Online Exam

Dear Students!

The exam 2022 will be an oral online exam! It will be carried out with the CS department’s BigBlueButton instance.

The room will be the following: https://bbb.informatik.uni-bonn.de/b/m4r-vrx-d9v

We will allocate a time slot of 45 minutes for each oral exam.

You will receive an email on the mailing list explaining the slot allocation procedure. The slot allocation will be initiated after the exercise class for the last exercise sheet.

To participate in the exam, you have to take care of the following prerequisites:

• You must have a webcam that is active while the exam is taking place and aligned such that you are visible.
• You must have a stable Internet connection. If the connection quality is not sufficient during the exam, we first try to fix the problem. If the problem is not fixable within a reasonable amount of time, the exam will be aborted and you will be allowed to retry the exam on another occasion.
• You must be alone in your room.
• Remove all items you do not need for the exam from your direct reach (e.g. from the desk you are using for the exam). This holds especially true for technical devices (Smartphones, …). We might ask you to show us the workspace in front of you or even your room (360 degrees).
• Have your Student ID and ID card or passport at hand. You will have to show these to us at the beginning of the exam.
• Neither you nor us are allowed to record the exam.
• During the exam, we might ask you to draw something. You can either use a mouse, tablet or other technical BigBlueButton-compatible device of your choice. Make sure BigBlueButton supports your input device before the exam begins.
• Please make sure that you are in a good mental and physical condition.

If you try to cheat, the exam is over and will be graded as “not sufficient” (failed). Using devices other than the one needed for the video conference and possibly for drawing will be regarded as cheating.

We are only allowed to tell you your grade via BBB if you explicitly request it. Otherwise, you will find out your grade via BASIS a few days after the exam.

We will offer to do short mock exams with you in the week before the actual exams, so you can test your BigBlueButton setup. You can of course also test your setup yourself by creating your own room and checking the webcam and microphone before the exam.

If you cannot guarantee that you have a webcam, stable Internet connection and/or a quiet room please contact us at least 3 working days prior to the exam. We will then try to arrange a solution that permits you to still take the exam.

If you decide to not take part in the exam, please let us know at the latest the day before your scheduled date! Nevertheless, you may withdraw from the exam at any point until the oral exam has finished (the technical term from the examination regulations is “Rücktritt” or “Abbruch”, respectively). In that case, you do not lose an exam attempt for PABE. (Not sure if that even matters since PABE is scheduled to be replaced by a PA lecture and a BE lecture from winter term 2022/23 onwards.)

If technical issues occur during the exam (i.e. your Internet connection fails) you can reach us via telephone using the following number +49 228 50212 595.

We will announce delays or other organizational remarks here: https://element.matrix.informatik.uni-bonn.de/#/room/#pabe-wt-2021:matrix.informatik.uni-bonn.de
Please use your GSG/CS credentials to login to the matrix server.

If you have questions please open a ticket at seclab@posteo.net

Q&A

How will the exam look like?

We will meet in BBB. There will be 3 persons from Fraunhofer FKIE (Prof. Dr. Elmar Padilla, Martin Clauß, and a changing third person you know from the lecture). We will share a PDF presentation that contains the questions. You will be able to “draw” on the slides to mark certain things and show us “where you are” (mentally) while you are explaining. It is always a good idea to let us know what you think (instead of saying nothing) even if you don’t have the answer yet. It’s also okay to honestly say that you did not learn a specific topic, so we can move on to something else.

What kind of questions will you ask?

• We show you an exploit (probably in Python) and you have to explain what kind of exploit it is and how it works, what the bug class is and how exploits of that kind work in general.

• We show you some code (C or ASM), you tell us what it does and how to find an exploit. Also, what is special about this kind of exploit? What are the constraints?

To summarize: We will mostly ask technical questions instead of broad and generic questions. The code snippets will have a manageable size! Just have a look at this example: https://godbolt.org/z/nq6GYK Check out the C code and the Assembly. Use the colors to match the C code to the machine code instructions.

How do I know if I am well prepared?

If you invested the time to do the exercises you should be safe. If not, try to solve some of them before the exam and really understand what you are doing. It’s also a very good idea to imagine what we could ask you and try to answer the question to yourself. Often you will notice if you are able to explain everything smoothly or if you still have a knowledge gap.