Moses - Security Lab Project

Display language

To modulepage Generate PDF

Diese Modulbeschreibung gilt nicht im aktuellen Semester.

Die Modulbeschreibung gilt nur für den Zeitraum SS 2017 - WS 2018/19.

Module / Version:
#40805 / #1

Validity:
SS 2017 - WS 2018/19

Default display language:
English

Module title:
Security Lab Project

Credits:
9

Responsible person:
Seifert, Jean-Pierre

Grading:
benotet

Type of exam:
Portfolioprüfung

Zugehörigkeit

Faculty:
Fakultät IV

Institute:
Institut für Softwaretechnik und Theoretische Informatik

Area of expertise:
34355100 FG S-Professur Security in Telecommunications

Prüfungsausschuss:
No information

Kontakt

Office:
No information

Contact person:
Buhren, Robert

E-mail address:
lehre@sect.tu-berlin.de

Website:
No information

Learning Outcomes

Content

In this project students develop their own piece of software which highlights a recently discovered or older, highly relevant kind of security vulnerability of their choice. To gain the relevant practical knowledge and hands-on-experience they attend the Security Lab (PR) as first part of the module. The Security Lab offers students the opportunity to learn how to analyze the system security of Linux-based systems with an emphasis on embedded platforms. It covers topics from hardware security and debug facilities and then moves on to software security issues in applications and finally the kernel. This course focuses on practically relevant details and hands-on experience instead of providing thorough theoretical background information. Students will have to solve multiple challenges on an ARM development board (Raspberry Pi II), where a system has to be analyzed and then compromised. In the project part they will create challenges of this kind on their own. Basic Linux and C programming knowledge is required for the practical course. The usage of other implementation languages during the project part is possible. TOPICS: • Serial interface • ARM/MIPS introduction • JTAG hardware debugging interface • OpenOCD, BusPirate, BusBlaster • Software debugging with GDB • Linux security tools • Public key cryptography, certificates and signatures • Shellcode • Memory corruption vulnerabilities • NX/XD/XN, ASLR, stack canaries • ELF binary format • Heap structure • Integer overflows • Kernel security

Module Components

Pflichtgruppe:

All Courses are mandatory.

Course Name	Type	Number	Cycle	Language	SWS	VZ
Security Lab	PR	0434 L 972	WiSe/SoSe	No information	4
Security Lab	PJ	0434 L 985	WiSe	No information	4

Workload and Credit Points

Security Lab (PR):

Workload description	Multiplier	Hours	Total
Assignments	4.0	25.0h	100.0h
Presence hours	10.0	2.0h	20.0h
			120.0h(~4 LP)

Security Lab (PJ):

Workload description	Multiplier	Hours	Total
Concept	1.0	30.0h	30.0h
Implementation	1.0	80.0h	80.0h
Meetings	5.0	2.0h	10.0h
preparation of final presentation	1.0	10.0h	10.0h
written report	1.0	20.0h	20.0h
			150.0h(~5 LP)

The Workload of the module sums up to 270.0 Hours. Therefore the module contains 9 Credits.

Description of Teaching and Learning Methods

The module consists of a project and a preparatory practical course.

Requirements for participation and examination

Desirable prerequisites for participation in the courses:

Prerequisites: • knowledge equivalent to the "Software Security" lecture • familiarity with Unix/Linux operating system primitives (e.g. using a command line) Recommended additional skills: • basic networking concepts and tools (DNS, DHCP, NAT, ...) • low-level programming concepts (pointers, registers, stack vs. heap, ...) • basic concepts of cryptography In order to complete the assignments, each participant needs at least one computer with administrator privileges (i.e. being able to log into university computers is insufficient) preferrably running Linux. It is possible to complete the tasks while using Windows or MacOS as well, but the teaching staff cannot provide guidance on those operating systems.

Mandatory requirements for the module test application:

This module has no requirements.

Module completion

Grading

graded

Type of exam

Portfolio examination

Type of portfolio examination

100 Punkte insgesamt

Language

English

Test elements

Name	Points	Categorie	Duration/Extent
(deliverable assessment) 4 assignments	40	practical	2 weeks per assignment
project: final presentation	10	oral	30 minutes
project: implementation	30	practical	second semester
project: written report (solution + documentation)	20	written	approx. 10 pages

Grading scale

Notenschlüssel »Notenschlüssel 2: Fak IV (2)«

Gesamtpunktzahl	1.0	1.3	1.7	2.0	2.3	2.7	3.0	3.3	3.7	4.0
100.0pt	95.0pt	90.0pt	85.0pt	80.0pt	75.0pt	70.0pt	65.0pt	60.0pt	55.0pt	50.0pt

Test description (Module completion)

• (Practical Course) 4 practical assignments • (Project Course) concept, project meetings in the group and with the supervisors, implementation, written report, final presentation

Duration of the Module

The following number of semesters is estimated for taking and completing the module:
2 Semester.

This module may be commenced in the following semesters:
Winter- und Sommersemester.

Maximum Number of Participants

The maximum capacity of students is 18.

Registration Procedures

As there is a hard limit of 18 students for the project, please register beforehand by sending an email to seclab-project@sec.t-labs.tu-berlin.de. The first 18 students will be accepted - reception timestamp counts. A separate registration for the practical course Security Lab is not necessary in this case. Additional registration with the examination office (usually via QISPOS) is still mandatory.

Recommended literature
No recommended literature given

Assigned Degree Programs

Semester:

Zeige auch ausgelaufene Studiengänge und StuPOs

This module is used in the following Degree Programs (new System):

	Studiengang / StuPO	StuPOs	Verwendungen	Erste Verwendung	Letzte Verwendung
This module is not used in any degree program.

Miscellaneous

No information

Security Lab Project