Jedes Modul umfasst 3 ECTS. Sie wählen insgesamt 10 Module/30 ECTS in den folgenden Modulkategorien:
- 12-15 ECTS in Technisch-wissenschaftlichen Modulen (TSM)
TSM-Module vermitteln Ihnen profilspezifische Fachkompetenz und ergänzen die dezentralen Vertiefungsmodule. - 9-12 ECTS in Erweiterten theoretischen Grundlagen (FTP)
FTP-Module behandeln theoretische Grundlagen wie die höhere Mathematik, Physik, Informationstheorie, Chemie usw. Sie erweitern Ihre abstrakte, wissenschaftliche Tiefe und tragen dazu bei, den für die Innovation wichtigen Bogen zwischen Abstraktion und Anwendung spannen zu können. - 6-9 ECTS in Kontextmodulen (CM)
CM-Module vermitteln Ihnen Zusatzkompetenzen aus Bereichen wie Technologiemanagement, Betriebswirtschaft, Kommunikation, Projektmanagement, Patentrecht, Vertragsrecht usw.
In der Modulbeschreibung (siehe: Herunterladen der vollständigen Modulbeschreibung) finden Sie die kompletten Sprachangaben je Modul, unterteilt in die folgenden Kategorien:
- Unterricht
- Dokumentation
- Prüfung
Students shall gain an overview over current methods for software assurance. This includes
- automatic test case minimisation;
- negative test case generation ("fuzzing");
- side channels and their avoidance ("constant-time computing");
- security implications when designing safety systems
- exposure to standards-compliant software development;
- software verification and validation;
- safe testing according to the standards; and
- fault tolerance.
Eintrittskompetenzen
Students will need knowledge in software engineering, specifically testing.
Students will need to be reasonably fluent in a variety of languages including but not limited to C and Python. Knowledge of some assembly (e.g., x86, x86-64, or ARM) will be advantageous.
Students will need to be familiar with the idea that there are standards for software development and testing.
Lernziele
- Students can apply test case minimisation techniques to their own
test cases.
- Students know how fuzzing works, to what class of faults it applies, how to interpret its output, and how to use it in their own projects.
- Students know that side channels exist and how they are exploited,
that they are a serious danger to software assurance and security,
and how to avoid certain types of side channel, especially those that have to do with variable-time computation based on secret inputs.
- Students know about the safety life cycle according to IEC 61508 and its adaptation to automotive security in ISO 26262, and can
apply it in their own projects.
- Students can apply probabilistic methods used to estimate the impact of device failures on overall safety.
- Students know what options there are to certify, validate, and verify software components, and what that means.
Modulkategorie
- Safety life cycle according to IEC 61508 (2 lectures)
- Application of ISC 61508 to automotive software (ISO 26262) (1 lecture)
- Probabilistic methods to estimate impact of failure (2 lectures)
- Certification, validation, and verification of software (2 lectures)
- Test cases and their minimisation (2 lectures)
- Negative test case generation ("fuzzing") (2 lectures)
- Side channels (3 lectures)
Lehr- und Lernmethoden
Lectures will be part ex-cathedra, part in-class exercises. These
exercises are designed to be done either individually or in groups and
can therefore be done remotely.
Bibliografie
Andreas Zeller, Why Programs Fail. Morgan Kaufman. Second
Edition, 1770. (Yes, that's the date that Amazon has for the book. In reality, the second edition is from 2008.)
Ari Takanen, Fuzzing for Software Security Testing and Quality
Assurance. Artech House Publishers. Second Edition, 2018.
Seokhie Hong (Ed.), Side Channel Attacks. MDPI. 2019.
David J. Smith and Kenneth G. L. Simpson, The Safety Critical Systems
Handbook: A Straightforward Guide to Functional Safety: IEC 61508
(2010 Edition), IEC 61511 (2015 Edition) and Related Guidance. Butterworth-Heisman. Fifth edition, 2020.
Vollständige Modulbeschreibung herunterladen
Zurück