Secure and Dependable Systems

Teaching

About

  • Course: Secure and Dependable Systems (CO-566)
  • Semester: Spring 2024
  • Prerequisites: Operating Systems (CO-562)
  • Instructor: Jürgen Schönwälder
  • Office Hours: Monday, 11:15-12:30, R.1-87
  • TA: Perial, Razvan Andrei
  • TA: Stefanovska, Tea
  • Class: Tuesday, 15:45-17:00, Lecture Hall Research I
  • Class: Thursday, 15:45-17:00, Lecture Hall Research I
  • 1st Module Exam: Tuesday, 2024-05-28 16:00-18:00 (ICC West Wing)
  • 2nd Module Exam: Thursday, 2024-08-29 14:00-16:00 (R1-53)

Content and Educational Aims

This module introduces students to the fundamentals of computer security and techniques used to build and analyze dependable systems. This is an important topic given that computer systems are increasingly embedded in everyday objects (such as light bulbs) and taking over important control functions (such as driving cars). Furthermore, computer systems control complex communication systems that form critical infrastructure of the modern globalized world. Proper protection of information requires an applied understanding of cryptography and how cryptographic primitives are used to secure data and information exchanges. The aim of this module is to make students aware of what types of security vulnerabilities may arise in computing systems and how to prevent, identify, and fix them.

Intended Learning Outcomes

By the end of this module, students will be able to

  • recall dependability terminology and concepts;
  • explain control flow attacks and injection attacks and defense mechanisms;
  • describe network data plane and control plane attacks and defense mechanisms;
  • understand symmetric and asymmetric cryptographic algorithms;
  • explain how digital signatures and public key infrastructures work;
  • analyze key exchange protocols for weaknesses;
  • describe secure network protocols (e.g., PGP, TLS, and SSH);
  • recall anonymity terminology and concepts;
  • discuss information hiding mechanisms (e.g., steganography, and watermarking);
  • illustrate anonymization techniques (mixes, onion routing);

Literature

  • Bruce Schneier: Applied Cryptography, 20th Anniversary Edition, Wiley, 2015
  • Wm.Arthur Conklin, Gregory White: Principles of Computer Security, 5th Edition, McGraw-Hill, 2018
  • Simon Singh: The Code Book: Science of Secrecy from Ancient Egypt to Quantum Cryptography, Anchor Books, 2000
  • Dan Boneh and Victor Shoup: A Graduate Course in Applied Cryptography, 2023

Schedule

Tue 15:45 Thu 15:45 Topics
2024-02-01 Recent Computing Disasters
2024-02-06 2024-02-08 Recent Computing Disasters, Dependability Concepts
2024-02-13 2024-02-15 Software Engineering Aspects, Software Verification
2024-02-20 2024-02-22 Software Testing and Software Security by Design
2024-02-27 2024-02-29 Software Vulnerabilities, Control Flow Attacks, Code Injection Attacks
2024-03-05 2024-03-07 Software and Network Vulnerabilities, Denial of Service
2024-03-12 2024-03-14 Network Vulnerabilities, Data and Control Plane Vulnerabilities
2024-03-19 2024-03-21 Cryptography, Block Ciphers, Symmetric Encryption Algorithms
2024-03-26 2024-03-29 [Spring Break]
2024-04-02 2024-04-04 Asymmetric Encryption Algorithms, Cryptographic Hash Functions
2024-04-09 2024-04-11 Digital Signatures, Certificates, Key Exchange Schemes
2024-04-16 2024-04-18 Pretty Good Privacy, Transport Layer Security
2024-04-23 2024-04-25 Secure Shell, Domain Name System Security
2024-04-30 2024-05-02 Steganography, Covert Channels, Anonymity, Mix Networks and Onion Routing
2024-05-07 2024-05-09 Authentication, Authorization, Auditing
2024-05-14 Isolation, Trusted Computing

