case of problems, please contact us as soon as possible.

14.07.2016

Final lecture + exercise information

Information to those of you who have missed today's lecture:

  • The final SSE lecture will be next week Thu, 21.07. and cover Future Internet concepts and Software Defined Network (no prior reading required)
  • We will give a (short!) overview of exam topics in... Read more

Information to those of you who have missed today's lecture:

  • The final SSE lecture will be next week Thu, 21.07. and cover Future Internet concepts and Software Defined Network (no prior reading required)
  • We will give a (short!) overview of exam topics in this lecture.
  • You should sign up for the course in LSF if you have not done so ASAP.
  • This week's exercise sheet will be the last one. The deadline is Wed, 20th at 7:59 am (one day earlier than usual to allow for corrections).
  • If, after the final sheet correction, you have less than 50% of the total points, do not forget to unregister from the course in LSF (otherwise we have no choice to grade you 5.0).
  • UPDATE: You need at least 117 points in total to be able to participate in the exam.
05.07.2016

Reading material for this week's lecture

This week's lecture will be on two topics:

Topic 1 - Denial-of-service (continued from last week)

Topic 2 - Content delivery and peer-to-peer networking. See Tanenbaum chapters:

  • 7.5.0: Content Delivery
  • 7.5.2-a) Server Farms (skip Web... Read more

This week's lecture will be on two topics:

Topic 1 - Denial-of-service (continued from last week)

Topic 2 - Content delivery and peer-to-peer networking. See Tanenbaum chapters:

  • 7.5.0: Content Delivery
  • 7.5.2-a) Server Farms (skip Web Proxies)
  • 7.5.3: Content Delivery Networks
  • 7.5.4: Peer-to-Peer Networks
05.07.2016

Date reexam: Fri, Oct 14th

The date for the reexam has finally been fixed, sorry for the long delay.

The reexam will be on Friday, Oct 14th, 2016 at 10am.

Note that the entrance requirements also hold for the reexam.

29.06.2016

Reading material for tomorrow's lecture

Short heads-up as usual: Tomorrow we will cover two topics: email security and denial-of-service. For email security, you can prepare reading Stalling's section on Pretty Good Privacy (PGP). On top of that, we will cover anti-spam methods. For denial-of-service,... Read more

Short heads-up as usual: Tomorrow we will cover two topics: email security and denial-of-service. For email security, you can prepare reading Stalling's section on Pretty Good Privacy (PGP). On top of that, we will cover anti-spam methods. For denial-of-service, there is unfortunately little good book material available. Instead, you can read the English Wikipedia introductory article to get a brief overview over DoS, and use the slide material after the lecture to study the topic in more detail.

20.06.2016

Reading material for next lecture (Thu 23.06)

Next lecture will be on data link layer security. The topics that we will cover are from both “Computer Networks” by Tanenbaum and "Network Security Essentials, Applications and Standards" by Stallings.

“Computer Networks” by Tanenbaum:

Next lecture will be on data link layer security. The topics that we will cover are from both “Computer Networks” by Tanenbaum and "Network Security Essentials, Applications and Standards" by Stallings.

“Computer Networks” by Tanenbaum:

  • Section 2.3: Wireless Transmission
  • Section 4.4: Wireless LANs

Network Security Essentials, Applications and Standards by William Stallings

  • Section 5.2:Extensible Authentication Protocol
  • Section 5.3 IEEE 802.1X Port-Based Network Access Control
  • Section 7.1: Wireless Security
  • Section 7.3: Wireless LAN Overview
  • Section 7.4: Wireless LAN security
01.06.2016

Reading material for tomorrow's lecture

Tomorrow's lecture will be on Network Programming, i.e., how to apply our conceptual knowledge of IP and UDP/TCP in real client/server programs. We will not use lots of book material for this lecture, but instead focus on networking APIs offered by Python. If you... Read more

Tomorrow's lecture will be on Network Programming, i.e., how to apply our conceptual knowledge of IP and UDP/TCP in real client/server programs. We will not use lots of book material for this lecture, but instead focus on networking APIs offered by Python. If you want to prepare for the lecture, it is best to go over the following two online documentations:

  • https://docs.python.org/2.7/library/socket.html
  • https://docs.python.org/2.7/howto/sockets.html

More detailed information on Network Programming is in Steven's "UNIX® Network Programming Volume 1". Although this book is very detailed and helpful, it is written for C network programming, whereas our focus is Python programming (which is much easier!). More on that tomorrow.

