Computer Security



This course gives an introduction to computer security from a classical perspective.

Time and Location




The grade will be computed as a weighted sum of the following:

Active participation requires successful completion of homework assignments and projects and is graded on a pass / no pass basis. At least 50% of the cumulative score is required to pass.


Please look at this page for information on tutorials and homework assignments.

Guest Lectures


Users may be authentication by what they know, by what they have, or by what they are. Mechanisms of the third type are called biometric access control mechanisms. In this lecture, Dr. Ullmann gives an overview over biometric identification mechanisms and how they are used for access control.


Our guest speaker, Dr. Markus Ullmann is Referatsleiter of the Bundesamt für Sicherheit in der Informationstechnik (BSI).


Technical information security rests on the proper application of security mechanisms with the goal to counter threats to information assets. However, even systems with flawless security mechanisms are vulnerable to attacks that are directed against the human users of a system. The tactics employed range from so-called social engineering to coercion, and they are common tools for intelligence operations and industrial espionage. In this series of guest lectures, we will give an overview over these tactics and categorize them. Subsequently, we illustrate, analyze and discuss how these tactics have been applied in a series of real-world cases.


Our guest speaker, the former aviator Christoph Remshagen, worked for nearly two decades in the Military Counterintelligence Service. His speciality was counter-espionage, a field on which he has regularly lectured in front of national and international audiences, including occasions as guest speaker at the School for the Protection of the Constitution. For the past two years, he has been assigned to the Legal Affairs Directorate of the German Federal Ministry of Defense.


No lecture on Dienstag April 10, We start on Thursday

Lecture 1, Donnerstag April 12, Course information, motivation and basics

Read: ch. 1-3 of [1]

Lecture 2, Dienstag April 17, User authentication

Read: [2], [3]

Access Control Theory

Lecture 3, Donnerstag April 19, State transition security model

Read ch. 9 of [1]

Lecture 4, Dienstag April 24, Biometric identification and access control

Guest lecture by Dr. Markus Ullmann, BSI

Lecture 5, Donnerstag April 26, Access control matrix model

Read: ch. 4.7.1-4.7.3 of [4], [5], [6]

No lecture on Dienstag Mai 01, Feiertag

Lecture 6, Donnerstag Mai 03, Take-Grant protection model

Read: ch. 4.7.4 of [4], [7], [8]

Lecture 7, Dienstag Mai 08, Mandatory access control models

Read: [9], [10], [11], [12]

Lecture 8, Donnerstag Mai 10, Trojan Horses and Covert Channels

Read: [13], [14], [15]

Introduction to Information Flow Control

Lecture 9, Dienstag Mai 15, Lattice model of information flow

Read: ch.5.1 of [4], [16], [17]

No lecture on Donnerstag Mai 17, Feiertag

No lecture on Dienstag Mai 22, Security Conference Travel

No lecture on Donnerstag Mai 24, Security Conference Travel

Lecture 10, Dienstag Mai 29, Social Engineering I

Guest lecture by Christoph Remshagen, Bundesministerium für Verteidigung

Lecture 11, Donnerstag Mai 31, Security and Precision

Read: [18]

Lecture 12, Dienstag Juni 05, Social Engineering II

Guest lecture by Christoph Remshagen, Bundesministerium für Verteidigung

Lecture 13, Donnerstag Juni 07, Execution-based information flow control mechanisms

Read: ch.5.3 of [4]

Lecture 14, Dienstag Juni 12, Compiler-based information flow control mechanisms

Read: ch.5.4 of [4]

Lecture 15, Donnerstag Juni 14, Program verification with security requirements

Read: ch.5.5-5.6 of [4], [19]

Reference Monitors I

Lecture 16, Dienstag Juni 19, Hardware protection mechanisms, Secure Operating Systems and Trusted Paths

Hacking, Exploitation and Mitigation

Lecture 17, Donnerstag Juni 21, Buffer overflows

Read: [20], StackGuard

Lecture 18, Dienstag Juni 26, Format string vulnerabilities

Read: [21]

Lecture 19, Donnerstag Juni 28, Heap and integer overflows

Read: [22], [23], [24], [25]

Lecture 20, Dienstag Juli 03, Return oriented programming

Read: [26], [27]

Lecture 21, Donnerstag Juli 05, TOCTOU attacks

Read: [28], [29]

