Quicklinks

CISPA Summer School 2018 - System Security

The Summer School 2018 on System Security will take place at Helmholtz Center for Information Security (CISPA) in Saarbrücken from August 27 – 31, 2018.

The CISPA Summer School 2018 will give you a deep dive into four highly relevant areas of system security. You will be able to meet and learn from top experts in these fields. During hands-on training sessions you will learn how to understand, find and exploit vulnerabilities for different platforms (Mobile, Web, and PC) and how to counter these exploits. Furthermore, you will be able to showcase your own best work in a poster session and discuss them with top researchers.

Topics:
Mobile apps have become an integral aspect of most of our daily routines and are hence entrusted with some of the most sensitive private information. In this session, we will cover basics of Android apps’ architecture and then delve into some of the most common security vulnerabilities of apps, their effects, and their root causes. In addition, we will look into state-of-the-art code analysis techniques for apps and their challenges in the particular setting of Android’s system design.
Testing with randomly generated inputs (“fuzzing”) has shown to be one of the easiest and cost-effective methods to discover bugs and vulnerabilities. In this session, we show how to build highly effective fuzzers, using and mining grammars to specify input formats, mutation to alter existing inputs, as well as exploiting coverage of grammars and code. These principles highly effective in practice – applied on the Mozilla and Chrome JavaScript interpreters, a fuzzing student of ours netted 50,000$ in bug bounties in the first four weeks of running his fuzzer; his tool now is in daily use at Mozilla and has uncovered more than 4,000 bugs so far . We provide sample Python code such that you can apply and experiment with these techniques right away – on subjects and domains of your choice.
The Web today has grown into a fully-fledged application platform, fueling widely used services like Social Networks, email clients, or even office applications. In this session, we cover the basic security principleson the client, showing different attacks allowing an adversary to control the browser of his victim, such as XSS or CSRF. Moreover, we cover lesser-known classes of flaws, which may allow adversaries to extract information from their victim. Based on the attack techniques taught in the course itself, you will then be able to test your newly acquired skills by exploiting vulnerable Web applications.
Ever wondered about what use-after-free vulnerabilities, heap spraying, buffer overflows, control-flow integrity or ASLR are really about? This One-day session covers a wide range of software exploitation techniques and cutting-edge defenses. We lay the foundation with in-depth knowledge about operating systems and software-hardware interaction in general. This is followed by a crash course on 64 bit Intel assembly, which will give you first building blocks for attack techniques against vulnerable software. This ranges from basic exploitation techniques that piggyback malicious payload to sophosticated code-reuse attacks, which can change the behavior of a victim program. By the end of this day, you will be able to prove your fresh skills by cracking a vulnerable software.
Experts:
Michael Backes (CISPA)
Sven Bugiel (CISPA)
Sebastian Lekies (Google)
Stefan Nürnberger (CISPA)
Siegfried Rasthofer (Fraunhofer SIT)
Christian Rossow (CISPA)
Ben Stock (CISPA)
Andreas Zeller (CISPA)
When:
August 27 - August 31, 2018
Where:
CISPA − Helmholtz Center for Information Security
Stuhlsatzenhaus 5
66123 Saarbrücken, Germany
 
Participation fee:
180,- Euro (including public transportation, catering, and social program).
Accommodation:
not included in the participation fee, but CISPA is providing support in finding accommodation. » More Information
How to apply:
fill out the linked PDF below (Register now) and sent it via email to . Don't forget to attach a Motivation Letter, Curriculum Vitae, Transcript of Records, and University Certificates.
Application deadline:
June 15, 2018