PROJEKT: Softwaresicherheit - WS 2006/07
| 18.334 |
Projekt: Softwaresicherheit (Teil 1) |
Time: |
Wednesday 14-18 Uhr (4 SWS) |
Location: |
F-027 [SVS Lab] |
Organisers: |
Joachim Posegga; Bastian Braun, Robert Olotu, Henrich C. Pöhls, Jan Seedorf |
| 1st Lab Meeting: |
Wednesday, 25th of October 2006, 2 pm, F-027 [SVS Lab] |
(Sub)Projects Assignment
The following list contains the assignment of students to the (sub)projects. Please contact your tutor as soon as possible (before Christmas vacation).
| Project |
Name |
Participants |
Tutor |
| 1 |
BS Sicherheit und Zugriffskontrolle |
Nikitas Trigonis, Frederik Wahl, Bodo Eggert, Volker Lübbers |
Christopher Alm |
| 2 |
Static Analyzer |
Michel Gerdes, Sören Glimm, Christopher Holm |
Bastian Braun |
| 3 |
Web App Security Scanner |
Christopher Schwardt, Anika Ströbele, Daniel Kreischer |
Martin Johns |
| 4 |
Signed Micro Content |
Roman Prosch, Marc Päpper, Dennis Polei, Malte Siedenburg |
Henrich C. Pöhls |
| 5 |
XACML in R4eGOV  |
Bernd Kuchenbecker, Julian Ahrens |
Hannah Lee |
| 6 |
VoIP |
Stefan Müller, Jan Möller, Kristian Beckers, Christian Hinkelmann |
Jan Seedorf |
(Sub)Projects Presentation
The following list contains the projects offered in the second part of the project starting approximately end of January 2007. They were presented in the lab session on November, 22nd, 2006. To learn more about them please follow the provided information or contact the supervisors.
Please do not forget to send an EMail to Bastian Braun until November, 29th, 2006, in which you indicate your three most favorite projects you want to participate in. Please order them according to your preference.
| Project |
Name |
Participants |
Tutor |
| 1 |
BS Sicherheit und Zugriffskontrolle |
12 |
Christopher Alm |
| 2 |
Static Analyzer |
11 |
Bastian Braun |
| 3 |
Web App Security Scanner |
13 |
Martin Johns |
| 4 |
JS Engine Extension |
5
|
Martin Johns |
| 5 |
Autonomous Software Security |
6 |
Daniel Schreckling |
| 6 |
Signed Micro Content using WebServices |
9 |
Henrich C. Pöhls |
| 7 |
Signed Micro Content using Firefox |
9 |
Henrich C. Pöhls |
| 8 |
XACML in R4eGOV |
5 |
Hannah Lee |
| 9 |
VoIP |
15 |
Jan Seedorf |
Note: If there are links they are only accessible from within the university network
We are going to publish the assignment of students to the above projects, once the assignment process is completed.
Schedule for talks
In this section you find the titles for talks scheduled within this lab.
| Date |
Title |
Name(s) |
| 01.11. |
IT-Security + Ethics |
Malte Siedenburg, Dennis Polei |
| 08.11. |
Web (Database) Applications and SQL |
Nikitas Trigonis, Frederik Wahl |
| 15.11. |
Session Management and PHP |
Christopher Schwardt, Michel Gerdes |
| 22.11. |
Project Presentations |
SVS WiMis |
| 29.11. |
Secure (Web-)Application Development Guidelines + Aufbau von ASP.Net Applikationen |
Bodo Eggert, Volker Lübbers |
| 06.12. |
Linux process address space (layout,variables,dynamic memory,stack,heap) |
|
| 13.12. |
C programs, assembler code and ELF binaries |
Bernd Kuchenbecker, Julian Ahrens |
| 20.12. |
Shell code (construction, use, problems) |
Christopher Holm, Daniel Kreischer |
| 10.01. |
Buffer Overflow Protection Mechanisms and Heap Overflows |
Anika Ströbele, Jan Möller |
Preparatory Meetings
1st Meeting: Monday, 24th of Juli 2006, 2 pm, F-027 [SVS Lab]
Taking part in at least one of the meetings is obligatory for participating in this class. The program of the project will be presented, preparing literature will be specified. Additionally, the binding registration will take place during these meetings. Generally, if more students register for a place than there are seats we will draw. We awaited confirmation from the first "registrants" until Friday 22nd of September 12 am (cet). By now we have completed the list.
The following students are accepted for this lab, we are looking forward seeing you in the 1st LAB session on Wednesday (25th of October):
| Name |
First name |
| Kuchenbecker |
Bernd |
| Beckers |
Kristian |
| Müller |
Stefan |
| Hinkelmann |
Christian |
| Trigonis |
Nikitas |
| Wahl |
Frederik |
| Siedenburg |
Malte |
| Eggert |
Bodo |
| Möller |
Jan |
| Ströbele |
Anika |
| Name |
First name |
| Schwardt |
Christopher |
| Kreischer |
Daniel |
| Glimm |
Sören |
| Polei |
Dennis |
| Päpper |
Marc |
| Ahrens |
Julian |
| Gerdes |
Michel |
| Prosch |
Roman |
| Lübbers |
Volker |
| Holm |
Christopher |
Move-up candidates: As we have already selected Move-up candidates the likelihood for the remaining candidates to be selected is small!
| Nr. |
Name |
First name |
| 1 |
Otte |
Gideon |
Prerequisites
- Vordiplom
- Good programming skills
- Basic knowledge of operating systems
- Basic knowledge of web applications
Project Outline
The project spreads over two semesters. In the first semester, selected topics in the realm of software security will be discussed. It will cover four semester hours and represents the introductory part of this class where you will learn about common challenges, methods for their resolution, and you will need to provide answers to the given problems.
On the basis of the acquired knowledge, you will have to choose among several distinct projects. In groups of three to four students you will work independently on current practical issues in software security. In the second semester of the project, covering two semester hours, regular meetings with your assigned tutor will guide you to a final presentation of your project.
Topics covered
Here are some topics covered in this course. Note, that this list is not exhaustive:
- Web-service security
- SQL Injection
- Cross-Site Scripting
- Session Hijacking
- Remote Code Injection
- Input Filtering
- Common vulnerabilites (buffer overflows, integer overflows, signedness problems, format strings problems)
- how do they work
- how to exploit them
- how to detect them
- how to prevent them
- Software analysis tools
More information
Vernard Luxe
|
Sitemap 
Search
