Display language
To modulepage Generate PDF

#40441 / #7

Seit WiSe 2020/21

English

Embedded Systems Security Lab

6

Seifert, Jean-Pierre

benotet

Portfolioprüfung

Zugehörigkeit


Fakultät IV

Institut für Softwaretechnik und Theoretische Informatik

34355100 FG S-Professur Security in Telecommunications

No information

Kontakt


TEL 16

Jacob, Hans Niklas

lehre@sect.tu-berlin.de

Learning Outcomes

This module’s qualification aims are: 1. Understanding of security relevant interfaces (hard- and software) of (embedded) computer systems 2. Practical experience in identifying, exploiting, and fixing of vulnerabilities in hard- and software 3. A profound evaluation of system security

Content

The security lab offers students the opportunity to learn how to analyze the system security of embedded systems. It covers topics from hardware security and debug facilities and then moves on to software security issues in applications, the kernel and messaging handling drivers. This course focuses on practically relevant details and hands-on experience instead of providing thorough theoretical background information. Students will have to solve multiple challenges, where a system has to be analyzed and then compromised. Basic Linux and C programming knowledge is required. The lab is organized as a practical course (PR) and students will be working individually with an ARM development board (Raspberry Pi II). TOPICS: • Serial interface • ARM introduction • JTAG hardware debugging interface • OpenOCD, BusPirate • Software debugging with GDB • Linux security tools • Public key cryptography, certificates and signatures • Shellcode • Memory corruption vulnerabilities • NX/XD/XN, ASLR, stack canaries • ELF binary format • Heap structure • Integer overflows • Kernel security

Module Components

Pflichtteil:

All Courses are mandatory.

Course NameTypeNumberCycleLanguageSWSVZ
Security LabPR0434 L 972WiSeGerman/English4

Workload and Credit Points

Security Lab (PR):

Workload descriptionMultiplierHoursTotal
Assignments6.025.0h150.0h
Presence hours15.02.0h30.0h
180.0h(~6 LP)
The Workload of the module sums up to 180.0 Hours. Therefore the module contains 6 Credits.

Description of Teaching and Learning Methods

The module consists of a practical course.

Requirements for participation and examination

Desirable prerequisites for participation in the courses:

Prerequisites: • familiarity with Unix/Linux operating system primitives (e.g. using a command line) Recommended additional skills: • low-level programming concepts (pointers, registers, stack vs. heap, ...) • basic concepts of cryptography In order to complete the assignments, each participant needs at least one computer with administrator privileges (i.e. being able to log into university computers is insufficient) preferrably running Linux. It is possible to complete the tasks while using Windows or MacOS as well, but the teaching staff cannot provide guidance on those operating systems.

Mandatory requirements for the module test application:

This module has no requirements.

Module completion

Grading

graded

Type of exam

Portfolio examination

Type of portfolio examination

100 Punkte pro Element

Language

English

Test elements

NameWeightCategorieDuration/Extent
(deliverable) firmware extraction and static analysis1practical2 weeks
(deliverable) code injection1practical2 weeks
(deliverable) information disclosure1practical2 weeks
(deliverable) breaking the syscall API1practical2 weeks
(deliverable) machine level code injection1practical2 weeks
(deliverable) attacking remotely1practical2 weeks

Grading scale

Notenschlüssel »Notenschlüssel 2: Fak IV (2)«

Gesamtpunktzahl1.01.31.72.02.32.73.03.33.74.0
100.0pt95.0pt90.0pt85.0pt80.0pt75.0pt70.0pt65.0pt60.0pt55.0pt50.0pt

Test description (Module completion)

• (Practical Course) 6 practical assignments

Duration of the Module

The following number of semesters is estimated for taking and completing the module:
1 Semester.

This module may be commenced in the following semesters:
Wintersemester.

Maximum Number of Participants

The maximum capacity of students is 24.

Registration Procedures

There is a hard limit of 24 students (due to hardware limitations). See https://sect.tu-berlin.de/ for details on how and when to register

Recommended reading, Lecture notes

Lecture notes

Availability:  unavailable

 

Electronical lecture notes

Availability:  unavailable

 

Literature

Recommended literature
No recommended literature given

Assigned Degree Programs


This module is used in the following Degree Programs (new System):

Studiengang / StuPOStuPOsVerwendungenErste VerwendungLetzte Verwendung
Computer Engineering (M. Sc.)124WiSe 2020/21SoSe 2024
Computer Science (Informatik) (M. Sc.)116WiSe 2020/21SoSe 2024
Elektrotechnik (M. Sc.)18WiSe 2020/21SoSe 2024
ICT Innovation (M. Sc.)18WiSe 2020/21SoSe 2024
Informatik (B. Sc.)18WiSe 2020/21SoSe 2024
Technische Informatik (B. Sc.)116WiSe 2020/21SoSe 2024
Wirtschaftsingenieurwesen (M. Sc.)18WiSe 2020/21SoSe 2024

Miscellaneous

No information