18.05.2016

Reading material for tomorrow's lecture

As mentioned in the lecture, upon popular request, we will make the list of further reading available before each lecture. The preliminary list of further reading for tomorrow's lecture is from Tanenbaum/Wetherall: “Computer Networks”
As mentioned in the lecture, upon popular request, we will make the list of further reading available before each lecture. The preliminary list of further reading for tomorrow's lecture is from Tanenbaum/Wetherall: “Computer Networks”
  • 6.3.1: Desirable Bandwidth Allocation
  • 6.3.2: Regulating the Sending Rate
  • 6.4.0: UDP (goals and overview)
  • 6.4.1: Introduction to UDP
  • 6.5.0 – 6.5.6: TCP
  • 6.5.8: TCP Sliding Window
  • 6.5.10: TCP Congestion Control
12.05.2016

Exercise sheet #2 (Network Layer) and slides are online

We just published the next exercise sheet (due next Thu 8am!) and the Network Layer slides in SysSecCMS.

29.04.2016

Searching for tutorial swapping partners: Tue -> Mon

Some of your fellow students still have the problem that they selected the Mon 10am tutorial slot both for SSE and SysArch and now have a conflict. We are thus searching for volunteers that want to swap their Tuesday tutorial slot with the Monday 10am slot. Please... Read more

Some of your fellow students still have the problem that they selected the Mon 10am tutorial slot both for SSE and SysArch and now have a conflict. We are thus searching for volunteers that want to swap their Tuesday tutorial slot with the Monday 10am slot. Please send an email to crossow@mmci.uni-saarland.de if you choose to volunteer. Note that your fellow students are in a fairly bad situation and they would be very grateful if you could help out. Also note that you will be at the university anyway on Mon 10am, given that the SysArch lecture is Mon 8-10am, so Mon 10am is actually not that inconvenient.

28.04.2016

Exercise sheet #1 (Data Link Layer) online & slide updates

We have uploaded exercise sheet #1 (Data Link Layer). Solutions are due Thu 05.05.2016 07:59:59 CEST. Remember that you have to upload digital solutions to CMS, one solution per group; submissions via email and/or late submissions are not accepted (even if cats have... Read more

We have uploaded exercise sheet #1 (Data Link Layer). Solutions are due Thu 05.05.2016 07:59:59 CEST. Remember that you have to upload digital solutions to CMS, one solution per group; submissions via email and/or late submissions are not accepted (even if cats have died!). You can either scan your hand-written solution, or submit a machine-written solution. Solutions can be in German or English; in either way, please use the English terminology that we use in the lecture.

Further updates:

  • We have uploaded an updated version of the Data Link Layer slides (fixing the source/destination MAC swap in the Ethernet header)
  • We have uploaded the initial set of the Network Layer slides
28.04.2016

SysArch / SSE tutorial collisions

In case you have a conflict with the tutorial at Mon 10am: We just talked to the SysArch lecturers to resolve the conflict of the tutorial at Mon 10am. The situation can likely be solved by moving your SysArch tutorial to another slot. Please write an email to Jan... Read more

In case you have a conflict with the tutorial at Mon 10am: We just talked to the SysArch lecturers to resolve the conflict of the tutorial at Mon 10am. The situation can likely be solved by moving your SysArch tutorial to another slot. Please write an email to Jan Reineke <reineke@cs.uni-saarland.de> and Christian Rossow <crossow@mmci.uni-saarland.de> to resolve these cases (even if you already did so in other emails) and state that you wish to move your SysArch slot. Do so ASAP, but latest by Thursday.

27.04.2016

Tutorial start in May, not in June

Small correction: The SSE tutorials will of course start in May, not in June, i.e., on Mon 09.05./Tue 10.05.

