Project Seminar for Master Programs - CybSec/CS/ITSE/DE/SSE/DH (WS2024/2025)

(last update on 14.10.2024)

Introduction

Nowadays security issues of modern IT infrastructures, devices, and applications have been more and more frequently shown as the headlines of news or reports on the media. Billions of money has been invested every year for researching, developing, and deploying security solutions. The goal of this seminar is to investigate in a deeper manner how the security issues look like and how the security approaches work in practice. Students are expected to work in a small team with up to 2 members on  a topic  from the following list:

1. Network Scanning and Monitoring
2. Tunneling and Virtual Private Network (VPN)
3. AI for Cybersecurity
4. Data-driven threat detection
5. Cyber Threat Intelligence
6. IoT Security and Security in Edge/Fog Computing: Home Automation, Vehicle, ...
7. Security of Mobile OSes and Apps
8. Complex Attacks and APT
9. Web Security: SSL/TLS, Web Application Firewall (WAF), ...
10. Email Security: Signature, Encryption, Spamming, Phishing, ...
11. AI Security
12. The topic proposed by you

Important Notes:

1. Due to the limit of capacity, we can only offer max. 12 positions  for this course.If you have the interest, please  find a partner  and  write an email (preferably with the topic you're interested in) to feng.cheng AT hpi.de (First Come, First Served)
2. The introductionary session has been held at 13:30, on October 14, 2024  in  Room L-1.06 (Campus II). 
3. We are NOT guiding you for hacking and participation in this seminar could NOT be an excuse for any kinds of your malicious actions towards unauthorized resources over Internet!!!

Requirements

• Good knowledge in
  • networking technologies (TCP/IP, Routing, ...)
  • operating systems and software engineering
  • security basics (e.g., lectures on "Internet Security - Weaknesses and Targets" and "Informationssicherheit", etc.)
• Satisfied hands-on skills and engineering capabilities

Further Readings

• William R. Cheswick, Steven M. Bellovin, “Firewalls and Internet Security”, second Edition, Addison-Wesley, 2003.
• Andrew S. Tanenbaum, "Computer Networks", fourth edition, Prentice Hall PTR, 2003. 
• Charlie Kaufman, Radia Perlman, and Mike Speciner. "Network Security: Private Communication in a Public World", second Edition, Prentice Hall PTR, 2002.
• Dafydd Stuttard, Marcus Pinto, "The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws",  Wiley & Sons, 2007.
• Phrack Magazine
• Milw0rm
• Metasploit
• THC 
• openPGP
• nmap
• TA0043
• TA0042
• TA0007
• ...

Grading

The final evaluation will be based on: report, presentation, design, implementation, participation in the seminar.

• Presentation/Demonstration and technical report
  • Intermediate (40%):
    • Lightning Talk: 10% (Prüfungstermin: 09.12.2024)
    • Presentation (research): 20%
    • Practice (implementation): 10%
  • Final (40%)
    • Presentation (design + architecture + experiments + analysis): 20%
    • Practice (implementation): 20%
  • Technical Report: (20%)
    • Project management, final deliverable, report, ...

• Your active participation, creative/innovative ideas, or successful implementations will be appreciated with bonus points.
• The above-mentioned evaluation principles are only for reference and  subject to change. The concrete evaluation may slightly differ from team to team depending on the selected topic(s) and other relevant factors.

Important Dates

The seminar will start right on the first day of SS2024. Regular meeting will be held every week or upon request.

• 14.10.2024   Introduction (DONE)
• CW42-43.2024:
  • Team Building, Topic Assignment and Literature Recommendation (per Email)
  • NO Joint Session on 21.10.2024
• 28.10.2024 Enrolment Deadline +   Discussion Meeting (Topics, Organization and Plan)
• CW44-49.2024   
  • Weekly Team Meetings (Literatures,Tools and Scenarios)
• 09.12.2024   Gater-Together (Lightning Talk) 
• CW50.2024-CW01.2025:
  • Weekly Team Meetings (Progress Report & Scenario Implementation, per Email)
• 06.01.2025 Phase I: Presentation & Demonstration (Scenario)
• CW02-07.2025: 
  • Weekly Team Meetings (Project Implementati)
• 17.02.2025  Phase II: Presentation & Demonstration (Integrated Project)
• 30.03.2025  Submission Deadline (Report & Final Deliverables)

Contacts

• Feng Cheng (G2-E.25, 0331-5509-519)
• Pejman Najafi (G2-E.18, 0331-5509-3959)