PSI Project in Summer Term 2019

The following description applies to both PSI-ProjPAD-B (6 ECTS) and PSI-ProjCAD-M (9 ECTS), which are planned to be organized in a combined fashion in this semester.

Software Systems science students who are interested in a PSI-SSSProject: approach Henning Pridöhl or Dominik Herrmann to discuss topics.

This project is offered for Bachelor's (PSI-ProjPAD-B) and Master's (PSI-ProjCAD-M) students. Master students get additional credits (higher expectations in terms of effort and quality).

Breaking into information systems is exciting, but impractical due to ethical and legal concerns. However, offensive competences and adversarial thinking are essential to build secure systems. In this project students will get the opportunity to acquire practical security skills in a dedicated training environment.

The goal of this project is to design, implement, and evaluate training scenarios for the “Insekta” platform. This web-based tool provides a frontend for virtual machines that can be used to study selected topics in security and privacy on one's own and at one's own pace.

During the course of the project, participants familiarize themselves with various security weaknesses in information systems and apply this knowledge to develop vulnerable services which others can use for training.

Areas include the following:

  • web security (injection flaws, etc.)
  • cryptographic techniques
  • business logic failures
  • configuration issues
  • security issues in C programs (buffer overflows, etc.)

Prerequisites

Participants must have basic programming skills. Furthermore, they must have attended the lecture Introduction to Security and Privacy or obtained knowledge in the foundations of security and privacy by some other means. Experience with Linux environments, web technologies, and network protocols is recommended.

Sign-up procedure

If you want to participate in the project, please write an e-mail to Henning Pridöhl (contact details on the PSI website) until 29 March 2019 (end of day). Later applications may still be considered unless the maximum capacity has been reached. Please include your skillset in the e-mail. Example: C: I can read, Python: have written small scripts, Linux: have used in IntroSP tutorials.

Please feel free to direct all your questions regarding the project to Henning Pridöhl.