Organizational Details Summer 2015

Transcription

1 Organizational Details Summer 2015 This presentation contains the organizational details of (most) courses on information security offered by 188/1, 183/1-ISecLab and SBA Research

2 Cooperation for all security classes 183/1-ISecLab and 188/1 and SBA Research now jointly teach all classes.

3 Overview SUMMER Introduction to Security Seminar aus Security Software Security Internet Security Digital Forensics cancelled (contact: Winter Organizational Aspects of IT-Security Advanced Internet Security Privacy Enhancing Technologies

4 INTRODUCTION TO SECURITY

5 Overview TUWEL as central point of information Forum; only for personal questions Organizational issues (STEOP, registration,..): Edgar Weippl Daniela Friedl Course syllabus & Assignments: Dimitris Simos Georg Merzdovnik TAs: Kristoffer Kleine, Philipp Kafka, Wilfrid Mayer Lectures Lectures are condensed from the book attendance optional

6 Grading Grading 4 Assignments Submission via TUWEL Deadlines in TUWEL One-time-pad SQL-injection Cracking passwords Breaking WEP/WPA Exams (2 parts) Midterm Exam Final Exam Retake Exam: possibility to retake either midterm or final exam. Last result counts! Exam Registration in TISS! Room assignment for exams will be announced before exams

7 Details Dates Blocks & Book Chapters Lecturers March 12 Cryptography Block #1: 1, 2, 20 Dimitris Simos March 26 Cryptography Block #2: 21 Dimitris Simos April 16 Software Security Block: 5, 11, 12 Aljosha Judmayer April 23 Usable Security Block: 3, 17 Katharina Krombholz April 30 MIDTERM EXAM (4 p.m.) April 30 Malware Block: 6, 10 Georg Merzdovnik May 7 Network Security Block #1: 7, 8, 9 Johanna Ullrich May 21 Network Security Block #2: 22, 23, 24 Johanna Ullrich May 28 Management Issues of IT Security Block: 14,15,18,19 June 10 FINAL EXAM (2 p.m.) June 24 RETAKE EXAM (4 p.m.) Edgar Weippl

8 Required Literature Computer Security: Principles and Practice William Stallings, Lawrence Brown 3rd Edition Chapters: Midterm Exam : 1, 2, 3, 5, 11, 12, 17, 20, 21 Final Exam: 6, 7, 8, 9, 10, 14, 15, 18, 19, 22, 23, 24

9 Grading Scheme Total pt Assignment (min 25 to pass) 50pt Written exam (25 pt each; min of 12.5 each to pass) 50-64pt 4 (Genügend) 65-79pt 3 (Befriedigend) 80-91pt 2 (Gut) pt 1 (Sehr gut)

10 SEMINAR AUS SECURITY

11 Overview TUWEL as central point of information Forum for questions Edgar Weippl Georg Merzdovnik Content: State-of-the-art security research Writing paper reviews, mini survey & presentation conference-style

12 Grading Grading 1 Survey paper of security relevant topics Group work of 2 2 Reviews of other students survey papers Final presentation Lectures Introduction lecture ,1pm, Seminarraum Gödel Two appointments for final presentation of surveys: 14:00-17: EI 9 Hlawka HS 14:00-17: EI 5 Hochenegg HS Attendance mandatory!

13 SOFTWARE SECURITY

14 Overview TUWEL as central point of information Forum; only for personal questions Organizational issues (STEOP, registration,..): Edgar Weippl Daniela Friedl Course syllabus & Assignments: Dimitris Simos Georg Merzdovnik Lecturers: Severin Winkler, Dimitris Simos, Sebastian Schrittwieser, Georg Merzdovnik, Manuel Leithner Tutor: Rene Czerny

15 Details Dates Lecture Blocks Lecturers March 13 OWASP Advanced Topics Severin Winkler April 13 Software Obfuscation Sebastian Schrittwieser April 17 Reverse Engineering Georg Merzdovnik April 24 MIDTERM EXAM (12 p.m.) May 8 Web Security Testing Dimitris Simos May 22 Language Security Manuel Leithner May 29 Java 8 Security & Secure Coding Severin Winkler June 11 Protocol Interaction Testing Dimitris Simos June 19 FINAL EXAM (13 p.m.)... June 26 RETAKE EXAM (12 p.m.) Exam Registration in TISS!

