Tool-based approaches to Software Security (2015)

It is already hard to ensure the faithful execution of software in the light of accidental programming mistakes but when considering a malicious adversary then protecting a piece of software and the data it operates on becomes yet a much harder problem. This is because “dormant” programming errors, while present in the code, might often not become an actual problem unless they get actively exploited.

With this seminar you will learn the core techniques of scientific work. There are no frontal lessons. Instead your task is to write a term paper that summarizes your knowledge of an assigned topic after reading a selection of scientific papers, and potentially conducting some simple implementation/experiments, depending on the topic. Each participant is also required to give a talk about the topic chosen. We will suggest a number of potential topics in an introductory meeting at the beginning of the semester, but in addition to the topics suggested, students may also suggest their own topics in the area of software security.

Course Information

TUCaN-ID 20-00-0760-se
Course Type Seminar
Advisors Andreas Follner, Kevin Falzon, Mauro Baluda, Siegfried Rasthofer, Stephan Huber, Alexandre Bartel
Signing up Please send an email to the instructor:
Andreas Follner <andreas.follner@ec-spride.de>
Kick-off Tentative: 16.4., 10:00, Fraunhofer SIT, Rheinstr. 75, Room München
Block seminar 2.7., 9:00, Fraunhofer SIT, Rheinstr. 75, Room Berlin
Language Papers, talks, and reviews must be delivered in English

Update 22.04.2015

Topics have been assigned. Please check your emails and get in touch with your advisor.

Update 16.04.2015

The slides from today’s kick-off meeting can be downloaded here.

Update 07.04.2015

The date of the kick-off meeting has been moved to April 16, 10 AM.

Update 01.04.2015

A preliminary list of suggested topics can be found here.

Grading

The overall grade for the seminar is determined by three factors:

  • The given talk (40%)
  • The paper handed in (40%)
  • Two reviews of other students’ papers (20%)

(see below for more information on each of these factors)

Furthermore, we will consider your participation in the discussion following each talk. Please note that it is possible, due to the fact that each participants talk and reviews are graded individually, that different members of a group are assigned different overall grades.

Talk

With this seminar we want to introduce you to core techniques of scientific work. Each participant is thus required to give a talk about the topic chosen. This talk will be given during a Blockseminar at the end of the term.

All talks have to be 15 minutes long if given by a single person, and 25 minutes or 35 minutes when given by a group of two or three, respectively. (Each member of the group should have an equal share in it.) Make sure that you do not miss the time limit by much, if a talk is significantly shorter or longer, then this fact will have a negative impact on the presenter’s grade.

How to give a good research talk by Simon L Peyton Jones, John Hughes, and John Launchbury

Term Paper

In addition to giving scientific talks, we want to introduce you to the process of writing and publishing research papers. Therefore, you will write a term paper. The following notes may guide you in this process:

The initial references provided with the topic chosen by you are only a first step; in your term paper, try not to summarize everything that’s written therein or in the references’ references. Instead, try to tell an engaging, coherent story about one aspect of the topic. (It helps to image oneself as a novice to the topic, who attends the talks or reads the term papers.) Also, search for further references on your own and point out connections between the various papers you researched. We expect at least 2-3 related references found per person. Please present technologies with your own words and your own examples. If you merely copy the work of others, this means but one thing: no contribution; you will fail the seminar. This rule does not prevent you from quoting other researchers, however. It does require you to faithfully attribute quotations or other kinds of references, though.

Overall, we expect about 6 pages of term paper if written by a single person. For groups of two or three persons we expect 8 or 10 pages, respectively. (This page limit takes the space needed for the title, the list of references, and any figures already into account.) If many or large figures or tables are included, we expect a slightly longer term paper to compensate for this. Please consult your advisor about this. To make the term papers’ lengths comparable, all participants are required to use the ACM SIGPLAN Proceedings Template, preferably in its LaTeX incarnation (default font size, 9pt).

Reading a computer science research paper by Philip W.L. Fong

Reviews

A review is an assessment of a scientific paper, which is submitted for publication at a journal or conference. Scientific peers rate the paper’s quality and thus decide, whether the paper is accepted for publication. Furthermore, peer reviewers provide the paper’s author with suggestions on how to improve it. During this seminar we want to introduce you to this aspect of scientific practice, too.

Consequently, every participant has to write two reviews of other students’ term papers. All reviews should be constructive and name clearly both positive and negative issues with the paper in question. Each such review should contain the following three sections:

  • A short summary of the paper
  • Suggestions for the author, regarding both content and presentation
  • A list of the major positive and negative issues

There is no page limit for the reviews, however, 500 words is a good guideline for a single review.

How to review a systems paper by Timothy Roscoe
How NOT to review a paper: the tools and techniques of the adversarial reviewer by Graham Cormode