Moses - International Information Security Contest

Display language

Diese Modulbeschreibung gilt nicht im aktuellen Semester.

Die Modulbeschreibung gilt nur für den Zeitraum SoSe 2022 - WiSe 2023/24. Die Version für das aktuelle Semester (SoSe 2024) finden Sie hier: Modulbeschreibung des SoSe 2024

Module / Version:
#40933 / #3

Validity:
SoSe 2022 - WiSe 2023/24

Default display language:
English

Module title:
International Information Security Contest

Credits:
12

Responsible person:
Seifert, Jean-Pierre

Grading:
benotet

Type of exam:
Portfolioprüfung

Zugehörigkeit

Faculty:
Fakultät IV

Institute:
Institut für Softwaretechnik und Theoretische Informatik

Area of expertise:
34355100 FG S-Professur Security in Telecommunications

Prüfungsausschuss:
No information

Kontakt

Office:
TEL 16

Contact person:
Bauroth, Stephan

E-mail address:
lehre@sect.tu-berlin.de

Website:

https://www.tu.berlin/sect

Learning Outcomes

Participants of this course obtain practical experience in organising a complex IT project within a team. They collected experience in the development and maintenance a scalable infrastructure, but also in the administrative processes involved in a large project. In addition, they extended their theoretical and practical knowledge of vulnerabilities in IT security, having learned both to detect and to repair even advanced ones. The graduates comprehend even complex and obscure systems. On top, graduates of this module know how to teach information security in a playful manner.

Content

Participants explore software security hands-on with the goal to develop and host an international information security contest (¨Attack/Defense CTF”): contesting teams from all over the world receive virtual machines built during the project. The machines run participants’ services, containing secret tokens ("flags") that other teams have to collect over the wire using exploits as part of the game. To build the contest, participants will dive deep into the security of a platform and language of their choice and create a software project with well-hidden software vulnerabilities in this language. Furthermore, a game server will be developed as a team, including scripts to check the health of services for each contestant. As part of the development and hosting, participants will develop and extend the infrastructure required to host the competition, strengthen their skills in penetration testing and exploitation, and build upon other technical and non-technical abilities, depending on their role in the project. Such skills may include networking, continuous integration, agile development, project management and public relations. Furthermore, students develop and extend the infrastructure, required for the competition. The course gives participants the freedom to explore tools of their choice, build software and find creative ways to corrupt it, with the work done both independently and in small teams.

Module Components

Pflichtgruppe:

All Courses are mandatory.

Course Name	Type	Number	Cycle	Language	SWS	VZ
International Information Security Contest	PJ		SoSe	German/English	8

Workload and Credit Points

International Information Security Contest (PJ):

Workload description	Multiplier	Hours	Total
Attendance	15.0	8.0h	120.0h
Pre/post processing	15.0	16.0h	240.0h
			360.0h(~12 LP)

The Workload of the module sums up to 360.0 Hours. Therefore the module contains 12 Credits.

Description of Teaching and Learning Methods

Self-study, active development, weekly meetings

Requirements for participation and examination

Desirable prerequisites for participation in the courses:

* Good Software Development skills in a programming language of your choice * Ability to adapt to new environments and situations * Real interest in information/computer/cyber security * Basic knowledge in some field of IT Security If you did/do your Bachelor at TU: * Grundlagen der Rechnersicherheit (or equivalent) * Programmierpraktikum (or equivalent)

Mandatory requirements for the module test application:

This module has no requirements.

Module completion

Grading

graded

Type of exam

Portfolio examination

Type of portfolio examination

100 Punkte insgesamt

Language

German/English

Test elements

Name	Points	Categorie	Duration/Extent
(Deliverable Assessment) CTF Execution, including test runs	20	practical	2 x 8h
(Deliverable Assessment) Developing a full service, including Quality Assurance	25	practical	15 x 5h
(Deliverable Assessment) Development and Project Work	40	practical	15 x 8h
(Deliverable Assessment) Reviews, Report and Presentation	15	oral	3 x 15 minutes

Grading scale

Notenschlüssel »Notenschlüssel 1: Fak IV (1)«

Gesamtpunktzahl	1.0	1.3	1.7	2.0	2.3	2.7	3.0	3.3	3.7	4.0
100.0pt	86.0pt	82.0pt	78.0pt	74.0pt	70.0pt	66.0pt	62.0pt	58.0pt	54.0pt	50.0pt

Test description (Module completion)

No information

Duration of the Module

The following number of semesters is estimated for taking and completing the module:
1 Semester.

This module may be commenced in the following semesters:
Sommersemester.

Maximum Number of Participants

The maximum capacity of students is 24.

Registration Procedures

1. QISPOS (preferred) 2. Prüfungsamt

Recommended literature
No recommended literature given

Assigned Degree Programs

Semester:

Zeige auch ausgelaufene Studiengänge und StuPOs

This module is used in the following Degree Programs (new System):

	Studiengang / StuPO	StuPOs	Verwendungen	Erste Verwendung	Letzte Verwendung
This module is not used in any degree program.

Students of other degrees can participate in this module without capacity testing.

Miscellaneous