Assignments

Date/Due Name Topics
2024-02-19 Sheet 01 system reliability calculation
2024-02-26 Sheet 02 test coverage metrics, fuzzying
2024-03-04 Sheet 03 stack frames
2024-03-11 Sheet 04 vulnerable word count, compiler hardening options, SQL injection
2024-03-18 Sheet 05 network exploration and reconnaissance (virtual machine)
2024-03-25
2024-04-01 Sheet 06 feistel network and substitution/permutation network
2024-04-08 Sheet 07 block encryption modes of operation
2024-04-15 Sheet 08 RSA decryption, DH key exchange, SHA proof of work
2024-04-22 Sheet 09 elliptic curve cryptography
2024-04-29 Sheet 10 TLS connection establishment
2024-05-06 Sheet 11 steganography, information hiding
2024-05-13 Sheet 12 password guessing, access control lists, capabilities

Rules

The final grade is determined by a final exam (100%). There will be weekly marked homework assignments, each worth 10 points. Regular submission of good solutions for homework assignments can lead to bonus points. Bonus points can improve the final grade but they cannot turn a failing grade into a passing grade and they are limited to a maximum of 10 percent of the grade (see the undergraduate education policies). The usual rules for (medical) excuses apply.

The bonus b is derived from the points p earned in the homeworks as follows. For p in [0..50) points, the bonus is 0. For p in [50..100] points, the bonus b = p / 10. For p > 100, the b = 10. Bonus points can improve the final grade but they can't turn a failing grade into a passing grade and they are limited to a maximum of 10 percent of the grade (see the undergraduate education policies). The usual rules for (medical) excuses apply.

Electronic submission is the preferred way to hand in homework solutions. Please submit documents (plain ASCII/UTF-8 text or PDF, no Word) and your source code (packed into a tar or zip archive after removing all binaries and temporary files) via the online submission system. If you have problems, please contact one of the TAs. Solutions for assignments may need to be defended in an oral interview.

Late submissions will not be accepted. In case you are ill, you have to follow the procedures defined in the university policies to obtain an official excuse. If you obtain an excuse, the new deadline will be calculated as follows:

  1. Determine the number of days you were excused until the deadline day, not counting excused weekend days.
  2. Determine the day of the end of your excuse and add the number of day you obtained in first step. This gives you the initial new deadline.
  3. If the period between the end of your excuse and the new deadline calculated in the second step includes weekend days, add them as well to the new deadline. (Iterate this step if necessary.)

For any questions stated on assignment sheets, quiz sheets, exam sheets or during makeups, we by default expect a reasoning for the answer given, unless explicitly stated otherwise.

Students must submit individual solutions. If you copy material verbatim from the Internet or other sources, you have to provide a proper reference. If we find your solution text on the Internet without a proper reference, you risk to lose your points. Any cheating cases will be reported to the registrar. In addition, you will lose the points (of course). These rules also apply to any generative AI tool, such as ChatGPT.

  1. You are discouraged from using AI tools UNLESS under direct instruction from your instructor to do so.
  2. If AI is permitted to be used, you must clearly state how AI was used in completing the assignments. No more than 25% of an assignment should be created with AI if the instructor gives permission for its use.
  3. Note that the material generated by these programs may be inaccurate, incomplete, or otherwise problematic. Their use may also stifle your own independent thinking and creativity. Accordingly, reduction in the grade is likely when using AI. Rather use your own brain.

Any programs, which have to be written, will be evaluated based on the following criteria:

  • correctness including proper handling of error conditions
  • proper use of programming language constructs
  • clarity of the program organization and design
  • readability of the source code and any output produced

Source code must be accompanied by a README file providing an overview of the source files and giving instructions how to build the programs. A suitable Makefile is required if the build process involves more than a single source file.

If any part of these rules are confusing or uncertain, please reach out to your instructor for a conversation before submitting your work.

If you are unhappy with the grading, please report immediately (within one week) to the TAs. If you can't resolve things, contact the instructor. Problem reports which come late, that is after the one-week period, are not considered anymore.