Secure Software Design
Lecture SS 2004

Lehrstuhl für Softwaretechnik (Prof. Zeller)
Universität des Saarlandes – Informatik
Informatik Campus des Saarlandes
Campus E9 1 (CISPA)
66123 Saarbrücken
E-mail: zeller @
Telefon: +49 681 302-70970

Deutschsprachige Startseite Page d'acceuil en franšais English home page

This special course (»Spezialvorlesung«, V2 + ▄2, 6 LP) teaches the fundamentals of the design of secure software systems. These are systems which guarantee features such as confidentiality, integrity and availability, even when under attack.

In order to see how these features might be achieved, it is first necessary to understand how software systems can fail trying to provide them. Therefore, a good part of the lecture will deal with security failures of software systems (such as buffer overflows, bad cryptography, good cryptography used badly, random numbers that aren't etc.) and how to defend against them. Another part will take a more positive attitude, developing design rules where security can be designed into a software system right from the start. (Trying to graft in on afterwards never works anyway.)

Copyright Information

You must not use these slides outside the scope of this lecture for any purpose without explicit written permission.


2004-07-20: Even more stuff about the final exam added.

2004-06-23: More stuff about the final exam added.

2004-06-03: Time and place for final exam now fixed.

2004-06-03: Put races lecture online.

2004-06-02: June 10 is a holiday. Therefore, lecture dates and some deadlines have been moved around.

2004-06-01: The README file for the example code contains the wrong offset (308) for the exploit generator. The correct offset (for Debian) is 312.

2004-05-26: Added solution to passwords lecture, put mechanisms lecture online.

2004-05-12: There is now a list of participants online. Please check if your name is on it. If it's not, please mail us.

2004-05-10: Updated group forming policy and due times for exercises.

2004-05-05: May 20 is a holiday; therefore, there will be no lecture on this date. The lectures have all been moved forward one week. Of course, the due dates for the exercises have also been moved forward.

2004-05-04: We have two tutorial sessions and therefore have updated the time and place info.

2004-05-03: More info about the Final Exam

2004-04-27: More info about grading

2004-04-27: This course has a Registration Policy that follows the usual standards: Mandatory registration after a four-week period.

2004-04-26: We have a forum for this course. Just click the “register” button on the top of that page to get an account.

2004-04-23: The grading procedure has been updated.

2004-04-23: The due date for the exercises has moved.

2004-04-23: We now have a new date for the tutorial sessions: Mondays from 1300–1500 in 45/014. If you absolutely cannot come, mail us and we'll see what we can do for you.

2004-04-23: We now have a mailing list for the students and a mailing list for the course administrators.

2004-03-15: Added relevant books section. These books are now available in the Library. (Hint: The books won't do you any good if they just sit there :-) )

Lecture Topics and Dates

Your lecturer is Stephan Neuhaus.

The lecture is in English.

Lecture dates: Thursday 11-13, Building 45, HS 2
Lecture start: Thursday, 2004-04-22.

All future dates and topics are subject to change.

Dot Meaning
Red Materials not yet available
Yellow Materials recently updated
Green Materials available online

In this table, a green dot in the A (Availability) column means that materials are online. A red dot means that materials are not yet available online. A yellow dot means that materials have been updated.

