PSI-AdvaSP-M Advanced Security and Privacy

Dominik Herrmann
Vorlesung, 2,00 SWS, ECTS: 6, Tutorials start in the second week of the lecture period.
Mi, 10:00 - 12:00, WE5/00.019
Einzeltermin am 19.7.2019, 10:00 - 12:00, WE5/00.019
Voraussetzungen / Organisatorisches:
Participants should be familiar with basic concepts in information security and privacy, which can be acquired, for instance, by taking the module "Introduction to Security and Privacy" (PSI-IntroSP-B). This includes basic knowledge about the commonly used security terminology, common types of malware and attacks, buffer overflows and related attacks, cryptography, network security, web security, and concepts of privacy. Moreover, participants should have practical experience with at least one scripting or programming language such as Python or Java.

Approach: This module is taught in English. It consists of a lecture and tutorials. During the course of the tutorials there will be theoretical and practical assignments (task sheets). Assignments and exam questions can be answered in English or German. Lecture and tutorials are partially taught in form of a paper reading class. Participants are expected to read the provided literature in advance and participate in the discussions.
Information security and privacy are relevant in almost all information systems today. Many real-world use cases have complex security and privacy requirements involving multiple parties. Often there are multiple stakeholders with different, sometimes even contradictory interests. For instance, some use cases call for a solution that allows a service provider to process sensitive data without learning its content. In other cases it is not the content but some meta information such as location and usage intensity that has to be protected. And then there are scenarios where seemingly harmless pieces of data can be used to disclose or infer very personal pieces of information about an individual. This module covers advanced techniques for information security and privacy that can be used to satisfy the complex requirements of practical systems. It builds upon the basic concepts in information security that are introduced in the module "Introduction to Security and Privacy" (PSI-IntroSP-B).
Selected topics: cryptographic methods and protocols, e.g., homomorphic encryption, attribute-based credentials, secure multi-party computation, zero-knowledge proofs, format-preserving and identity-based encryption, group signatures, and proxy re-encryption; attacks on privacy in datasets and communications (inference techniques, online tracking); privacy engineering and privacy enhancing technologies (e.g., Tor); usable security and privacy; other current topics in privacy and security. Some parts of the lecture are aligned with current events and recently published research. The selected topics are therefore subject to change.

Competencies: This module is designed to bring students towards the research boundaries in the field of security and privacy technologies by covering a selection of contemporary topics in depth. The focus of the module is on technical safeguards that can be used by system designers and users to enforce properties such as confidentiality and integrity. Moreover, sophisticated attacks on security and privacy are explained. Successful students will be able to explain attack strategies and defenses discussed in recent research papers. They will also be able to analyze whether a particular attack or defense is relevant in a specific scenario. Finally, they will be able to implement selected attacks and defenses with a programming language of their choice.


PSI-EiRBS-B: Einführung in Rechner- und Betriebssysteme

Dominik Herrmann
Vorlesung, 2,00 SWS
Mo, 14:00 - 16:00, WE5/00.022
Einzeltermin am 27.5.2019, Einzeltermin am 14.6.2019, 10:00 - 12:00, WE5/00.022
Voraussetzungen / Organisatorisches:
Für Details zur Übungsorganisation melden Sie sich bitte vor Semesterbeginn in folgendem VC-Kurs an: https://vc.uni-bamberg.de/moodle/course/view.php?id=35288
Es sind keine Vorkenntnisse erforderlich. Insbesondere wird keine Erfahrung mit Linux und Programmiersprachen vorausgesetzt.
Die Modul bietet einen ersten Einblick in die Informatik der Systeme. Neben einer an Systemen ausgerichteten Einführung in die Informatik behandelt die Veranstaltung die Aufgaben und Architekturmerkmale sowie die wesentlichen Komponenten von Rechner- und Betriebssystemen. Behandelt werden insbesondere der Aufbau und die Funktionsweise eines minimalen Rechners (Aussagenlogik, Gatter, Speicherbausteine) sowie die Darstellung von Daten im Rechner und ihre Speicherung und Verarbeitung. Auf moderne Prozessorarchitekturen wird ebenfalls eingegangen. Darüber hinaus werden die wesentlichen Komponenten der Systemsoftware (Prozess- und Ressource-Scheduling, Speicherverwaltung, Hintergrundspeicher, I/O-Handhabung) erläutert und deren Zusammenspiel mit der Rechnerarchitektur aufgezeigt. Die Themen werden anhand von Modellen, marktgängigen Programmiersprachen (insbes. Java, Python, C) und aktuellen Rechner- und Betriebssystemen (insbes. Linux) behandelt.