27.04.2016

Tutorial slots have been assigned

We've just assigned you to the three SSE tutorial slots. We managed to avoid any "not OK" or "very bad" conflicts, matched 71 (!) times your preference, and 10 times had "just" an "okay" assignment. So all of you are in a slot which you preferred to be in. Log in to... Read more

We've just assigned you to the three SSE tutorial slots. We managed to avoid any "not OK" or "very bad" conflicts, matched 71 (!) times your preference, and 10 times had "just" an "okay" assignment. So all of you are in a slot which you preferred to be in. Log in to SysSecCMS to see your tutorial slot.

Remember: Tutorials will start on Mon 09.06./Tue 10.06.

27.04.2016

Python tutorial and Python exercise sheet online

We have just published the Python tutorial slides and an exercise sheet, which you can find here:

  https://sysseccms.mmci.uni-saarland.de/sse16/materials/

There are three items:

  • A link to the Python tutorial slides
  • The exercise sheet (as PDF)
  • A... Read more

We have just published the Python tutorial slides and an exercise sheet, which you can find here:

  https://sysseccms.mmci.uni-saarland.de/sse16/materials/

There are three items:

  • A link to the Python tutorial slides
  • The exercise sheet (as PDF)
  • A test.py script to test your solutions (self control)

Note that you do not have to (and you should not) submit solutions to the Python exercise sheet. Doing this exercise sheet is purely for fun and to get familiar with Python. We will also not discuss this exercise sheet in the tutorials. In case you have questions, please just raise them at Askbot, we're glad to help.

25.04.2016

Python tutorial and Askbot

Short reminder for the thrilling Python tutorials on Tuesday (tomorrow!) taught by Michael Brengel:

  • Tue 10:15 - 12:00: in E2.1 (Bioinformatics building) room 001 ("Aquarium")
  • Tue 16:15 - 18:00: in E1.3 (CS building) room 003 (next to our usual lecture... Read more

Short reminder for the thrilling Python tutorials on Tuesday (tomorrow!) taught by Michael Brengel:

  • Tue 10:15 - 12:00: in E2.1 (Bioinformatics building) room 001 ("Aquarium")
  • Tue 16:15 - 18:00: in E1.3 (CS building) room 003 (next to our usual lecture room)

Both tutorials feature the exact same content, so it is advised to attend just one session. Will be fun!

And also: As promised in the lecture, we have set up an Askbot [1] instance. Askbot is a Stackoverflow-like system where you can ask questions about topics related to the lecture and other students can help out and gain (toy) credits. Try it out! No need to say that the Askbot participation will not influence your grade.

[1]: https://sysseccms.mmci.uni-saarland.de/askbot/sse16/questions/

21.04.2016

Materials online & minor update

The course material of the first two lectures is online.

A minor correction regarding the LSF registration: In contrast to what we said in the lecture, there is no need to sign up at LSF as of now. Please just register at SysSecCMS and sign up for the SSE lecture... Read more

The course material of the first two lectures is online.

A minor correction regarding the LSF registration: In contrast to what we said in the lecture, there is no need to sign up at LSF as of now. Please just register at SysSecCMS and sign up for the SSE lecture (as you already did when you receive this email). We will let you know as soon as LSF registration starts.

Please remind your fellow students that they have to register by Sunday: https://sysseccms.mmci.uni-saarland.de/sse16/

20.04.2016

First lecture

The first lecture takes place Thursday, 21.04.2016 08:15s.t., in building E1.3, room 002.

Show all
 

Secure Software Engineering

(Network Security)

Ever wondered about Ethernet, IP, UDP/TCP? How does DNS work, and which pitfalls there are? What are Denial-of-Service attacks and botnets? You will like this course if you find such security topics interesting.

This course is a mandatory course for Cyber Security students (6 CP).

Mandatory registration by Sunday April 24th.

 

Content (preliminary)

  • Data Link Layer (Ethernet)
  • Network Layer (IP, ARP, DHCP, ...)
  • Transport Layer (TCP, UDP)
  • Network programming
  • DNS
  • Secure networking (TLS, Email, P2P networks)
  • Network attacks (DDoS, spoofing, reconnaissance, ...)
  • Network defenses (Firewall, Intrusion Detection, ...)


If you encounter technical problems, please contact the administrators