TeamUSEC
Projects
Publications
Classes
Theses
Team
Code of Conduct
Projects
Publications
Classes
Theses
Team
Code of Conduct

Empirical Information Security

Semester: 2024 Winter
For: Bachelor & Master
Format: Lecture
Credit Points: 5 CP
Mascot

Master-level lecture covering concepts and advances of empirical security research.

Structure

  • The course material for this class can be found at Stud.IP.
  • There will be ungraded exercises each week covering topics of the lecture as they will appear in the Exam.

Prior knowledge from the lecture Foundations of IT Security is expected. Knowledge acquired in the courses Introduction Usable Security and Privacy, Usable Security and Privacy Lab, and Introduction to Empirical Methods of Human-Centered Computing can support the topics of this course.

Syllabus

An overview over the planned syllabus for this Lecture. Dates and content may change as the course progresses.

  • The first exercise will be held on 2024-11-07.
  • (25.10.) 00-Administrivia and Basics of Doing Research
  • (01.11.) 01-Empiricism and Science of Security
  • (08.11.) 02-Ethics of (Empirical) Security
  • (15.11.) 03-Internet Security: Scanning the Entire IPv4 Space
  • (22.11.) 04-Internet Security: TLS and HTTPS
  • (29.11.) 05-Internet Security: Web Measurements
  • (06.12.) 06-Cryptography: Public Key Cryptography
  • (13.12.) 07-Cryptography: TBA
  • (20.12.) 08-Software Security: Empiricism and Vulnerabilities (Fuzzing and Co)
  • (10.01.) 09-Software Security: TBA
  • (17.01.) 10-Software Security: Open Source
  • (24.01.) 11-Recap Lecture
  • (31.01.) 12-Q&A and Exam Prep
  • [1] “Introduction to Modern Statistics (2e).” Accessed: Oct. 17, 2024. [Online]. Available: https://openintro-ims.netlify.app/
  • [2] A. Stafeev and G. Pellegrino, “{SoK}: State of the Krawlers – Evaluating the Effectiveness of Crawling Algorithms for Web Security Measurements,” presented at the 33rd USENIX Security Symposium (USENIX Security 24), 2024, pp. 719–737. Accessed: Oct. 17, 2024. [Online]. Available: https://www.usenix.org/conference/usenixsecurity24/presentation/stafeev
  • [3] I. Koishybayev et al., “Characterizing the Security of Github {CI} Workflows,” presented at the 31st USENIX Security Symposium (USENIX Security 22), 2022, pp. 2747–2763. Accessed: Oct. 17, 2024. [Online]. Available: https://www.usenix.org/conference/usenixsecurity22/presentation/koishybayev
  • [4] M. Zimmermann, C.-A. Staicu, C. Tenny, and M. Pradel, “Small World with High Risks: A Study of Security Threats in the npm Ecosystem,” presented at the 28th USENIX Security Symposium (USENIX Security 19), 2019, pp. 995–1010. Accessed: Oct. 17, 2024. [Online]. Available: https://www.usenix.org/conference/usenixsecurity19/presentation/zimmerman
  • [5] C. Herley and P. C. Van Oorschot, “SoK: Science, Security and the Elusive Goal of Security as a Scientific Pursuit,” in 2017 IEEE Symposium on Security and Privacy (SP), May 2017, pp. 99–120. doi: 10.1109/SP.2017.38.

Important Dates

Will be announced

Exam

We will pass on any information regarding exam date and rooms when available.

The latest exam dates can be found on the faculty’s website: Exam dates.