Information Security and Privacy

Our information security and privacy education in both Master’s programs offered by the department spans several classes.

Master students in Computer Science are expected to study the theoretical foundations of Cryptography (7.5 CP, winter term) as well as Information Security within Selected Topics in Secure and Distributed Computing (5 CP, summer term). Students who want to specialize in security are invited to also participate in our Master seminar (5 CP) in the summer term and, if possible, continue with a security specialization module (e.g., computing on encrypted data, media security and forensics, privacy-enhancing technologies, game theory for security, usable security and privacy). As a warm-up, they may also consider attending Introduction to Information Security and Privacy (4.5 CP, winter term) and – capacity permitting – the associated proseminar (3 CP, winter term) as part of their individual choice of specialization.

Master students in Software Engineering must complete Introduction to Information Security and Privacy along with the accompanying proseminar (7.5 CP, winter term). They may choose the elective module Advanced Topics in Software Security Engineering, where our lab contributes the VU Secure Programming (5 CP, summer term).

Computer Architectures (Rechnerarchitektur)

Rechnerarchitektur is our “blockbuster” class – taught via Twitch – during the pandemic. We are back in the lecture hall / seminar rooms since the winter term 2022/23. The class consists of a lecture (VO/2, 3 CP), an associated proseminar (PS/1, 2 CP), and optional tutorials. The target group are first-year students of the Bachelor’s program in Computer Science and the extension studies in Computer Science. The lecture concludes with a written exam and the proseminar is graded based on weekly online quizzes.

Specialization Seminar (Vertiefungsseminar)

We regularly offer specialization seminars on selected topics related to information security and privacy targeted at students in the third year of the Bachelor’s program. These seminars do not require (nor teach you) deep understanding of information security principles. Please be patient and wait for the Master’s courses to acquire these skills. Typical topics include web tracking, password security, or embedded systems (in)security. The instance in the 2023/24 winter term will focus on internet censorship.

Blockchain Systems: Principles, Development, Analysis (Blockchain-Systeme: Prinzipien, Entwicklung und Analyse)

Due to popular demand for a fundamental introduction to blockchain systems targeted at third-year students of the Bachelor’s program in Computer Science, we designed an elective module consisting of a lecture and accompanying labs. They contain interdisciplinary elements in order to study the economic and societal implications of widely adopted blockchain systems.

As we are not aware of a public source of German teaching material on blockchain systems, we make the lecture slides from the summer term 2020 available here.

Frequently Asked Questions


I am a student of [any subject]. May I attend your classes?

Our classes are targeted at undergraduate and graduate students in Computer Science and Software Engineering.

However, motivated students of other subjects are very welcome in all classes where it makes sense to collaborate across disciplines. This particularly applies to students of math, physic, economics, information systems, and management. A substantial share of the laboratory’s research staff has a primary degree in one of these fields. In the past, we also had very good experience with students in law and psychology taking selected parts of our courses.

I am (still) a Bachelor student. May I attend classes of the Master program?

All lectures (VO) are generally public. However, students must be formally enrolled in a Master’s program to attend labs (PS, VU) or to take exams.


How can I take an exam?

You must register for each exam you plan to take. This often requires that you are subscribed to the class. Regular attendance and completion of homework and assignments may be required for specific classes (i.e., classes with “immanenter Prüfungscharakter”, namely PS, SE, and VU). While regular attendance is not required for our regular lectures (VO), it is strongly recommended. By policy, the registration for exams closes two weeks before the exam. It is not possible to register late. Please refrain from contracting us with this request.

Where do I find authoritative information on examination dates, times, locations, permitted tools, and registration dates?

The LFU:online database is the only authoritative source of information concerning examinations. We try to include valid information in our course material, but we cannot guarantee to keep it updated.

Do you have general examination principles?

Administrating exams is almost as unpleasant as taking them. But exams are essential to measure and document learning outcomes. We spend quite some thought on striving for meaningful, fair, and efficient exams.

These three principles guide our design of exams:

  1. We want to test your ability to apply knowledge rather than measure the capacity of your short-term memory.
  2. We respect that students set priorities. If you cannot prepare all contents, focus on depth to the level that you can explain some core concepts rather than breadth on a superficial level (smattering).
  3. Know your knowledge and its limits: wrong answers are worse than no answer.
How do these principles materialize in your exams?

Capacity permitting, we prefer oral over written exams, and presence over online exams.

In oral exams, candidates may exclude parts of the lecture and can choose their favorite topic to start with. In return, we expect that you demonstrate a profound understanding and the ability to lead a structured discussion on the remaining topics.

