Flipped Classroom Bonus Points Prerequisites Booklet Examination Expections Integrity Contact and Support

This document is maintained by the Privacy and Security in Information Systems Group (PSI) at University of Bamberg. For printing, use the PDF version of this document.

PSI-AdvaSP-M Syllabus

Summer Semester 2024  ·  v1 / 2024-04-17

Prof. Dr. Dominik Herrmann

This course is called Advanced Security and Privacy. It offers insights into various security and privacy topics, e.g., authentication mechanisms, web tracking, anonymity on the internet, protection against state-level censorship, security ethics, usable security, software security, and advanced cryptography building blocks.

Some of these topics will be covered in depth, some topics will only be introduced. By the end of the semester, you will have a better understanding of security and privacy and how research is done in those areas.

PSI-AdvaSP-M is a module with 6 ECTS credits consisting of a lecture and a tutorial (2+2 hours per week). All materials are provided through the corresponding VC course. In the first two weeks you do not need an enrollment key to join the VC course. After that, please contact our office.

This syllabusA “syllabus” is a document that summarizes information on the organization and content of a course. The term is used mainly in Anglo-Saxon countries. is an attempt to provide all relevant pieces of information about PSI-AdvaSP-M in one place. The syllabus helps managing expectations, and it gives reasons for the course design. It should answer most if not all of your organizational questions. Please read it carefully because it also contains guidelines and rules. If you read this syllabus on a small screen, we recommend the responsive and mobile-friendly HTML version. Feel free to approach us if anything is unclear or missing.

1. Flipped Classroom

Some parts of this year’s lecture will run in the flipped classroom model: We will provide material and extensive self-learning opportunities in advance of face-to-face sessions. Some parts will be classical face-to-face lectures, which are not recorded.

1.1 Materials

There are five types of materials: lecture videos, lecture slides, task sheets, scientific papers, and our web-based self-learning environment, the PSI Arena.

Videos will be released on Panopto via the VC course and can also be downloaded from there. Save the links to the recordings in your browser or – even better – download the videos in order to have access to them in case of failures or overloads.

Lecture slides and other materials will be made available via VC. The slides consist mostly of illustrations and visualizations. We try to keep the amount of text on the slides low to avoid fatigue (“Death by PowerPoint”). This means that you should take notes during the lectures and while watching the videos.

The tasks for the tutorials will be released on VC during the semester together with a schedule that indicates in which week the tasks are presented and discussed in the tutorials.

1.2 Face-to-Face Sessions

As with all other lectures at the Faculty WIAI, attendance in lectures and tutorials is not mandatory but strongly recommended. You can find the rooms and times for the face-to-face sessions in UnivIS. Watch for VC announcements that inform you when face-to-face sessions take place.

At the time of the lecture, we meet for (a) classical lectures and (b) for the plenary.

Face-to-face lectures and plenaries are not be recorded.

In the plenary you can consolidate and review the knowledge you have acquired so far. In contrast to the lectures, the plenary is not a lecture with frontal presentations which you are supposed to consume. During the plenary, you will work on questions and discuss them with your peers. In the plenary, I will call on you and engage in discussions with you. Please come prepared and bring your notes with you.

Furthermore, there are tutorials. In the tutorials, you will present solutions to tasks that you have prepared at home. You can also ask questions and help each other.

1.3 Asking Questions

Do not hesitate to ask your questions!Too scared to ask questions? Maybe the article The Fear of Publicly Not Knowing will help you. It is quite likely that you are not alone with your question. You are, of course, welcome to answer other students’ questions if you feel that you can help.

We would like to help you as quickly and effectively as possible. Supporting you becomes more efficient – and more effective – if you ask informative questions. Informative questions provide the following information:

For more information on asking informative questions, see the Teaching Philosophy.

In general, we do not give you solutions to exercises on the task sheets. However, if you get stuck on the assignments, feel free to contact us for clarification and tips on how to solve them.

