Speaker Prof. Dr. Stefan Brunthaler
Date Thursdays 10:00-12:00
Module IN2362


  • run-time organization of programs
  • code injection attacks and defenses
    • buffer overflows and stack canaries
    • control-flow hijacking and control-flow integrity
  • code re-use attacks and defenses
    • return-oriented programming and software diversity
    • counterfeit object-oriented programming (COOP)
  • data attacks
    • non-control data attacks and data-flow integrity/randomization
  • current topics
    • theoretical limits of control-flow integrity
    • trends in software diversity

Relevant aspects of the lecture will be complemented by lab assignments.

Lecture Mode

This lecture will be held in a flipped classroom format where students can access lecture recordings. There will be a bi-weekly Q&A session with the lecturer. The date will be agreed with students and lecturer.


The examination is an oral examination (60 minutes) in two parts (weighting 50/50).
The first part consists in a presentation of the executable implementations of simple techniques of the four exsheets on the laptop or projector and the answering of specific questions. Through this first part, students
demonstrate the ability to use theoretical content to solve concrete, application-related problems and to implement these solutions.

The second part of the oral examination consists of three questions on the subject matter of the lecture and questions and topics covered here. This second part of the oral test demonstrates the extent to which undersof basic language-based security procedures can be obtained.
Thus, as a whole, it should be demonstrated that in a limited time, for example, types of current attacks and/osecurity issues can be correctly identified and effective defence techniques and/or answers can be found, apassessed.

Possibility of re-taking:

  • In the next semester: No
  • At the end of the semester: Yes

Recommended Requirements

IN2227 - Compiler Construction I
IN2209 - IT Security