E-mail senden E-Mail Adresse kopieren




Stuhlsatzenhaus 5
66123 Saarbrücken (Germany)


Prof. Thorsten Holz ist Tenured Faculty am CISPA Helmholtz-Zentrum für Informationssicherheit. Bevor er im Oktober 2021 zum CISPA wechselte, war er Professor an der Fakultät für Elektrotechnik und Informationstechnik der Ruhr-Universität Bochum. Seine Forschungsinteressen umfassen technische Aspekte sicherer Systeme, mit einem besonderen Fokus auf Systemsicherheit. Thorsten Holz hat einen Abschluss als Dipl.-Inform. in Informatik von der RWTH Aachen (2005) und den Doktortitel von der Universität Mannheim (2009). Im Jahr 2011 wurde er mit dem Heinz Maier-Leibnitz-Preis der Deutschen Forschungsgemeinschaft (DFG) und 2014 mit einem ERC Starting Grant ausgezeichnet. Von 2019 bis 2021 war er außerdem Co-Sprecher des Exzellenzclusters "CASA - Cyber Security in the Age of Large-Scale Adversaries" (mit C. Paar und E. Kiltz). In den letzten Jahren hat er in vielen Programmausschüssen mitgearbeitet und war Co-Vorsitzender des Programmausschusses (PC) für zwei der führenden Computersicherheitskonferenzen, nämlich dem IEEE Symposium on Security and Privacy (2021, 2022) und dem USENIX Security Symposium (2016).

Veröffentlichungen von Thorsten Holz

Jahr 2023

Konferenz / Medium

USENIX SecurityUSENIX Security Symposium

Konferenz / Medium

Network and Distributed System Security Symposium (NDSS)NDSS

Konferenz / Medium

IEEE Conference on Secure and Trustworthy Machine Learning (SaTML)IEEE SaTML

Konferenz / Medium

Proceedings on Privacy Enhancing Technologies (PoPETs)PETS 2023

Jahr 2022

Konferenz / Medium

USENIX Security SymposiumUSENIX Security Symposium (USENIX Security), 2022.

Konferenz / Medium

USENIX SecurityUSENIX Security Symposium (USENIX Security), 2022.

Konferenz / Medium

USENIX Association31st USENIX Security Symposium (USENIX Security 22)

Konferenz / Medium

TheWebConf 2022TheWebConf 2022

Lehre von Thorsten Holz

Winter 2021/22

Cur­rent To­pics in Systems Se­cu­ri­ty

For the first time, we offer a seminar on "Current Topics in Systems Security". The focus areas of this seminar are software security, network security, privacy, reverse engineering and similar topics. Students are expected to independently investigate a narrowly defined topic, typically based on recently published scientific papers. They are expected to write a text summarizing their findings and prepare a presentation on the topic. The text should be about 15 pages long, while the presentation should be about 20 minutes long. This will be complemented by a discussion on the topic.

The seminar is organized similar to a scientific conference. In addition to writing a summary of a particular topic, students also learn about the peer-review process: An important aspect of the seminar is constructive feedback on other students' reports, e.g., in the form of suggestions on how to improve the writing and presentation. Students should then also use this feedback to improve their own text. The seminar will take place at the end of the semester as part of a block seminar, there will be no weekly classes.

The students get to know methods in research-related teaching and are able to study a closely defined topic on their own based on scientific literature. The students learn to understand technical literature on a specific topic and obtain insights into current research topics. The students can practice to write scientific texts and the summary of complex subject areas. The students learn more about the peer-review process and scientific work in general. Furthermore, the talk enables students to learn to present scientific results and deepen the subject.


The list of topics and papers for this year's seminar can be found here.

Important Dates

  • The kickoff meeting for this seminar is on Tuesday, October 26. The exact time and format will be announced on October 20. Topic assignments will happen on October 27.
  • By the end of November, you need to prepare an outline of your seminar paper.
  • Before the Christmas break, you need to submit a full draft of your seminar paper.
  • We will assign two seminar papers to you and you are expected to write reviews for both of them (due end of January)
  •  You will receive three reviews for your seminar paper and are expected to revise your writing based on this feedback. You can submit the final version of your paper by the end of February.
  • The presentations will be organized in a block seminar during the semester break, dates to be fixed at the kick-off meeting. Participation is mandatory.


