Secure Software Design
Lecture SS 2004
Universität des Saarlandes – Informatik
Informatik Campus des Saarlandes
Campus E9 1 (CISPA)
66123 Saarbrücken
E-mail: zeller @ cs.uni-saarland.de
Telefon: +49 681 302-70970
This special course (»Spezialvorlesung«, V2 + Ü2, 6 LP) teaches the fundamentals of the design of secure software systems. These are systems which guarantee features such as confidentiality, integrity and availability, even when under attack.
In order to see how these features might be achieved, it is first necessary to understand how software systems can fail trying to provide them. Therefore, a good part of the lecture will deal with security failures of software systems (such as buffer overflows, bad cryptography, good cryptography used badly, random numbers that aren't etc.) and how to defend against them. Another part will take a more positive attitude, developing design rules where security can be designed into a software system right from the start. (Trying to graft in on afterwards never works anyway.)
Copyright Information
You must not use these slides outside the scope of this lecture for any purpose without explicit written permission.
News
2004-07-20: Even more stuff about the final exam added.
2004-06-23: More stuff about the final exam added.
2004-06-03: Time and place for final exam now fixed.
2004-06-03: Put races lecture online.
2004-06-02: June 10 is a holiday. Therefore, lecture dates and some deadlines have been moved around.
2004-06-01: The README file for the example code contains the wrong offset (308) for the exploit generator. The correct offset (for Debian) is 312.
2004-05-26: Added solution to passwords lecture, put mechanisms lecture online.
2004-05-12: There is now a list of participants online. Please check if your name is on it. If it's not, please mail us.
2004-05-10: Updated group forming policy and due times for exercises.
2004-05-05: May 20 is a holiday; therefore, there will be no lecture on this date. The lectures have all been moved forward one week. Of course, the due dates for the exercises have also been moved forward.
2004-05-04: We have two tutorial sessions and therefore have updated the time and place info.
2004-05-03: More info about the Final Exam
2004-04-27: More info about grading
2004-04-27: This course has a Registration Policy that follows the usual standards: Mandatory registration after a four-week period.
2004-04-26: We have a forum for this course. Just click the “register” button on the top of that page to get an account.
2004-04-23: The grading procedure has been updated.
2004-04-23: The due date for the exercises has moved.
2004-04-23: We now have a new date for the tutorial sessions: Mondays from 1300–1500 in 45/014. If you absolutely cannot come, mail us and we'll see what we can do for you.
2004-04-23: We now have a mailing list for the students and a mailing list for the course administrators.
2004-03-15: Added relevant books section. These books are now available in the Library. (Hint: The books won't do you any good if they just sit there :-) )
Lecture Topics and Dates
Your lecturer is Stephan Neuhaus.
The lecture is in English.
Lecture dates: Thursday 11-13, Building 45, HS 2
Lecture start: Thursday, 2004-04-22.
All future dates and topics are subject to change.
| Dot | Meaning |
|---|---|
 |
Materials not yet available |
 |
Materials recently updated |
 |
Materials available online |
In this table, a green dot in the A (Availability) column means that materials are online. A red dot means that materials are not yet available online. A yellow dot means that materials have been updated.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Registration
You must register for this course until 2004-05-19. (May 20 is a holiday.). If you are already on the mailing list, you are pre-registered. If you do not want to take this course, you have to unregister by sending me an email.
Important notice: You cannot unregister after May 19. If you fail to unregister at or before May 19, you have committed yourself to taking this course. If you simply do not come to the tutorial sessions and/or the exam, you will have failed the course. So do yourselves a favor and check on or before May 19 whether you really want to take this course.
Exercises
You no longer have to be present at the tutorial sessions in order to get the points. You get the points by turning in solutions to the exercises, which are then corrected and assigned points by us.
The solutions that you turn in must be written either in English or in German and must be on paper (no electronic submissions). Submissions that are not in English or German, or electronic submissions, will not be graded. If you are stranded on an island with only a wireless link to submit your exercises, we'll probably make an exception to the no-electronic-submissions rule.
The total number of points obtainable in the exercises will be summed at the end of the semester, and the number of points you scored will be used to calculate a percentage.
Some exercises have bonus points associated with them. These bonus points are added to your total score (if you get them), but do not count toward the total number of obtainable points. For example, if there were 100 points in all, plus 20 bonus points, your score would be counted against 100, not 120, points. Percentages above 1.0 will be truncated to 1.0 (it's rare, but it happens). Your percentage must be 0.5 or better for you to participate in the exam.
There are two tutorial sessions:
| Day | Time | Room |
|---|---|---|
| Mondays | 1300–1500 | 45/0.14 |
| Wednesdays | 0900–1100 | 36/306 |
Exercises are due on the Thursday following the lecture, in the lecture hall in 45/002, just before the lecture. You may form goups of at most two people for submitting exercises and are, in fact, encouraged to do so.
| No. | Exercise Sheet | Additional Materials | Due Date |
|---|---|---|---|
| 1 | Introduction | None | 2004-04-29 1100 |
| 2 | Passwords | Solution | 2004-05-06 1100 |
| 3 | Random Numbers | Solution | 2004-05-13 1100 |
| 4 | Random Number Generators | Solution | 2004-05-27 1100 |
| 5 | Buffer Overflows | None | 2004-06-17 1100 |
| 6 | Security Mechanisms | None | 2004-06-09 1100 (in 45/302 this time) |
| 7 | Race Conditions | races.c (C Text) · races-open.c (C Text) | 2004-06-24 1100 |
| 8 | Secure Coding | Example Code (TAR) | 2004-07-01 1100 |
| 9 | Input Validation | None | 2004-07-08 1100 |
| 11 | Cryptography | None | 2004-07-15 1100 |
| 10 | Authentication | Solution | 2004-07-22 1100 |
Grading/Final Exam
Organizational Details
The final exam will be on
Monday, 2 August 2004,
1300-1500,
in
Building 45, Lecture Hall 2
We start at 1300 sharp, not at 1315, so be on time! The exam will continue for a full two hours.
