First year of the SECCLO programme concludes with a summer school.
Sightseeing tour during NTNU Summer School 2019, Photo: Thor Nielsen
In the SECCLO Summer School (5 ECTS) students work as groups on a timely topic in information security. The school is organized in May-June at the end of the first study year by one of the partner universities. The first SECCLO Summer School in May 2019 was organized by NTNU on the topic of Blockchain Technologies.
Students will prepare for the summer school by forming groups and reading provided material that consists of research literature. During the summer school, the students will start a group project which they will complete after the summer school. All SECCLO students are required to participate in the summer school.
The learning goals of the summer school depend on the annual topic. Every year, there are also the following goals:
The third SECCLO Summer School is organized online due to the ongoing pandemic.
Time: preparatory work 5 – 25 May 2021, intensive period 25 – 28 May 2021, French language and culture workshops by Insitut Français de Finlande 4 – 24 May 2021
Responsible Teacher: Professor Davide Balzarotti, EURECOM, France
Visiting scholars: Yanick Fratantonio (CISCO), Mariano Graziano (CISCO), Giovanni Lagorio (University of Genoa)
The main goal of the summer school is to introduce the students to program binary exploitation techniques. The course in divided in four days. The first day will be dedicated to cover material on binary analysis, reverse engineering, debugging, and on the use of Python to script different analysis tasks. The second day will focus on the development of shellcodes and on understanding other techniques used during real attacks. Day three will then be dedicated to the detection and exploitation of security bugs affecting modern software (e.g., memory corruption and integer overflows), modern security mechanisms that have been introduced to prevent their abuse, and to the counter-techniques that are used to bypass such mechanisms. The topics of these first three days are presented for Intel 32 and 64bits CPU architectures, while the final day of the course will introduce the differences (in terms of reversing, shellcoding, and exploitation) on ARM. Special emphasis will be given to the practical aspects of these topics. Each day will start with a morning session in which an instructor will present background material in the form of slides and demos. The day will then continue with a number of practical exercises, in which students (in small groups or alone) will solve challenges of incremental complexity in a Capture-the-Flag-like setting. Finally, each day will end with a recap session in which the instructor will present the solution of the assigned exercises.
After completion of this course, students will have acquired the following knowledge:
-How to use modern tools and extensions to analyze program binaries, reverse engineer their code, and debug their behavior;
-Understanding of a variety of software security bugs (e.g., memory corruption, integer overflows, and logic errors)
-Understanding of real-world security mechanisms and bypasses
– Reverse engineer and debug Linux binaries
– Uncover vulnerabilities
– Gain code execution by exploiting these vulnerabilities and bypass security mechanisms
Learning methods and activities
A practical involvement of every course participant is mandatory. Approximately one month before the start of the school, every participant will receive introductory material on the above topic and a set of simple, preliminary exercises. During the course, participants will receive hands-on assignments that aid the teaching of practical aspects.
80% Challenges assigned during the hands-on parts of the course
20% Participation in class discussion and activity
Recommended previous knowledge:
– Basic knowledge of Linux environment (e.g., command line programs)
– Basic knowledge of C (e.g., compilation, memory model)
– Basic knowledge of Python
Online material will be provided for all participants.
Due to COVID-19 situation, the second summer school is organized online. The topic of the summer school is cyber security.
Time: 14 April – 3 May 2020, intensive period 25 April – 3 May 2020
Responsible teachers: Professor Tuomas Aura, Doctoral candidate Jacopo Bufalino
Credits: 5 ECTS
The curriculum of the SECCLO Erasmus Mundus program includes an annual summer school, where the students are expected to work as groups on a timely topic in information security. Due to the COVID-19 epidemic, the summer school had to be cancelled on a short notice. The summer course on cyber security is primarily a replacement for the cancelled event, and its learning goals remain unchanged. Since the course was implemented online, we were able to invite other students majoring in security to join the course.
After this course, the students have experience of offensive security analysis. They understand the penetration testing process against Windows and Linux based computer systems and know the most common tools and techniques. They are familiar with several types of security vulnerabilities in server and desktop systems. They are also able to identify and critically analyze potential new vulnerabilities. They can communicate and discuss with security professionals and are aware of the latest trends in security analysis. In the project part, the students plan their own work and carry it out in a goal-oriented way as members of a group. They use online tools for remote collaboration and presentation of the results.
The course consists of penetration testing exercises, which are done in an online platform; guest talks and discussion meetings; and a group project with a demo on vulnerability analysis. The course starts with a two-week preparation period with preliminary exercises and project work. The highlight of the course is a nine-day intensive period with daily online meetings for discussion and guest talks and collaborative penetration testing exercises. The course ends with demos and presentations of the project work.
The exercises are based on a carefully selected set of penetration-testing labs from the commercial Hack The Box (HTB) platform. The regular university learning platforms are used for distributing the materials, Zoom is used for the meetings, and Microsoft Teams for continuous communication among the course staff and students. During the intensive period, the course staff engages in the collaborative hacking, monitors the students’ progress, and is continuously available for guidance. The students are encouraged to help each other in an atmosphere of cooperation rather than competition.
The first summer school was organized in Trondheim, Norway, in the premises of Norwegian University of Science and Technology. The summer school focused in Blockchain Technologies.
Organizing university: NTNU – Norwegian University of Science and Technology, Department of Information Security and Communication Technology, Trondheim
Responsible professor: Professor Danilo Gligoroski
This course will provide conceptual understanding of Blockchain as a public distributed database (distributed ledger) that records its immutable transactions through transparent consensus using secure cryptographic techniques. Blockchain is considered as a disruptive technology due to its impact on our modern digital society, especially in the areas of currencies and financial services, banking, contracting, governmentally regulated legal relations, identity management and anonymity and many others. This course will cover in details the blockchain operations and functionality. It will also cover current innovative directions in Blockchain technologies, opportunities and challenges.
After completion of this course, students will have the following:
Lectures, invited lectures and laboratory exercises. An individual practical involvement of every course participant is mandatory. Approximately one month before the start of the summer course, every participant will become an early adopter of a new virtual crypto currency especially developed for the course. During the one week of the summer course there will be online quizzes to support the theoretical and practical aspects. Every participant will receive homework tasks, that will be delivered one week after the summer course. The amount of mined coins, transactions and the overall wealth at the end of the course will influence the final grade.
Recommended textbook: “Bitcoin and Cryptocurrency Technologies: A Comprehensive Introduction”, by Arvind Narayanan, Joseph Bonneau, Edward Felten, Andrew Miller, Steven Goldfeder, July 2016.
Online material will be provided for all participants.