In written exams, we pose many small problems covering the contents of the entire lecture. It is not catastrophic to skip a few problems. This reduces the risk of getting caught on the wrong foot. We value short and precise answers and discourage “fact dumps”. We are aware of the difficulty of posing problems unambiguously. If you need to make additional assumptions to solve a problem, then state them. We will consider such parts of the response in all question types including multiple choice.

Online exams replaced other types of exams during the Covid pandemic. Unfortunately, the ways of interactions and the degrees of freedom in student responses are severely constrained. Multiple choice questions are the norm rather than the exception.

What is the best strategy to succeed in exams?

Attend and actively participate in class.

If this is impossible (due to scheduling conflicts or if you don’t like our style), then prepare with a textbook and the original literature using the keywords from the slide deck as pointers to relevant topics. The slide deck is made to support the presentation. It is not self-contained enough to be the single source for learning all relevant contents.

Shall I take a written exam at the first opportunity or rather wait and see?

We offer three exams for each lecture within a time frame of one year after the beginning of the lecture.

We tend to include easier questions in the first exam and keep more advanced ones for later. This is an attempt to nudge our students towards taking exams early on. Contents are still fresh in memory whereas procrastination leads to more stress at a later point in time. Moreover, subsequent classes can be more elaborate if all students have completed the preparatory classes.

Can we make an appointment to discuss open questions for the exam?

We offer a Q&A session towards the end of each class. Please make use of this opportunity. This is not only more efficient, but also fairer because everyone receives the same information.

The registration deadline for an exam has passed. Can you still enroll or unsubscribe me?

No. We set a deadline to plan seat assignments and print personalized exam sheets.

How are scores converted to marks?

Unless otherwise stated we use the following mapping:

Mark 1 (very good) 2 (good)  3 (satisfactory) 4 (sufficient) 5 (fail)
% > 87 75–87 62–75 50–62 < 50

If the mark is composed of several components, we aggregate possibly weighted sub-scores without rounding. Zero in one sub-score implies failure unless otherwise stated.

I forgot my exam ID. Can you still tell me my score?

No. We keep personal information separate from the score sheet and merge IDs with names only when we transfer the final marks to the examination office.

If I fail, can you discard my exam? If I don’t pass with “very good”, can you make me fail?


I have attended the lecture X semesters ago. Can I still take an exam on the contents of that lecture?

Exams always test the contents of the last iteration of a lecture. While the fundamentals of a field change slowly, we may set different priorities and update or replace around 10–20 % of the contents each year.

I want to inspect my exam (Klausureinsicht) but am unavailable at the scheduled date or time. Can I get a custom appointment?

We organize inspections in batches only and require prior registration. But you may register a delegate with written procuration. Alternatively, you may register for any inspection date of any exam administrated by our group within six months after the exam. In this case, please mention exactly which exam you want to inspect. The secretariat is the only point of contact for matters concerning exam inspections. E-mails to lecturers may remain unanswered.

I study for a teaching degree (Lehramt) and need examiners for the first diploma exam.

Your single point of contact is our teaching coordinator. She will help you to find a commission and make appropriate appointments.

Professor Böhme is on the committee of my first diploma exam (Lehramt). What kind of questions will he ask?

We focus on topics of Computer Architectures (Rechnerarchitektur), but the questions will be more general than in the written exam of this lecture. A typical question could be “How would you explain the von-Neumann architecture to your students?” We expect you to solve one or two such questions on the blackboard and discuss it further, e. g., by asking “Which aspects would you emphasize? How would you best illustrate these aspects? Which homework would you assign?”. (This oral exam will be in German.)


Do you supervise Bachelor’s theses?

We offer topics for Bachelor’s theses and supervise B.Sc. candidates in the context of the class Seminar mit Bachelorarbeit. Please follow the general instructions for writing a Bachelor’s thesis at the Department of Computer Science. A list of available topics is here. This page also contains general information about the Bachelor’s thesis process in our research group.

Do you supervise Master’s theses?

We do supervise Master’s theses. Please approach us after completing our basic information security classes and complete our Master Seminar in the summer term at least once.

I am a student of Information Systems (Wirtschaftsinformatik). Can you supervise my Master’s thesis?

Yes, we do supervise theses in related disciplines provided that the topic (broadly) fits our research interests and it is generally possible according to your curriculum. However, we expect students to attend and pass all relevant courses taught by us. This should ensure that the thesis supervision is efficient and thesis students are familiar with the relevant concepts in security and privacy. In most cases, this includes a security class on the MSc level as well as joining one of our seminars.