This is the same lecture hall where the lectures take place.
Important points about the exam:
- There will be at least one question from every lecture (except the very first one).
- There will be some bonus points.
- The questions will be more precise than in the assignments.
- The bonus questions will be more difficult than the bonus questions in the assignments.
- The exam will count for 60% of the total grade, the assignments for 40%.
- The questions in the final exam will be in English. You can write your answers either in English or in German.
- You'll have to pass the exam in order to pass the course.
- You'll have to take the exam (or have very good reasons for not showing up) in order to be eligible for an oral re-take if you fail.
- An oral re-take can only distinguish between "4.0" and "fail".
- To pass the course, you must pass the exam.
- Let's say, the exam has m points plus n bonus points. You are guaranteed to pass the exam if you get m/2 points or more, including your bonus points.
- It is possible (even probable, but not certain) that in the end you'll pass if you get p < m/2 points. How many points you need to get “100%” (1.0) will be decided after the exam, but will probably be somewhere around 2p.
- The number of points you got in the exam will be expressed as a percentage of the “1.0” mark. Percentages in excess of “1.0” will be truncated to 1.0.
- Then, the final percentage will be computed as 0.4*exercises + 0.6*exam, which will then be converted into a grade. The exact grading scheme is not yet fixed.
- There are too many questions to answer in the alotted two hours. The suggested strategy is therefore first to read all the questions and then to attempt them in the order from easiest to most difficult.
- Bringing a (non-programmable) pocket calculator is advised.
- Dictionaries (here defined as paper-printed books that translate words from one language into words in another language) are OK.
- Other materials—except for writing implements—are allowed only if explicitly OK'd by Prof. Zeller or me before the exam starts. If we catch anybody using materials that are not OK'd, they risk failing the exam and hence the course.
- If I ask for “two examples” or “three scenarios” etc, I will count only the first two (or three, or whatever) that you write down. This is to discourage you from simply writing down all examples or scenarios that you can think of and hope that the right ones are in there somewhere.
- The results will be made available on Thursday, 5 August, 1300h at the latest. A sheet containing student-id/grade pairs will be posted on the board across from my office, together with an exemplary solution.
- “Klausureinsicht” will be from 1300--1600 on that same day.
- An oral retake will be offered only for those people who fail the exam narrowly, where “narrowly” is going to be defined later.
Books
Here are some books that are relevant for the lecture. They are all available in the Computer Science Library. The links below will take you to the relevant pages on Amazon.de.
Ross Anderson: Security Engineering, ISBN 047138922-6, Wiley, 2001.
Peter Gutmann: Cryptographic Security Architecture, Design and Implementation, ISBN 038795387-6, Springer, 2003.
Michael Howard, David LeBlanc: Writing Secure Code, ISBN 073561722-8, Microsoft Press, 2002.
Charlie Kaufman (yes, just like the director), Radia Perlman, Mike Speciner, Network Security, Private Communication in a Public World, Prentice-Hall, 2002.
John Viega, Gary McGraw: Building Secure Software, ISBN 020172152-X, Addison-Wesley, 2001.
Discussion Forum
We have installed a discussion forum for all course topics. Please register at »Design of Secure Software«.
List of Participants
The following is a list of participants in this course (in no particular order). If you think your name should be on it, but it isn't, please mail us.
| Name |
|---|
| Altmeyer, Oliver |
| Andreeva, Elena |
| Arkadivsz Dziopa |
| Augustin, Andreas |
| Bellion, Michael |
| Boktiev, Murat |
| Chebiryak, Yury |
| Cullmann, Christoph |
| Dudas, Dorotea |
| Ehrl, Johannes |
| Eillinghaus, Tobias |
| Erbelding, Christian |
| Gebhard, Gernot |
| Gehrmann, Tim |
| Glitsch, Andreas |
| Heil, Steffen |
| Herzig, Kim |
| Hui, Xiang |
| Jafry, Mansoor |
| Jochem, Rainer |
| Kamenski, Vladislav |
| Kersten, Carl |
| Khan, Osama |
| Kiefer, Sascha |
| Langner, Christian |
| Legrum, Andreas |
| Leichtweis, Thomas |
| Li, Hong |
| Lorenz, Stefan |
| Mai, Steven |
| Martin, Rainer |
| Moleda, Ania |
| Nachev, Nayden |
| Parkitny, Sebastian |
| Pfalzgraf, Alex |
| Philipp, Rico |
| Prohaska, Alexander |
| Quirin, Thomas |
| Reifschneider, Andreas |
| Rieskamp, Jens |
| Romdhane, Taoufik |
| Schneider, Thorsten |
| Schubotz, Rene |
| Sliwerski, Jacek |
| Stanev, Stilian |
| Stein, Ingmar |
| Wasylkowski, Andrzej |
| Weber, Christian |
| Wendt, Stephan |
| Zapp, Thomas |
Impressum ● Datenschutzerklärung
<webmaster@st.cs.uni-saarland.de> · http://www.st.cs.uni-saarland.de/edu/secdesign/?lang=fr · Stand: 2018-04-05 13:40