For very specific questions that can best be clarified interactively, please approach a tutor in the tutorial. Alternatively, please describe your issue in an email (see section Contact and Support).

1.4 Questions on the VC Forum

For online interaction For information on contact and support options, see the contact and support section. we use the VC forums and emails.

We would like to lower the threshold for asking questions in the VC forums. Your questions and answers can be asked informally - as it is done in other help forums, e.g., Stackoverflow. This means you do not have to add a formal salutation at the beginning or a greeting at the end of your posts.

Some of you may prefer to ask anonymous questions. You can use our anonymous user account psi-student for this purpose. The password and further instructions for login can be found in the VC course.

1.5 Study Groups

We strongly recommend that you form study groups to work through the material, to work on the tasks, to support and motivate each other.

1.6 Keeping up

It is crucial that you stay on top of the course content throughout the semester. Catching up with the material at the end of the semester or shortly before the exam is usually not successful. Therefore, in PSI-AdvaSP-M we use different incentive systems to motivate you, bonus points and the booklet, which will be described in later sections of the syllabus.

2. Prerequisites

For the module PSI-AdvaSP-M, we recommend to be familiar with basic concepts in information security and privacy, which can be acquired, for instance, by taking the module “Introduction to Security and Privacy” (PSI-IntroSP-B).

This includes basic knowledge about the commonly used security terminology, common types of malware and attacks, buffer overflows and related attacks, cryptography, network security, web security, and concepts of privacy. Moreover, participants should have practical experience with at least one scripting or programming language such as Python or Java.

If you feel that you do not understand fundamentals, it is important that you take the time to familiarize yourself with them so that you can follow this course.

You can join the IntroSP VC course of the previous semester to check out the material. Instructions for joining the IntroSP VC course are available in the AdvaSP VC course.

3. Bonus points

In Summer Semester 2024, we implement a new bonus points scheme that is explained in this section. The purpose of the scheme is to incentivize you to come to the tutorials and to work on tasks that prepare you for the exam during the semester. We hope that this scheme helps you succeed in learning new concepts and skills.

You can score up to 10 bonus points (equivalent to 10% of the maximum number of points on the exam) by presenting solutions to homework tasks in the tutorials. They are exercises that are related to the material covered in the lecture.

The tasks will be made available on VC one week before the tutorials in which they are presented and discussed. Every student can present up to two times during the semester.

To obtain bonus points, you have to sign up in the tutorials that take place in week 2 of the semester. We will distribute a form which asks for your name, student number, the preferred tutorial day, and, optionally, up to two weeks in which you are not available for presentations.

We will then randomly allocate to you two tutorial dates for your presentations (taking into account your unavailabilities). We will publish the allocated dates on VC by the end of week 2.

You do not have to prepare tasks for the first tutorials in week 2 of the semester. Presentations start in week 3.

If you miss the sign-up opportunity in week 2, you can write an e-mail to one of the tutors until week 4. We will then allocate you to a tutorial at a later point in time.

3.1 Presentation: Process

Unless specified otherwise, presentations must take between 10 and 15 minutes in English (unless everyone in the room is fluent in German). After your presentation, there is a Q&A session in which other students share their approach and discuss the presented solution. Moreover, the tutor will ask questions to check the depth of your understanding of the task and the solution.

Based on your performance, you score 0–5 bonus points for your presentation. If you score the maximum of 5 bonus points in each of the two presentations. you score the maximum of 10 bonus points in total. We will tell you the amount of bonus points that you scored at the end of the semester.

On the dates that have been allocated to you, you are supposed to present the solutions for the tasks that are scheduled for that week. If you do not show up on your scheduled date, you will score 0 bonus points for that presentation, i.e., we will not allocate a new date for your presentation – unless you present a medical certificate of incapacity of work within 7 days.

To ensure a smooth organization, please confirm your presentation by sending an email to your tutor by the end of Monday in the week you are scheduled to present. If you can foresee that you will not be able to show up, please inform your tutor in advance.

