 |
|
||||||||||
System Security SS11
News / Recent Events
- 4.5.2012 Joel Reardon presents the paper "User-level Secure Deletion on Log-structured File Systems" at ASIACCS in Seoul, Korea.
- 16.4.2012 Aanjhan Ranganathan presents the paper "Physical-Layer Attacks on Chirp-based Ranging Systems" at WiSec in Tucson, Arizona.
- 2.4.2012 Nils Ole Tippenhauer is interviewed for students.ch regarding the risk of cyber attacks.
- 23.12.2011 Christina Pöpper is interviewed for WRS regarding the recent U.S. drone captured in Iran and the GPS spoofing claims.
- 8.12.2011 Boris Danev presents the paper "Enabling Secure VM-vTPM Migration in Private Clouds" at ACSAC in Orlando, Florida.
- 21.10.2011 Ghassan Karame presents the paper "Privacy-Preserving Outsourcing of Brute-Force Key Searches" at CCSW in Chicago, IL.
- 18.10.2011 Nils Ole Tippenhauer presents the paper "On the Requirements for Successful GPS Spoofing Attacks" at CCS in Chicago, IL.
Lecture: Thu, 13:15-15:00, CAB G 11
Exercises: Fri, 10:15-12:00, CAB G 11 (must be handed in on the following Thursday, no later than 13:30)
Course
responsible: Prof. Srdjan Capkun, ETHZ, (capkuns@inf.ethz.ch)
Teaching Assistants: Ramya Jayaram Masti, Nils Ole Tippenhauer (SysSec-Exercise@lists.inf.ethz.ch)
Lecture start: Thursday, 24.2.11
Lecture end: Thursday, 26.5.11
No lectures on: 28.4. (Easter),2.6 (Ascension)
Duration: 12 weeks
Exercises start: Friday, 4.3.11
Exercises end: Friday, 27.5.11
No exercises on: 22./29.4. (Easter)
11 Exercise sessions in total.
Testat: 80% of exercises. If an examination is taken, all 10 exercises will count towards 20% of the exam grade.
Exam: oral, 20 minutes
Literature recommendations: Security in Computing, Pfleeger; Security Engineering, Anderson; plus special on literature list
Oral exam schedule
The oral exams are going to take 20 minutes each. The oral exam is not necessary if you don't need a grade ("Schein").
The exam will take place in CNB F 102.2. In the case that you cannot make it to the exam for any reason, please contact the Pruefungsplanstelle (+41 44 632 20 68).
Exercise schedule and material
The solutions must be handed in on Thursdays, no later than 13:30. Exceptions to this rule are explicitely stated below. After the lecture on Thursdays the solutions to that weeks exercises will be online (below) and so we can't accept any more solutions from you.
Please be aware that these are just the preliminary contents, they might still changes!
| Date | Exercises and slides | Note | Solution |
| 04.03.2011 | Exercise 1 | Slides 1 |
poll for lab session |
Solutions 1 |
| 11.03.2011 | Lab Guide | Slides lab |
hand-in until 24.3. |
Solution lab |
| 18.03.2011 |
Exercise 2 |
no exercise class on friday the 18th |
Solutions 2 |
| 25.03.2011 | Exercise 3 | Slides 3 |
rsa.txt |
Solutions 3 |
| 01.04.2011 | Exercise 4 | Slides 4 |
vulnerapp.tar |
Solutions 4 |
| 08.04.2011 | Exercise 5 | Slides 5 | Solutions 5 | |
| 15.04.2011 | Exercise 6 | Slides 6 |
eve_home.tar.gz |
Solutions 6 |
| 06.05.2011 | Exercise 7 | Slides 7 |
biometric_matchers.tar |
Solutions 7 |
| 13.05.2011 |
Exercise 8 | Slides 8 |
|
Solutions 8 |
| 20.05.2011 |
Exercise 9 | Slides 9 |
MJ.tar |
Solutions 9 |
| 27.05.2011 | Exam Preparation |
Learning objectives
After this course you will be able to (1) classify and describe vulnerabilities and protection mechanisms of secure hardware (smartcards, crypto-coprocessors), operating systems and software systems (2) analyze / reason about basic protection mechanisms for modern OSs, software and hardware systems.
Content Description
The lecture covers the security of individual computer systems, including personal computers, smart cards and dedicated platforms. The course starts with considerations of cryptosystem implementations and side channel attacks, security of widely used computer platforms and tamper resistant hardware. The course continues with the examination of operating system and application related security mechanisms, from their security architectures to malware; this part also cover virtualization and sandboxing mechanism, and modern virtualization platforms. Finally, the course ends with a set of selected security topics like biometrics and computer forensics.
Lecture schedule and material
Lectures are accessible with your ETH id and password. Please use Mozilla/Firefox to download them!
Please be aware that these are just the preliminary contents, they might still changes!
| Date | W | Who | Lecture |
| 24.02.11 | 1 | Srdjan Capkun |
Background, Introduction to Side Channel Attacks, pdf |
| 03.03.11 | 2 | Srdjan Capkun |
Side Channel Attacks pdf |
| 10.03.11 | 3 | Srdjan Capkun | Physical Attacks pdf |
| 17.03.11 | 4 | Srdjan Capkun | Operating Systems I: Security Principles and Linux pdf |
| 24.03.11 | 5 | Srdjan Capkun | Operating Systems II: Security Principles and Linux |
| 31.03.11 | 6 | Nathalie Weiler (Credit Suisse) | Operating Systems III: Windows Vista case study pdf |
| 07.04.11 | 7 |
Aurélien Francillon |
Trusted Computing / Attestation pdf |
| 14.04.11 | 8 | Aurélien Francillon | Memory corruption attacks and software-based attestation pdf |
| 21.04.11 | 9 |
Srdjan Capkun |
Biometrics pdf |
| 05.05.11 | 10 | Nathalie Weiler (Credit Suisse) |
Developing Large Secure Systems in Practice pdf |
| 12.05.11 | 11 | Srdjan Capkun | Malware (I) pdf |
| 19.05.11 | 12 | Germano Caronni (Google) | Malware (II) |
| 26.05.11 | 13 | Srdjan Capkun | Malware (II) pdf |
Wichtiger Hinweis:
Diese Website wird in älteren Versionen von Netscape ohne
graphische Elemente dargestellt. Die Funktionalität der
Website ist aber trotzdem gewährleistet. Wenn Sie diese
Website regelmässig benutzen, empfehlen wir Ihnen, auf
Ihrem Computer einen aktuellen Browser zu installieren. Weitere
Informationen finden Sie auf
folgender
Seite.
Important Note:
The content in this site is accessible to any browser or
Internet device, however, some graphics will display correctly
only in the newer versions of Netscape. To get the most out of
our site we suggest you upgrade to a newer browser.
More
information
