Zur Modulseite PDF generieren

#40933 / #4

Seit SoSe 2024

English

International Information Security Contest

12

Seifert, Jean-Pierre

Benotet

Portfolioprüfung

English

Zugehörigkeit


Fakultät IV

Institut für Softwaretechnik und Theoretische Informatik

34355100 FG S-Professur Security in Telecommunications (SecT)

Keine Angabe

Kontakt


E 5

Seidler, Henning

lehre@sect.tu-berlin.de

Lernergebnisse

Participants of this course obtain practical experience in organising a complex IT project within a team. They collected experience in the development and maintenance a scalable infrastructure, but also in the administrative processes involved in a large project. In addition, they extended their theoretical and practical knowledge of vulnerabilities in IT security, having learned both to detect and to repair even advanced ones. The graduates comprehend even complex and obscure systems. On top, graduates of this module know how to teach information security in a playful manner.

Lehrinhalte

Participants explore software security hands-on with the goal to develop and host an international information security contest (¨Attack/Defense CTF”): contesting teams from all over the world receive virtual machines built during the project. The machines run participants’ services, containing secret tokens ("flags") that other teams have to collect over the wire using exploits as part of the game. To build the contest, participants will dive deep into the security of a platform and language of their choice and create a software project with well-hidden software vulnerabilities in this language. Furthermore, a game server will be developed as a team, including scripts to check the health of services for each contestant. As part of the development and hosting, participants will develop and extend the infrastructure required to host the competition, strengthen their skills in penetration testing and exploitation, and build upon other technical and non-technical abilities, depending on their role in the project. Such skills may include networking, continuous integration, agile development, project management and public relations. Furthermore, students develop and extend the infrastructure, required for the competition. The course gives participants the freedom to explore tools of their choice, build software and find creative ways to corrupt it, with the work done both independently and in small teams. Insecure software is a potential threat to both the industry and the democratic society. The course supports goals on sustainability by raising awareness on IT security, and teaching the ability to detect, fix and avoid security issues in software, not only for the students, but also for the international participants of the competition. Furthermore, we support open-source, by making all material publicly available in the end.

Modulbestandteile

Compulsory area

Die folgenden Veranstaltungen sind für das Modul obligatorisch:

LehrveranstaltungenArtNummerTurnusSpracheSWS ISIS VVZ
International Information Security ContestPJSoSede, en8

Arbeitsaufwand und Leistungspunkte

International Information Security Contest (PJ):

AufwandbeschreibungMultiplikatorStundenGesamt
Attendance15.08.0h120.0h
Pre/post processing15.016.0h240.0h
360.0h(~12 LP)
Der Aufwand des Moduls summiert sich zu 360.0 Stunden. Damit umfasst das Modul 12 Leistungspunkte.

Beschreibung der Lehr- und Lernformen

Self-study, active development, weekly meetings

Voraussetzungen für die Teilnahme / Prüfung

Wünschenswerte Voraussetzungen für die Teilnahme an den Lehrveranstaltungen:

* Good Software Development skills in a programming language of your choice * Ability to adapt to new environments and situations * Real interest in information/computer/cyber security * Basic knowledge in some field of IT Security If you did/do your Bachelor at TU: * Grundlagen der Rechnersicherheit (or equivalent) * Programmierpraktikum (or equivalent)

Verpflichtende Voraussetzungen für die Modulprüfungsanmeldung:

Dieses Modul hat keine Prüfungsvoraussetzungen.

Abschluss des Moduls

Benotung

Benotet

Prüfungsform

Portfolio examination

Art der Portfolioprüfung

100 Punkte insgesamt

Sprache(n)

English, German

Prüfungselemente

NamePunkteKategorieDauer/Umfang
(Deliverable Assessment) CTF Execution, including test runs20praktisch2 x 8h
(Deliverable Assessment) Developing a full service, including Quality Assurance25praktisch15 x 5h
(Deliverable Assessment) Development and Project Work40praktisch15 x 8h
(Deliverable Assessment) Reviews, Report and Presentation15mündlich3 x 15 minutes

Notenschlüssel

Notenschlüssel »Notenschlüssel 1: Fak IV (1)«

Gesamtpunktzahl1.01.31.72.02.32.73.03.33.74.0
100.0pt86.0pt82.0pt78.0pt74.0pt70.0pt66.0pt62.0pt58.0pt54.0pt50.0pt

Dauer des Moduls

Für Belegung und Abschluss des Moduls ist folgende Semesteranzahl veranschlagt:
1 Semester.

Dieses Modul kann in folgenden Semestern begonnen werden:
Sommersemester.

Maximale teilnehmende Personen

Die maximale Teilnehmerzahl beträgt 24.

Anmeldeformalitäten

enroll in the Isis course if there are too many students, we will select according to AllgStuPO § 48 in the second week

Literaturhinweise, Skripte

Skript in Papierform

Verfügbarkeit:  nicht verfügbar

 

Skript in elektronischer Form

Verfügbarkeit:  nicht verfügbar

 

Literatur

Empfohlene Literatur
Keine empfohlene Literatur angegeben

Zugeordnete Studiengänge


Diese Modulversion wird in folgenden Studiengängen verwendet:

Studiengang / StuPOStuPOsVerwendungenErste VerwendungLetzte Verwendung
Computer Engineering (M. Sc.)115SoSe 2024SoSe 2025
Computer Science (Informatik) (M. Sc.)112SoSe 2024SoSe 2025
Elektrotechnik (M. Sc.)112SoSe 2024SoSe 2025
Informatik (B. Sc.)13SoSe 2024SoSe 2025
Information Systems Management (Wirtschaftsinformatik) (M. Sc.)16SoSe 2024SoSe 2025
Wirtschaftsingenieurwesen (M. Sc.)16SoSe 2024WiSe 2024/25

Studierende anderer Studiengänge können dieses Modul ohne Kapazitätsprüfung belegen.

Sonstiges

Keine Angabe