Reference Monitors II

Lecture 22, Dienstag Juli 10, Inline reference monitors

Wrapping Up

Lecture 23, Donnerstag Juli 12, Final exam


  1. Morrie Gasser. Building a Secure Computer System. Van Nostrand Reinhold, 1988.
  2. Oechslin, P. Making a Faster Cryptanalytic Time-Memory Trade-Off. In Proc. CRYPTO 2003.
  3. A. Narayanan, V. Shmatikov. Fast dictionary attacks on passwords using time-space tradeoff. In Proc. CCS 2005.
  4. Robling Denning, D. E. 1982, Cryptography and Data Security. Addison-Wesley Longman Publishing Co., Inc.
  5. B. Lampson. Protection. Proc. 5th Princeton Conf. on Information Sciences and Systems, Princeton, 1971. Reprinted in ACM Operating Systems Rev. 8, 1 (Jan. 1974), pp 18-24.
  6. Harrison, M. A., Ruzzo, W. L., and Ullman, J. D. 1976. Protection in operating systems. Commun. ACM 19, 8 (Aug. 1976), 461-471.
  7. Snyder, L. 1981. Formal Models of Capability-Based Protection Systems. IEEE Trans. Comput. 30, 3 (Mar. 1981), 172-181.
  8. Snyder, L. 1977. On the synthesis and analysis of protection systems. Proc. ACM Symposium on Operating Systems Principles (SOSP). pp. 141-150.
  9. David E. Bell and Leonard J. LaPadula, Secure Computer System: Unified Exposition and MULTICS Interpretation, MTR-2997 Rev. 1, The MITRE Corporation, Bedford, MA 01730 (Mar. 1976); also ESD-TR-75-306, rev. 1, Electronic Systems Division, Air Force Systems Command, Hanscom Field, Bedford, MA 01731.
  10. David Elliott Bell, Looking Back at the Bell-La Padula Model, Proc. ACSAC, pp.337-351, 2005
  11. Biba, K., Integrity Considerations for Secure Computer Systems, ESD-TR-76-372, ESD/AFSC, Hanscom AFB, Bedford, MA (Apr. 1977) [NTIS ADA039324]
  12. Brewer, D., Nash, M., The Chinese Wall security policy. IEEE Symposium on Security and Privacy, pp. 206-214, Oakland, May 1989
  13. Thompson, K. 1984. Reflections on trusting trust. Commun. ACM 27, 8 (Aug. 1984), 761-763.
  14. Lampson, B. W. 1973. A note on the confinement problem. Commun. ACM 16, 10 (Oct. 1973), 613-615.
  15. Lipner, S. B. 1975. A Comment on the Confinement Problem. ACM Operating Systems Review 9(5):192-196
  16. Denning, D. E. 1976. A lattice model of secure information flow. Commun. ACM 19, 5 (May. 1976), 236-243.
  17. Jones, A. K. and Lipton, R. J. 1975. The enforcement of security policies for computation. In Proceedings of the Fifth ACM Symposium on Operating Systems Principles (Austin, Texas, United States, November 19 - 21, 1975). SOSP '75. ACM, New York, NY, 197-206.
  18. J. S. Fenton. Memoryless Subsystems. Comput. J. 17(2): 143-147 (1974)
  19. Myers, A. C. 1999. JFlow: practical mostly-static information flow control. Proc. Symposium on Principles of Programming Languages. 1999, 228-241.
  20. Aleph One, 1996. Smashing the stack for fun and profit. Phrack Magazine No. 49, Nov. 1996.
  21. Scut, 2001. Exploiting Format String Vulnerabilities.
  22. Anonymous, 2001. Once upon a free().... Phrack Magazine 57, 9.
  23. Blexim, 2002. Basic Integer Overflows. Phrack Magazine 11, 60.
  24. Mark Dowd, 2008. Application-Specific Attacks: Leveraging the Action Script Virtual Machine. IBM Global Technology Services Whitepaper, April 2008.
  25. Eric Chien, Peter Szor, 2002. Blended Attacks: Exploits, Vulnerabilities and Buffer-Overflow Techniques in Computer Viruses. Virus Bulletin Conference Sep. 2002, New Orleans, USA, 1-35.
  26. Ryan Roemer, Erik Buchanan, Hovav Shacham and Stefan Savage, 2009. Return-Oriented Programming: Systems, Languages, and Applications. In review.
  27. Ralf Hund, Thorsten Holz, Felix C. Freiling, 2009. Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms. Proc. USENIX Security Symposium, 2009.
  28. Dan Tsafrir, Tomer Hertz, David Wagner, Dilma Da Silva, 2008. Portably Solving File TOCTTOU Races with Hardness Amplification. FAST, pp. 189-206.
  29. Xiang Cai, Yuwei Gui, Rob Johnson, 2009. Exploiting Unix File-System Races via Algorithmic Complexity Attacks. IEEE S&P, Oakland, CA, pp.27-41.