Secure Systems

The following is a list of possible topics for the seminar in the summer term of 2018


you need a working knowledge of IT-Security basics for this course! You also need a software development background and possibly some systems knowledge.You will learn to build damage reducing systems and we will also investigate current attacks to check our understanding, but again: this is no IT-Security course!

Hardware Security: covert channels, race conditions, boot and system management and other weak points. Methods to find problems e.g. in hardware transactional memory. Retpoline from Google. Silent Corruptions, KELEMEN Péter, CERN IT. Hardware Architectures for Software Security, Joshua N. Edmison, Diss. Virginia Polytec. Institute.
Trusted root of systems. Taking Teslas solution for cars we could look at the general principles of building a trusted root and try to come up with something for IoT.
Adversarial Neuronal Networks. I would like to continue this topic from last term as it has the potential to affect NN use almost everywhere. How can we test NNs? How do we calculate reliability?
Resilience, system stability and change, robustness: what does the theory on cybernetics, complex adaptive systems and system theory say about damage resistence? A look at Nassim Taleb's Antifragility book might help too. How complex systems fail.
Cloud security and the BeyondCorp approach of Google: Intranet is dead!
Secure Architectures for Critical Infrastructures. How can we secure CI given all the security problems of hardware and software? Renn, Ortwin (Hrsg.): Das Energiesystem resilient gestalten: Szenarien – Handlungsspielräume – Zielkonflikte (Schriftenreihe Energiesysteme der Zukunft), München 2017.
Formal Methods for large scale architectecures: TLA+ by Leslie Lamport. How to Build Static Checking Systems Using Orders of Magnitude Less Code, Fraser Brown, Andres Noetzli, Dawson Engler, Stanford Univ.
Continuous Deployment and its security problems.DevOOPs: Attacks And Defenses For DevOps Toolchains Insomni'hack 24 March 2017
Crash consistend applications (not all file-systems are created equal). Self-controlling software? Self-healing software? This topic will become more important with autonomous devices. Reducing Crash Recoverability to Reachability, Eric Koskinen Junfeng Yang Yale University Columbia University, Redundancy Does Not Imply Fault Tolerance: Analysis of Distributed Storage Reactions to Single Errors and Corruptions Aishwarya Ganesan, Ramnatthan Alagappan, Andrea C. Arpaci-Dusseau,
RustBelt: Securing the foundations of the Rust programming language Jung et al., POPL, 2018. Language security and formal verification. We should take a look at the ownership concept and compare it to an object capability. I have a tummy feeling that we are talking about the same thing here. And creating an object capability with exclusive but transferable ownership is just a capability desing pattern. And not to forget: how will Java fix the "unsafe" feature? (Rust has it also).
web assembly based on object capability principles? for caps:
High-Assurance Cyber Military Systems (HACMS): Baking Hack Resistance Directly into Hardware. how does it work?
A list of post mortems and what we can learn from them. Danluu, github
The Importance of Features for Statistical Anomaly Detection David Goldberg, Yinan Shan, EBAY
The fight for better software and systems, history: A design methodology for reliable software systems, by B. H. LISKOV, The MITRE Corporation, Bedford, Massachusetts (1972). Bernard Meyer's Design by Contract?
Security Industrial Complex: EUs framework program on security. Military companies, boarder security etc. A view on global developments in military and surveillance industry.
Grey failures are failures which are very hard to find as they get frequently masked by fault-tolerant features of systems. They reduce theoretical availability and can lead to an unexpected system crash. A paper from azure engineers explains some of the problems found. Gray Failure: The Achilles’ Heel of Cloud-Scale Systems
Smart Meter: how do we secure devices for IoT and Smart Home use? 9 vendors want certification from the BSI. Technological, economical and ecological considerations.
How can Byzantine Protocols prevent attacks from participating nodes? What are the costs? What are the failure assumptions (DOS, wrong protocol etc.). Are those protocols alternatives for critical infrastructures. An example given by Liskov and Castro which was discussed on morningpaper.

If you want to see what we did in past terms, take a look at my blog entry on 2016 .