Home | deutsch | Legals | Sitemap | KIT
Security Engineering Lab
type: internship links:
chair: Fakultät für Informatik
semester: Sommersemester 2011
place:

Raum -143, Geb. 50.34
time:

Montag, 14:00 - 15:30
Donnerstag, 14:00 - 15:30
start: 11.04.2011
lecturer:

Professor Alexander Pretschner
Matthias Büchler
Florian Kelbert
sws: 4
ects: 6
lv-no.: 24685

The goal of this lab is to teach students how to defend against computer security vulnerabilities through hands-on assignments. We will analyze well known security vulnerabilities, reproduce them in a controlled environment, and implement countermeasures. After doing this lab, students will know how to apply security defense principles in real life to protect computer systems.

Contents: Computer security principles and techniques provide guidelines on how computer systems can be protected against security attacks. In practice, however, it is not clear how the adherence to security principles and techniques affect the security of real life computer systems. In this lab, we demonstrate well-known practical security vulnerabilities (Unix/Linux) alongside with the underlying theory, and guide students to creative implementations of countermeasures. The lab includes hands-on activities for the analysis of and countermeasures against vulnerabilities of system libraries, system configurations, networks, and (web) applications. As a result of the practical nature of this class, the students will also learn concepts of systems administration and configuration.

Inhalt des Praktikums

  • Network Security
    • Basics of network security
    • ARP spoofing
    • DNS pharming
    • Hacking WiFi security
    • Man-in-the-middle attack
  • Web and Database Security
    • Authentication and access control
    • SQL and script injections
    • Cross site scripting
  • Operating System Security
    • Set UID vulnerability
    • Stack buffer overflow.pdf and source code
    • Return to lib-c
    • Format string
    • Race condition
    • Chroot sandbox
  • Secure Implementation
    • Cryptography in Java and C
    • Trusted Computing Platform
    • File system encryption and VPN tunnels
    • System call interposition sand-boxing
    • XACML policies in Java and xacml.zip
  • Secure Design
    • Manual code review and dummies
    • Automated code review
  • Cryptography
    • F.1 Basics of cryptanalysis and Cryptool and challenges
    • F.2 Rainbow tables (sha1-challenges.txt and rainbow-tables.xls)
  • Forensics
    • Analyzing system logs and files

Registration

The registration period is expired. (2011-02-25 - 2011-07-25)