  • Based on the assigned topic, you will write a seminar paper that summarizes the topic. The paper should be 15 pages long, we will provide a template. The paper contributes 40% to your final grade.
  • You will write two reviews to provide feedback for seminar papers written by your fellow students. More details on the review process will be provided during the kickoff meeting. In addition to your review, you need to submit 2-3 questions that you plan to ask the presenter of the paper during the block seminar. We will also publish a template for the reviews. Each review contributes 15% to your final grade.
  • During the block seminar, you will present your topic in 20 minutes, followed by a discussion of about 15 minutes. You should practice the talk and you will get feedback on your slides in advance. The presentation contributes 30% to your final grade.
Winter 2021/22

Systems Security

About the course

In this course, important theoretical and practical aspects from the area of systems security are presented and discussed. The focus is on various aspects of software security and different attack and defense techniques are presented. More specifically, important attack methods (e.g., buffer overflowsrace conditionsmicroarchitectural attacks, etc.) as well as defense strategies (e.g., non-executable memoryAddress Space Layout Randomization, memory tagging, etc.) are discussed. Other topics of the lecture are fuzzing, obfuscation, and similar aspects of systems security. 

At the end of the course, students should be able to analyze security aspects of various types of software systems, detect vulnerabilities in the design and implementation, and independently develop security mechanisms. In addition, other aspects from the area of systems security, such as privacy and anonymity, will be discussed. An important part of the course are exercises, which illustrate and deepen the material with practical examples.

At the end of the class, the students know important theoretical and practical aspects of security mechanisms of modern software systems. They are able to independently analyze the security of a given program, detect vulnerabilities in the design, and independently develop possible solutions and protective mechanisms. In addition, they have become familiar with basic terms from the field of systems security. They are able to create new security models themselves and defend them argumentatively. 


There are no formal prerequisites for this course. However, if you want to participate, please take the following aspects into account:

  • You should have experience in systems-oriented programming. In addition, it helps if you have experience in the C programming language to understand some of the topics, Python is helpful as well.
  • You should have a basic understanding of operating systems (e.g., memory management, scheduling, etc.).
  • You should be familiar with Linux, as the exercises are based on a remote exercise framework that is accessible via SSH.

Background in security is also an advantage (e.g., prior participation in the Foundations of Cybersecurity lecture or Security core lecture). However, we will also cover several relevant aspects as part of the lectures.

Time and Location

The lecture will take place every Wednesday from 12:00-14:00 o'clock, starting on October 20, 2021. The lecture will be offered in a hybrid format: we will have regular lectures in the CISPA lecture hall (0.05) and also record the lectures. The exercises will be offered via Zoom, you can find more information on the page "Access to lectures".


For passing the course, you need to obtain at least 50% of the points from the final exam. For admission to the exam, you need to obtain at least 50% of the points from the exercises (120 points). The final grade is based on your exam results only. More details can be found below:


During the semester, there will be seven assignments with a total of 240 points. You need at least 50% in total (120 points) to be admitted to the exam. The assignments cover the topics discussed in the lectures and aim to deepen your knowledge of the topics. We encourage you to solve these assignments because this helps to understand the topics covered in the lectures.

Assignments have to be submitted individually, no group work is allowed. A submission typically consists out of a theoretical and practical part. Submit solutions to all theoretical tasks (e.g., questions, charts to fill out, etc.) in a single PDF file. For all practical tasks, we have prepared a remote environment equipped with all necessary tools and materials. Practical tasks are solved and submitted directly within this environment. Check the Remote Exercise Framework (REF) PDF for more information. These practical exercises are designed like CTF challenges. You will typically be tasked to exploit a vulnerable program to extract a secret flag.

  • Strict no cheating policy
    You can discuss the assignments with other students, but you are not allowed to collaborate on the solution with anyone. Your solution should be original and not be an existing solution (e.g., from someone else or from the Internet). All submissions will be automatically checked for plagiarism, we have a strict no-cheating policy. If we detect a case of plagiarism, we will assign zero points. If you are stuck at some point, you may ask questions in the forum or join the digital consultation-hours. We invite you to help fellow students that asked questions but avoid giving away the solution. Nobody likes spoilers :)
  • Solutions
    We will upload solutions for all assignments but the concise nature of solutions can be insufficient to answer all your questions. We recommend you use the forum or join the digital consultation-hour if you have questions.
  • Writing Assignments
    To simplify grading assignments, we only accept digital not handwritten solutions. We recommend using LateX for these tasks. An example template can be found here. If you need an introduction to Latex, the overleaf documentation is a good starting point.


Written Exam

At the end of the semester, there will be a written exam. The exact date and time will be announced once the information is available. Note that physical presence is required for the exam. The exam consists of both theoretical questions and practical questions. Theoretical questions are based on the theoretic parts and concepts of the slides and possibly additional content presented in the lecture, which is not part of the slides. Practical questions are, in principle, similar to the practical assignments. However, the complexity of the questions is of course scaled to make them adequate for the time available during an exam (e.g., you are not expected to implement a longer piece of assembler code). If you have at least 50% of the points, you will pass the class.

All questions of the exam are in English. Answers can be given either in English or in German, at the student’s discretion.

No lecture notes or any other materials are allowed during the exam. All materials required to solve the practical questions are provided at the exam.