3.2 Format of Presentation

You can present the solution on a whiteboard, using your tablet, or using your laptop. If you use a laptop or tablet, it is your responsibility to check the projector setup and video connectivity in the days before the tutorial to ensure that there are no technical difficulties during the tutorial. If you struggle with the technical setup, contact a tutor by the end of Monday in the week in which your presentation is scheduled.

If you use a laptop or a tablet, you can show the task descriptions and your solution (answers, code, or running programs). You can rely on printed or handwritten notes for your talk.

3.3 Assessment Criteria

We expect you to create an engaging presentation. To achieve that, we recommend to develop the talk while giving the talk, i.e., to derive (parts of) the solution during the presentation instead of merely showing a slideshow or scrolling through your prepared solution.

The tutors will consider the following criteria to assess your presentation and to determine the number of achieved bonus points:

3.4 AI Policy

For the homework tasks, you are allowed to use any aids you see fit to solve the exercises – as long as you follow the Rules for Tools by Christian Spannagel.

Among other requirements, you have to indicate any aids used when you present your solution, either in written form or orally. This applies, in particular, to tools that help you figure out the solution, structure the problem, generate code, generate text, and revise text such as Github Copilot and ChatGPT. It is not necessary to indicate the use of a spellchecker or an IDE.

4. Booklet

One of the most effective learning techniques is to take notes while reading and listening (active reading or active listening). We observe that many students, however, cannot motivate themselves to take notes continuously.

As an additional motivation to take notes on a regular basis, we have introduced the instrument of personal exam booklets. A booklet consists of up to 15 pages (A5 size). Each week you can submit one page by a certain deadline (the exact deadline will be announced online). You can fill your booklet pages with any content you deem useful for the exam (subject to the conditions set out in Section Conditions). Before the exam, we will scale your pages to A5, print them in color, and assemble them into a stapled booklet. You will receive your personal booklet on the day of the exam with the exam questions. At the end of the examination, you hand in the booklet with your exam so that it can be archived with the exam. If you fail the exam, you will receive your booklet in the repeat exam.

Creating the pages for your booklet requires critical thinking. What is the best way to condense the material and write it down clearly and concisely? What content do you want to outsource to the booklet, what can you remember on your own? The booklet thus stimulates an active learning process. If you are working in a learning group it is advisable that each member of your group prepares his or her own draft for every page. Then you can discuss the drafts in your learning group before all group members compile their own pages based on the discussion.

4.1 Conditions

Booklet pagesThe conditions may seem pedantic. However, they are necessary to maintain the examination principle of equal opportunity. may be submitted only during the summer semester and are acceptable aids to the examination only during the current semester and the following winter semester. If you do not submit a page by the deadline, your booklet will have less pages than possible. Changing pages after the deadline is not possible.

All booklet pages must be written in your own handwriting, either on paper or using a tablet. Writing by hand assists your brain in remembering what you have written. Ideally, by the end of the semester, you will know what is in the booklet and what is not, so all lookups during the exam will be quick.

Screenshots of slides, the lecture notes, or from the videos are not allowed – unless you have transferred them in your own handwriting into your booklet. One printed heading in a typewritten font is allowed per page, which is the default behavior of some note-taking apps for tablets.

Scaling down and arranging multiple handwritten elements on a page is allowed. The key condition is that all of the content is in your own handwriting.

You do not have to include citations on the pages, which means, lecture slides, answers to exercise questions, content from Wikipedia etc. can be included without mentioning the source. It is also irrelevant whether booklets of different students contain the same drawings – as long as they have been drawn independently by each person.

Working out booklet pages in learning groups is allowed – as long as each booklet page has been completely handwritten by each person.

If you have taken the course in the past, it is permitted to re-submit your own pages from a past course run once again. While this practice saves work, it has the disadvantage that you will not get the incentive of regular note-taking and the benefit of active learning during the present semester.

