Logo
Logo-Icon Sitemap Print-Icon Print-Version Contact-Icon Contact
  • Home
  • About IAIK
    • People
    • News
    • Events
    • How To Reach Us
    • Jobs
    • Privacy Policy
  • Research
    • Publications
    • E-Government
    • Formal Methods for Design & Verification
    • Implementation Attacks
    • Java-Security
    • Krypto
    • Secure & Correct Systems
    • Secure Entities for Smart Environments
    • Secure RFID
    • Trusted Computing
    • VLSI
  • Teaching
    • Bachelor Courses
    • Master Courses
    • Master Theses
    • Microsoft Academic Alliance
    • PhD
    • E-Exam
  • Partnerships
    • A-SIT
    • Stiftung SIC
Left Logo
Master Courses
Advanced Computer Networks Applied Cryptography Applied Cryptography 2 Betriebssysteme-Lehramt Critical Information Infrastructures Design and Verification IT-Security Security Aspects in Software Development - Lecture Notes - Practicals - Slides - Timetable Security and Privacy in the Cloud System on Chip VLSI-Design Verification and Testing Seminars/Projects
Right Logo
You are here: Start » Teaching » Master Courses » Security Aspects in Software Development » Lecture Notes

Lecture Notes

Introduction

Thanks to some of your colleagues, who volunteered to start working a lecture notes ("Skriptum") as part of the constructional exercise, a draft version of the lecture notes is available here.

Althought our best efforts it is likely that the draft version of the lecture notes still contains errors. We kindly ask you to report any errors found in the draft version of the lecture notes in the course newsgroup. Preferably start any postings related to the lecture notes with a subject line starting with the prefix "[LECTURE NOTES]". Please note that the lecutre notes do not cover the complete set of topics from the lecture. Most prominently the topic of security policies is not coverd by the lecture notes. Please confer to the slides, or even better visit the lecture!

If you are interested in continuing the excellent work on the lecture notes done by your colleagues, feel free to contact as via e-mail at sicherheitsaspekte@iaik.tugraz.at.

Downloading the lecture notes

The most recent released version of the lecture notes can be downloaded here. Note that the lecture notes PDF file is protected by a password.

In order to get the password for the lecture notes you have to solve the small puzzle given below.

The puzzle

The puzzle for the lecture notes password consist of a small Java applet, a web form and a JavaScript which interacts with the applet. Java and JavaScript must be enabled in order to play with the puzzle applet.

Entering characters into the password entry field of the web form triggers a small JavaScript function which in turn interacts with the applet. The applet implements a visual indicator showing how many of the characters found in the password field are actually contained in the real password.

Note that the applet does not implement the MasterMind board game. Assuming that the password was "abc" the output of the applet would be equal for "bca", "cba", etc. without giving you a hint on the correct position of the characters.

Normally the applet shows a green block for each correct character (regardless of the position) and a red block for each wrong character. Once you enter the correct password, the applet shows the words "PASSWORD OK" on a blue background.

You can download the JAR file containing the applet and a simple test website from here.

Lecture notes password:

Hints for solving the puzzle

  • The password is 22 characters long and contains lower-case characters as well as two digits and three special characters. Even if you know all characters of the password (all blocks green) there are still 22! = 1124000727777607680000 ~ 270 possible arrangements to test.
  • The applet has to know the password somehow.
  • Download the JAR archive and take a look at its contents.
  • Tools like a hexeditor or javap (from JDK) might be helpful.
  • When playing with the applet on the website, the FireBug plugin for the Mozilla FireFox web-browser can be useful.

© 1990 - 2012 IAIK TU Graz
Contact | Jobs | Sitemap | Impressum