Hide menu

TDDC90 Software Security

Labs


General information

Sign up for the labs! Sign-up deadline is November 9.

All three labs must be completed (and given a pass by the lab assistant) before the deadline. You will work at your own pace, but we recommend that you participate in the lab sessions and try to complete the labs according to the schedule. The labs will become easier if you spend some time reading before doing them. You will find reading material on the page with additional reading material.

Deadline: December 17:th at 6PM. Lab reports handed in after the deadline will be corrected in March. Reports handed in after the first of March will be corrected in June. After the first of June you will have to complete the labs that are part of the coming edition of the course.

Labs in distance mode

This year, we will offer the opportunity to do all labs remotely via ThinLinc. All lab supervision will also be done remotely.

For instructions on how to install necessary software and connect to the ThinLinc server, please see this page (under the heading "Thinlinc").

Procedure for remote lab supervision

Teams will be used for remote lab supervision. The Teams client can be downloaded here.

All registered students will be added to the team TDDC90-LAB-HT21. A private channel will also be created for each Webreg group, where you can communicate with your lab partner while working on the lab. Other students cannot access these private channels. The channels will be named according to the Webreg group numbers (Group 1, Group 2, etc.).

Note that the labs are not designed to allow both students to simultaneously interact with the lab environment and, e.g., write code (although this might work for some of the labs, subject to some caveats). You will have to decide who sets up the lab environment and does the typing, while sharing the screen. (Note to Mac users: You may need to allow screen sharing in Teams by going to Apple Menu > System Preferences > Security & Privacy and selecting Microsoft Teams under Screen Recording.)

The team also has a channel called Assistance requests, where you can ask for help from lab supervisors during the scheduled lab sessions. To request help, post a single message stating your group number, and optionally a brief description of what you want help with. When your request have gotten to the front of the queue, a lab supervisor will enter your private channel. Lab supervisors will service the requests in a first-come first-served manner. Do not try to call attention to yourselves by replying to your own message, as this will cause your position to be reset to the beginning of the queue.

PONG

This is the largest lab in the course. You will be working with several aspects of software security using the same codebase throughout.

Ulf Kargén and Alireza Mohammadinodooshan will jointly supervise this lab.

Lab description: LAB-PONG.pdf

Hand-in instructions: Lab reports should be submitted in pdf format to Alireza Mohammadinodooshan (alireza.mohammadinodooshan@liu.se).

Web Security (WEBSEC)

In this lab you will try out some of the vulnerabilities that have been discussed in the course. You will also be given the opportunity to look at how to mitigate the risks that these vulnerabilities pose.

Ulf Kargén and Alireza Mohammadinodooshan will jointly supervise this lab.

Lab description: LAB-WEBSEC.pdf

Hand-in instructions: Lab reports should be submitted in pdf format to Alireza Mohammadinodooshan (alireza.mohammadinodooshan@liu.se).

Static Analysis (STATIC)

Ulf Kargén and Ahmed Rezine (ahmed.rezine@liu.se) will jointly supervise the lab. (Note that Alireza will NOT be a supervisor for this lab.)

Lab description: LAB-STATIC.pdf

Lab files: sana.zip

Hand-in instructions: As part of the lab you will need to demo your solution to either Ulf or Ahmed. After being passed on the demo, hand in your lab solution (as a pdf) via email to the lab assistant that you demoed for.


Page responsible: Ulf Kargén
Last updated: 2021-11-25