Sem­in­ar: Sys­tem Se­cur­ity SS24

In our seminar, you should learn to present research results in a concise manner, both in writing (Seminar Thesis) and speaking (Seminar Presentation). Additionally, you should learn to give proper feedback, for both the presentation and the thesis of other students in this seminar.

To achieve these goals, we have the following main parts in our seminar (in chronological order):

  1. Submission of a preliminary version of the seminar paper.
    This submission is intended to provide a very early feedback on your paper.
  2. Submission of a pre-final version of the seminar paper.
    This is a finished version of your seminar paper that is then reviewed by other students in the seminar.
  3. Submission of the reviews.
    Each student is assigned and has to submit two reviews of their peers papers. The reviews you receive should help you to improve your own paper.
  4. Presentation of your paper.
    This presentation is held in front of the whole seminar, and you grade each other, the presentation that receives the highest grade from their peers receives the “Best Presentation” award. (This grade is independent of the grade you receive from us for the presentation.)
  5. Submission of the final version of the seminar paper.
    This version includes the feedback from the reviews and is the one graded by us.

Additionally, we have presentations on the topics of research, writing, review, and presentation skills.


  • The topics are distributed in the first week of the semester.
  • The presentations of the seminar papers will be held as a block seminar at the end of the semester.
    • The date is 16.7. and 17.7., betwen 10:00 and 12:30


  • 17.5.: Partial Seminar Paper Submission
  • 24.6.: Final Seminar Paper Submission
  • 8.7.: Peer Review Submission
  • 15.7.: Presentation Slide Submission (you can still change your slides a bit before the talk)
  • 21.7.: Camera-Ready Seminar Paper Submission

The seminar will be organized over Panda. Deadlines are till the end of the day (23:59 local time/as according to Panda).


We will have five meetings, with different topics which will (hopefully) be helpful for you to pass the seminar:

  • 11.4. 9:15 in FU.207 Introduction
  • Online Research Skills
  • Online Writing Skills
  • Online Review Skills
  • Online Presentation Skills


The central topic of this seminar are security papers presented at top conferences.

  1. A Large-scale and Longitudinal Measurement Study of DKIM Deployment
  2. Four Attacks and a Proof for Telegram
  3. F-PKI: Enabling Innovation and Trust Flexibility in the HTTPS Public-Key Infrastructure
  4. GET /out: Automated Discovery of Application-Layer Censorship Evasion Strategies
  5. Hammurabi: A Framework for Pluggable, Logic-Based X.509 Certificate Validation Policies
  6. How Not to Protect Your IP – An Industry-Wide Break of IEEE 1735 Implementations
  7. Inferring Phishing Intention via Webpage Appearance and Dynamics: A Deep Vision Based Approach
  8. Measuring and Mitigating the Risk of IP Reuse on Public Clouds
  9. Mining Node.js Vulnerabilities via Object Dependence Graph and Query
  10. Online Website Fingerprinting: Evaluating Website Fingerprinting Attacks on Tor in the Real World
  11. Oops… Code Execution and Content Spoofing: The First Comprehensive Analysis of OpenDocument Signatures
  12. Open to a fault: On the passive compromise of TLS keys via transient errors
  13. OpenVPN is Open to VPN Fingerprinting
  14. Phish in Sheep’s Clothing: Exploring the Authentication Pitfalls of Browser Fingerprinting
  15. Practically-exploitable Cryptographic Vulnerabilities in Matrix
  16. QCSD: A QUIC Client-Side Website-Fingerprinting Defence Framework
  17. The Closer You Look, The More You Learn: A Grey-box Approach to Protocol State Machine Learning
  18. The State of the SameSite: Studying the Usage, Effectiveness, and Adequacy of SameSite Cookies
  19. Towards Automated Auditing for Account and Session Management Flaws in Single Sign-On Deployments
  20. Trust Dies in Darkness: Shedding Light on Samsung’s TrustZone Keymaster Design
  21. Why Crypto-detectors Fail: A Systematic Evaluation of Cryptographic Misuse Detection Techniques

Grading, Demands, and Expectations

The final grade consists of your presentation (30%), your paper (60%), and your reviews (10%). Additionally, you must meet all deadlines. Getting 0% (i.e. not submitting/not presenting) means failing the seminar.

Seminar Paper

Preliminary Version

  • at least 5 pages of text (excluding title page, table of contents, references, figures, …)
  • describes the main paper problem
  • briefly describe 2 related papers citing your paper

Final Version

  • Essay written according to the standards of a scientific paper.
    Unless otherwise discussed with us:
    • Your paper should summarize the original paper.
    • You should introduce concepts so that any other student in the seminar can understand your paper. (This does not include basic cryptographic/computer science terms.)
    • Like the preliminary, the final paper version has to describe two papers that cite the original. This should give a broader context for your paper.
  • It MUST be written using our LaTeX template (unchanged).
  • We expect around 15 pages of content, the hard lower limit is 9 pages of text (excluding title page, table of contents, references, figures, …). In most cases, the paper should not be longer than 20 pages of content.


  • 20 minutes presentation. 5 minutes discussion and questions.

The best presentation will be awarded! More information will be given in the first meeting.


We will follow a peer review procedure similar to scientific publications:

  • You submit your paper on PANDA
  • Some (2) peers (other students) review your submission:
    • Read and understand the submitted paper
    • Criticize your paper
    • Make recommendations on how to improve
    • Be honest, polite, and helpful when writing your reviews
  • The reviews you receive will not influence your final grade (but you should address/apply them in your final version)
  • Each student has to write 2 reviews (each 1–2 pages)