Inhalt des Dokuments
zur Navigation
Summer Semester 2013
News
*29/04/2013: We created an ISIS course for this lecture. You can register for the course via: https://www.isis.tu-berlin.de/course/view.php?id=8620
*22/02/2013: If you are interested in this course offer, please attend our introductory meeting on Monday, 8 April 2013, 10-12 a.m. in room TEL 1118/19.
*22/02/2013: The first lecture will be held on 15 April 2013.
Course Overview
| Credit | 3 ECTS / 2 SWS |
| Teaching Period | Summer semester 2013 |
| Lecturer | Prof. Jean-Pierre Seifert |
| Course ID | tbd |
| Room | TEL 1118/19 |
| Time | Mondays, 10:00 - 12:00 a.m. (weekly) |
| Course Content | Broadly speaking, this course tries to address two questions: What are common software security problems and what are their underlying causes? What are techniques, guidelines and principles, and tools to prevent or detect them? Common security problems include for instance buffer overflows, integer overflows, SQL injection, XSS, and race conditions. Techniques to prevent or detect problems include threat modelling, check lists and coding standards, static analysis tools, code reviews, typing, static analysis, language-based security (or platform-based security), security middleware, runtime monitoring, information flow analysis, program verification, and proof-carrying code. Both, problems and solutions can be specific to the operating system, the programming language, middleware, type of application, or just down to the individual application. In order not to get lost in the forest of possibilities, we will try to understand the common themes: the root causes that lie at the heart of many problems and the fundamental good principles embodied by some of the solutions. Weitgehend wird sich dieser Kurs mit 2 Fragen beschäftigen: Was sind häufige Softwaresicherheitsprobleme und worin liegen die Ursachen? Welche Techniken, Werkzeuge, sowie Richtlinien und Prinzipien gibt es, diese zu verhindern oder zu erkennen? Häufige Sicherheitsprobleme sind z.B. Pufferüberlauf, ganzzahlige Überläufe, SQL Injektionen, XSS and race condition. Techniken, um Probleme zu verhindern oder zu erkennen, beinhalten Bedrohungsmodellierung, Kontrolllisten and Kodierungsstandards, statische Auswertungswerkzeuge, Codeübersichten, Typisierung, statische Analysen, sprach-basierte Sicherheit (oder Plattform-basierte Sicherheit), Sicherheit middleware, Laufzeitüberwachung, Informationsflussanalyse, Programmüberprüfung und proof-carrying code. |
| Prerequisites | Intermediate diploma / Vordiplom, or equivalent |
| Target Audience | Diploma students in the main study period / Diplomstudenten im Hauptstudium (Studiengebiet f. Informatik: "Betriebs- und Kommunikationssysteme"). Can be taken as part of the bachelor program / Kann auch im Bachelor belegt werden. |
| Course Language | English |
| Contact Information | Prof. Jean-Pierre Seifert |