Date Topic A Material
Thu 2004-04-22 About this course Green Slides (PDF) · Slides (PS)
Thu 2004-04-22 Introduction Green Slides (PDF) · Slides (PS) · Exercises
Thu 2004-04-29 Care and Feeding of Passwords Green Slides (PDF) · Slides (PS) · Exercises
Thu 2004-05-06 Random Numbers and Those that Aren't Green Slides (PDF) · Slides (PS) · Handout (PS) · Exercises
Thu 2004-05-13 Random Number Generators Green Slides (PDF) · Slides (PS) · Exercises
Thu 2004-05-20 Holiday: No Lecture!
Thu 2004-05-27 Buffer Overflows: Vulnerability of the Decade Green Slides (PDF) · Slides (PS) · Handout (PS) · Example Code (TAR) · Exercises
Thu 2004-06-03 Security Mechanisms Green Slides (PDF) · Slides (PS) · Exercises
Thu 2004-06-10 Holiday: No Lecture!
Thu 2004-06-17 Race Conditions Green Slides (PDF) · Slides (PS) · Handout (PS) · Exercises
Thu 2004-06-24 Secure Coding Best Practices Green Slides (PDF) · Slides (PS) · Example Code (TAR) · Exercises
Thu 2004-07-01 Input Validation Green Slides (PDF) · Slides (PS) · Exercises
Thu 2004-07-08 Cryptography Green Slides (PDF) · Slides (PS) · Handout (PS) · Exercises
Thu 2004-07-15 Authentication Protocols Green Slides (PDF) · Slides (PS) · Handout (PS) · Exercises
Thu 2004-07-22 Q&A Session Green Slides (PDF) · Slides (PS)


You must register for this course until 2004-05-19. (May 20 is a holiday.). If you are already on the mailing list, you are pre-registered. If you do not want to take this course, you have to unregister by sending me an email.

Important notice: You cannot unregister after May 19. If you fail to unregister at or before May 19, you have committed yourself to taking this course. If you simply do not come to the tutorial sessions and/or the exam, you will have failed the course. So do yourselves a favor and check on or before May 19 whether you really want to take this course.


You no longer have to be present at the tutorial sessions in order to get the points. You get the points by turning in solutions to the exercises, which are then corrected and assigned points by us.

The solutions that you turn in must be written either in English or in German and must be on paper (no electronic submissions). Submissions that are not in English or German, or electronic submissions, will not be graded. If you are stranded on an island with only a wireless link to submit your exercises, we'll probably make an exception to the no-electronic-submissions rule.

The total number of points obtainable in the exercises will be summed at the end of the semester, and the number of points you scored will be used to calculate a percentage.

Some exercises have bonus points associated with them. These bonus points are added to your total score (if you get them), but do not count toward the total number of obtainable points. For example, if there were 100 points in all, plus 20 bonus points, your score would be counted against 100, not 120, points. Percentages above 1.0 will be truncated to 1.0 (it's rare, but it happens). Your percentage must be 0.5 or better for you to participate in the exam.

There are two tutorial sessions:

Day Time Room
Mondays 1300–1500 45/0.14
Wednesdays 0900–1100 36/306

Exercises are due on the Thursday following the lecture, in the lecture hall in 45/002, just before the lecture. You may form goups of at most two people for submitting exercises and are, in fact, encouraged to do so.

No. Exercise Sheet Additional Materials Due Date
1 Introduction None 2004-04-29 1100
2 Passwords Solution 2004-05-06 1100
3 Random Numbers Solution 2004-05-13 1100
4 Random Number Generators Solution 2004-05-27 1100
5 Buffer Overflows None 2004-06-17 1100
6 Security Mechanisms None 2004-06-09 1100 (in 45/302 this time)
7 Race Conditions races.c (C Text) · races-open.c (C Text) 2004-06-24 1100
8 Secure Coding Example Code (TAR) 2004-07-01 1100
9 Input Validation None 2004-07-08 1100
11 Cryptography None 2004-07-15 1100
10 Authentication Solution 2004-07-22 1100

Grading/Final Exam

Organizational Details

The final exam will be on

Monday, 2 August 2004,
in Building 45, Lecture Hall 2

We start at 1300 sharp, not at 1315, so be on time! The exam will continue for a full two hours.

This is the same lecture hall where the lectures take place.