4.2 Submission of the Booklet Pages

The submission process is handled via our booklet web application at https://booklet.psi.uni-bamberg.de. The booklet tool requires authentication via the university’s single sign-on service. An invitation code is required the first time you use it. The code can be found in the VC course.

To submit a page, you have to upload an image, ideally using a desktop browser. In the following, we provide some tips to achieve a good result. First, note that we will print your pages in A5 format on a laser printer. If you write very small, you must take care to upload a sharp image with high contrast. Check that your submissions are not too pale, cut off at the edges, or fuzzy. If you take photos of your pages, ensure sufficient and – more importantly – even illumination and use a sufficiently high resolution.Uploading is also possible directly from the smartphone. However, the booklet web application is not yet designed for smartphone browsers. Consider using a dedicated app that helps with digitizing paper documents. Prepare a suitable setup early on, that you are not pressed for time.

What is a high enough resolution? Printouts are easy to read if their resolution is at least 300dpi. So the short side of your image should have at least 1771 pixels, the long side at least 2480 pixels.

Use the preview function of the booklet web application to adjust the cropping and improve the contrast. To get a feel for readability, change the scaling on the computer screen so that the displayed size corresponds to a sheet of A5 sheet of paper laid on top of it. If you can read your writing at this scale, everything should be fine. The booklet application also allows you to download a preview booklet after uploading, which you can print yourself.

4.3 Problem Handling

After successfully uploading a booklet page, the booklet application displays a verification code. Please make a copy of this code and the uploaded file. The code serves as proof that you have successfully uploaded a particular file before the deadline.

If at a later time you find that a booklet page is missing, please send us an email with the image file (the exact same file you previously uploaded) and the code previously displayed in the booklet application. Only if our check shows that this code matches the file, we will add the file to your booklet afterwards.

Sometimes, just before a booklet deadline, the internet is down – or the WiFi at the university is overloaded. If you cannot upload your image file in time because of this, please calculate a cryptographic hash value of the file you wanted to upload. Use a hash function like SHA-256 for this purpose.If you want to prepare for this scenario, it is best to familiarize yourself in advance with how to calculate a cryptographic hash value of a file locally on your computer (in Linux there are command line tools for this). It is also a good idea to prepare everything so that you can quickly send an e-mail over the mobile network using a smartphone, if you have one. The obtained hash value uniquely identifies your file. Send us the hash value (and the hash function used) by e-mail before the deadline. You can also take a photo of the hash value and email it to us over the mobile network. Only if our check after the deadline shows that the hash value matches your image, we will add the file to your booklet.

We recommend that you do not upload booklet pages until just before the deadline. Test the upload process before the deadline to avoid any surprises. You can upload each page as many times as you like until the deadline.

We will not subsequently accept booklets for which you have not provided us with a hash value before the deadline – unless you immediately provide a suitable doctor’s certificate of incapacity.

5. Examination

There will be two opportunities to take a written exam at the end of the winter semester. You must pass only one of the exams to pass the module. The exam will require your on-site presence. The duration of each exams is of 110 minutes (includes 20 minutes reading time).

The dates of the exams will be announced in VC. Note that besides the two exams in the summer semester, there will be no further exams. The next exams will be offered about one year later.

The exam will be an e-exam, i.e., you will write the exam on a laptop that is provided by us. More details on the logistics of the e-exam will be released during the semester in VC. There will be a test exam so that you can familiarize yourself with the electronic examination environment.

The exam questions will be in English, but you can answer in English or in German.

5.1 Relevant Material

Examination tasks are based on contents from the face-to-face lectures, the lecture videos, the exercises on the task sheets, the PSI Arena, and the paper readings. For a good result, it is not enough to focus on selected materials only. In particular, you should also work through the examples given in the lecture and read the provided papers.