16 Grading Grading 3 Assignments Webapp Security Software Obfuscation (Reversing Basics - A Practical Approach Using IDA Pro) SSHd backdoor Exams (2 parts) Midterm Exam (24.4) Final Exam (19.6.) Retake Exam (26.6.): possibility to retake either midterm or final exam. Last result counts! Exam Registration in TISS!

17 Optional Literature Software Security: Building Security In Gary McGraw Midterm exam: OWASP advanced topics, software obfuscation, reverse engineering Final exam: web security testing, java 8 security & secure coding, language security, protocol interaction testing

18 Grading Scheme Total pt Assignment (min 25 to pass) 50pt Written exam (25 pt each; min of 12.5 each to pass) 50-64pt 4 (Genügend) 65-79pt 3 (Befriedigend) 80-91pt 2 (Gut) pt 1 (Sehr gut)

19 Internet Security

20 Internet Security: Overview In cooperation with iseclab (e183) People: Adrian Dabrowski, Markus Kammerstetter, Georg Merzdovnik, Stefan Riegler; Tutor: Eduard Thamm, Willfried Mayer Lecture: FH HS6, Thursday Exam: June 25 th Final Grade: 50% Exam + 50% Lab Lab-Exercises: 5 Lab Challenges + 1 Bonus (5*20%+10% Bonus=110%) One challenge every apx 2 weeks No points for partially solved challenges! Need at least ½ of challenges & 50% on the exam to pass All details here:

21 Challenges (tentative list) Internet Security Network security tools (e.g., nmap, tcpdump) Web security (SQL injection, XSS ) Security-related programming assignment (java?) Cryptography Stack-based buffer overflow (advanced in comparison to other challenges)

22 Internet Security Lab Environment assignments should be mostly solved at home / any computer with Internet connection small hacking network, which is remotely accessible via ssh (Linux) Accounts are created automagically (registration until ) registered in TISS is used for correspondence Submission hard deadlines (with sufficient time) automated checks with immediate feedback Questions: USE TISS FORUM inetsec@seclab.tuwien.ac.at

23 InetSec 1 and InetSec 2 Internet Security InetSec 1 InetSec 2 Unix Security Windows Security Buffer Overflows Internet Application Security Cryptography Race Conditions ( ) Reverse Engineering Viruses and Worms Web Security Hardware Security

24 Your Roadmap to Enlightenment Requirement Rating InetSec 1, candidate InetSec 1, pass InetSec 2, 4 solved challenges InetSec 2, 5 solved challenges InetSec 2, 6 solved challenges InetSec 2, 6 solved challenges, CTF Nobody Apprentice Stackmaster expl0it Warlock Guru Master Guru

25 Who should do InetSec 2 Internet Security People who would like to become security gurus. We take part in a Capture the Flag hacking contest against other universities lots of fun. (1st place in 2011 and 2007, 2nd place in 2005, 2009, 2012, Defcon Finals in 2012). People who are hard-core technical (i.e., C and Linux should not be a problem for you) You should be interested in solving technical problems People who have time You get the chance to solve security challenges such as writing a virus, reverse engineering applications

26

27 Who should do InetSec 2 Internet Security Internet Security 2 (aka Advanced InetSec)

28 General information

29 Information Security Additionally we can offer: Praktikum (PR) Bachelor thesis Master thesis PhD thesis Research assistant Industrial projects Website:

30 COMET Research Center for Information Security SBA Research Area 1 (GRC): Governance, Risk and Compliance Area 2 (DSP): Data Security and Privacy Area 3 (SCA): Secure Coding and Code Analysis Area 4 (HNS): Hardware and Network Security P1.1: Risk Management and Analysis P1.2: Secure BP Modeling, Simulation and Verification P1.3: Computer Security Incident Response Team P1.4: Awareness and E-Learning P2.1: Privacy Enhancing Technologies P2.2: Enterprise Rights Management P2.3: Digital Preservation P3.1: Malware Detection and Botnet Economics P3.2: Systems and Software Security P3.3: Digital Forensics P4.1: Hardware Security and Differential Fault Analysis P4.2: Pervasive Computing P4.3: Network Security of the Future Internet

31 International Cooperation