Important points about the exam:

  • There will be at least one question from every lecture (except the very first one).
  • There will be some bonus points.
  • The questions will be more precise than in the assignments.
  • The bonus questions will be more difficult than the bonus questions in the assignments.
  • The exam will count for 60% of the total grade, the assignments for 40%.
  • The questions in the final exam will be in English. You can write your answers either in English or in German.
  • You'll have to pass the exam in order to pass the course.
  • You'll have to take the exam (or have very good reasons for not showing up) in order to be eligible for an oral re-take if you fail.
  • An oral re-take can only distinguish between "4.0" and "fail".
  • To pass the course, you must pass the exam.
  • Let's say, the exam has m points plus n bonus points. You are guaranteed to pass the exam if you get m/2 points or more, including your bonus points.
  • It is possible (even probable, but not certain) that in the end you'll pass if you get p < m/2 points. How many points you need to get “100%” (1.0) will be decided after the exam, but will probably be somewhere around 2p.
  • The number of points you got in the exam will be expressed as a percentage of the “1.0” mark. Percentages in excess of “1.0” will be truncated to 1.0.
  • Then, the final percentage will be computed as 0.4*exercises + 0.6*exam, which will then be converted into a grade. The exact grading scheme is not yet fixed.
  • There are too many questions to answer in the alotted two hours. The suggested strategy is therefore first to read all the questions and then to attempt them in the order from easiest to most difficult.
  • Bringing a (non-programmable) pocket calculator is advised.
  • Dictionaries (here defined as paper-printed books that translate words from one language into words in another language) are OK.
  • Other materials—except for writing implements—are allowed only if explicitly OK'd by Prof. Zeller or me before the exam starts. If we catch anybody using materials that are not OK'd, they risk failing the exam and hence the course.
  • If I ask for “two examples” or “three scenarios” etc, I will count only the first two (or three, or whatever) that you write down. This is to discourage you from simply writing down all examples or scenarios that you can think of and hope that the right ones are in there somewhere.
  • The results will be made available on Thursday, 5 August, 1300h at the latest. A sheet containing student-id/grade pairs will be posted on the board across from my office, together with an exemplary solution.
  • “Klausureinsicht” will be from 1300--1600 on that same day.
  • An oral retake will be offered only for those people who fail the exam narrowly, where “narrowly” is going to be defined later.


Here are some books that are relevant for the lecture. They are all available in the Computer Science Library. The links below will take you to the relevant pages on

Ross Anderson: Security Engineering, ISBN 047138922-6, Wiley, 2001.

Peter Gutmann: Cryptographic Security Architecture, Design and Implementation, ISBN 038795387-6, Springer, 2003.

Michael Howard, David LeBlanc: Writing Secure Code, ISBN 073561722-8, Microsoft Press, 2002.

Charlie Kaufman (yes, just like the director), Radia Perlman, Mike Speciner, Network Security, Private Communication in a Public World, Prentice-Hall, 2002.

John Viega, Gary McGraw: Building Secure Software, ISBN 020172152-X, Addison-Wesley, 2001.

Discussion Forum

We have installed a discussion forum for all course topics. Please register at »Design of Secure Software«.

List of Participants

The following is a list of participants in this course (in no particular order). If you think your name should be on it, but it isn't, please mail us.

Altmeyer, Oliver
Andreeva, Elena
Arkadivsz Dziopa
Augustin, Andreas
Bellion, Michael
Boktiev, Murat
Chebiryak, Yury
Cullmann, Christoph
Dudas, Dorotea
Ehrl, Johannes
Eillinghaus, Tobias
Erbelding, Christian
Gebhard, Gernot
Gehrmann, Tim
Glitsch, Andreas
Heil, Steffen
Herzig, Kim
Hui, Xiang
Jafry, Mansoor
Jochem, Rainer
Kamenski, Vladislav
Kersten, Carl
Khan, Osama
Kiefer, Sascha
Langner, Christian
Legrum, Andreas
Leichtweis, Thomas
Li, Hong
Lorenz, Stefan
Mai, Steven
Martin, Rainer
Moleda, Ania
Nachev, Nayden
Parkitny, Sebastian
Pfalzgraf, Alex
Philipp, Rico
Prohaska, Alexander
Quirin, Thomas
Reifschneider, Andreas
Rieskamp, Jens
Romdhane, Taoufik
Schneider, Thorsten
Schubotz, Rene
Sliwerski, Jacek
Stanev, Stilian
Stein, Ingmar
Wasylkowski, Andrzej
Weber, Christian
Wendt, Stephan
Zapp, Thomas

<> · · Stand: 2018-04-05 13:40