We recommend that you look at the exams from previous semesters in VC to familiarize yourself with the style of the exam questions. You will find that for many questions it is not enough to restate facts; on the exam you must show that you can apply your knowledge and transfer it to problems with which you are not familiar.Take the style of the exam questions into account when considering what content to transfer to your booklet pages. Keep in mind that the exams vary considerably in terms of task types and focal points differ considerably from one another. Do not infer from previous exams which content might be asked in the future.

5.2 Authorized Aids

We will give you your booklet together with the exam tasks. Only the booklets distributed by us are authorized, i.e. you are not allowed to bring any further notes to the exam. You are also not allowed to add notes to your booklet before or during the exam. Adding highlights with highlighters, however, is allowed.

Booklets that have not been entirely handwritten by yourself are no authorized aids. It is your responsibility to check whether your booklet meets this criterion. If you find that one of your pages does not meet the requirements after the deadline for that page, you can ask us to delete it from your booklet (before the deadline of the last booklet page). Replacing the content of deleted pages is not possible. After the deadline of the last page, pages cannot be deleted any more.

Furthermore, it is permitted to use a non-programmable calculator. Pocket calculators are considered programmable, when you can store data sets or programs, which remain available after switching off and on again. The Casio FX-5800P, for instance, is not authorized, while the Casio FX-991DE is an authorized aid.

Finally, a dictionary is also an allowed aid during the exam.

If we discover during or after the examination that unauthorized aids have been used, we must proceed in accordance with §7(4) APO, i.e., you will fail the exam. In severe cases and cases of repeated misconduct, additional measures may be imposed by the examination board.

6. Expectations

We love teaching, and we care for you. Please find more information on my expectations in the Teaching Philosophy. On occasion, however, we have to make unpopular decisions to make you (more) successful. For me, it is “more important to be a good professor than your favorite professor.”

We will not focus on teaching you facts. Instead, we want to teach you how to think. In some parts of the course you will have to learn concepts by yourself.

It is your responsibility to

We strongly recommend that you engage with the lectures and exercises each week. Take handwritten notes, rework your notes, and form study groups in which everyone works on all assignments rather than dividing assignments among the members.

Of course, we also expect you to be in conformity with the law.Please ask us if you are unsure if a particular activity is in line with our expectations. In addition, we would like you to treat each other in a professional and considerate manner. Hate speech and any form of discrimination is not tolerable.

7. Academic Integrity

We are investing much time to offer you a high-quality academic education. In response, we expect you to act with integrity, namely by behaving per the commonly shared values of honesty, trust, fairness, respect, and responsibility.

Any (attempted) act that violates the core values associated with academic integrity constitutes academic misconduct. Deception during the examination, during obtaining bonus points, and during the preparation of the booklets

Parts of this section are inspired by the Academic Integrity Tutorial of University of Waterloo (CC BY-NC 4.0). Acts of academic misconduct can interfere with your intellectual development as they obstruct the opportunity to meet a university education’s challenges. Moreover, such actions can potentially undermine our students’ and faculty’s reputation and credibility, which degrades the value of a degree our university. Thus, we cannot tolerate academic misconduct.

Academic misconduct is often a result of overwhelming pressure. Please seek help instead of giving up your integrity. The university offers psychological counseling services to all students.Counseling Services for students of University of Bamberg We are also there for you if you struggle, but you have to get in touch with us for that.

8. Contact and Support

Your instructor is Prof. Dr. Dominik Herrmann. Contact details of the teaching assistants involved with the course are published on VC.

Please ask questions when you are stuck or when you do not understand something.

We prefer to get questions about the content in the Q&A forum in VC. Please also post answers if you can answer a question of your peers.

Asking questions in German is fine if you are uncomfortable with English. Alternatively, use available tools such as deepl.com for translation.

Don’t hesitate to approach us.

If you have a question about organizational or examination matters, which you do not want to post publicly, you can reach Dominik Herrmann via e-mail at dominik.herrmann@uni-bamberg.de.