Studierende erlangen einen ersten Überblick über die Gebiete der Informatik und lernen die grundlegenden Begriffe und Methoden der Informatik sowie die wichtigsten in der Informatik verwendeten Techniken kennen. Die Studierenden haben ein grundlegendes Verständnis zustandsbasierter Systeme und der darin möglichen Abläufe (Prozesse). Zusätzlich kennen sie den Aufbau moderner Rechner- und Betriebssysteme und die dabei zur Anwendung kommenden Informatiktechniken.


PSI-Sem-B Seminar Security and Privacy Recommendations

Dominik Herrmann
Seminar, 2,00 SWS, ECTS: 3
Di, 16:00 - 18:00, WE5/03.004
Voraussetzungen / Organisatorisches:
Participants should have basic knowledge in software engineering, foundations of computing, operating systems, and networks. Basic knowledge in information security and privacy (cf. PSI-IntroSP-B) is useful but not required.
The default language in this seminar is English, unless all participants are fluent in German.
In this seminar, participants form small groups, research in scientific sources (books and essays), and give a talk about a topic covering security and/or privacy foundations. They give a talk summarizing their findings and write them up in a term paper.
While participants are expected to perform the actual research on their own, the instructors provide extensive support throughout the seminar. There will be sessions on how to approach a topic, how to find relevant literature, how to read a paper efficiently, how to write a seminar report, and how to give a good talk.
The actual topics are subject to change. A list of available topics is made available before the first session in VC or on the website of the Privacy and Security in Information Systems Group.


PSI-SemEthics: Seminar Applied Ethics for Cybersecurity

Dominik Herrmann
Seminar, 2,00 SWS, ECTS: 3, This seminar is an online course (MOOC).
Zeit/Ort n.V.
Voraussetzungen / Organisatorisches:
This is an online course without any regular sessions. All required materials will be published on VC. Please make an appointment with Prof. Dr. Dominik Herrmann, if you need personal assistance.
The Chair for Privacy and Security in Information Systems is currently developing a MOOC (online course) on Ethics of Cybersecurity and Privacy within the CANVAS Project that is funded by the European Commission. We invite everyone to take part in the beta version of this course.

Successful participants can get 3 ECTS seminar credits (subject to conditions outlined below). Both bachelor and master students can participate. In principle, this course is open for students from all subjects, but please check with your program advisor whether you are eligible to do a seminar (formally it counts as a seminar from the Computer Science subject group within the WIAI Faculty).

We expect the beta version of the MOOC to become available in May 2019 (URL will be announced here). The MOOC consists of multiple short video lectures on ethics, information security, privacy, a number of case study interviews from practitioners as well as a series of recorded talks.

Requirements to obtain the 3 ECTS:
  • Until the end of the semester (September 30) You submit a seminar report on one of the topics outlined below. The seminar report must be shorter than 5000 words (max. 12 pages, including title page, table of contents, and list of references). A LaTeX template will be provided, using Word is acceptable as well.
  • You give a 15 min talk at the end of the semester (schedule will be announced later, probably between July and September).
  • You watch the videos of the MOOC and give us feedback on the MOOC (optional).

For the report you will get up to 60 points. For the talk you will get up to 20 points.

Every MOOC video comes with a number of questions (mostly single or multiple choice). If you submit correct answers to these questions, you can score up to 20 bonus points which will be added to the 60+20 points above.

The grading scheme is available in the VC course.

Potential Topics:
  • Surveillance at the workplace: techniques to monitor employees, risks and benefits as well as responsible approaches
  • Learning analytics: techniques to monitor employees, risks and benefits as well as responsible approaches
  • Bluetooth and WiFi Tracking: risks to privacy and security as well as potential benefits
  • Ethics of clickstream tracking and the advertisement economy
  • Ethics in the Internet of Things
  • Ethics of research of the Tor Network
  • Ethics of vulnerability disclosure and vulnerability markets
  • Ethics of protecting against phishing and research approaches in this field
  • Ethics of scanning the internet (shodan, censys, zmap)
  • Ethics of botnet research and bot take-down (bricker bot)

