Secure Systems

The following is a list of possible topics for the seminar in the summer term of 2018

Note

you need a working knowledge of IT-Security basics for this course! You also need a software development background and possibly some systems knowledge.You will learn to build damage reducing systems and we will also investigate current attacks to check our understanding, but again: this is no IT-Security course!

  1. Will we soon use fingerprints etc. in browsers to authenticate against services? A new standard evolves: WebAuthN

  2. Hardware Security: covert channels, race conditions, boot and system management and other weak points. Methods to find problems e.g. in hardware transactional memory. Retpoline from Google. Silent Corruptions, KELEMEN Péter, CERN IT. Hardware Architectures for Software Security, Joshua N. Edmison, Diss. Virginia Polytec. Institute.

  3. Trusted root of systems. Taking Teslas solution for cars we could look at the general principles of building a trusted root and try to come up with something for IoT. There is a larger report on the Tesla solution available.

  4. Adversarial Neuronal Networks. I would like to continue this topic from last term as it has the potential to affect NN use almost everywhere. How can we test NNs? How do we calculate reliability? Also: The Malicious Use of Artificial Intelligence, Forecasting, Prevention, and Mitigation, a very interesting study by lots of researchers.AAAI trip report, lots of adversarial stuff . Take a look at Jonas Miederers presentation in blog.mi.

  5. Resilience, system stability and change, robustness: what does the theory on cybernetics, complex adaptive systems and system theory say about damage resistence? A look at Nassim Taleb's Antifragility book might help too. How complex systems fail.

  6. Cloud security and the BeyondCorp approach of Google: Intranet is dead!

  7. Secure Architectures for Critical Infrastructures. How can we secure CI given all the security problems of hardware and software? Renn, Ortwin (Hrsg.): Das Energiesystem resilient gestalten: Szenarien – Handlungsspielräume – Zielkonflikte (Schriftenreihe Energiesysteme der Zukunft), München 2017.

  8. Formal Methods for large scale architectecures: TLA+ by Leslie Lamport. How to Build Static Checking Systems Using Orders of Magnitude Less Code, Fraser Brown, Andres Noetzli, Dawson Engler, Stanford Univ.. also Snarky, a high level language for verifiable computation

  9. Continuous Deployment and its security problems.DevOOPs: Attacks And Defenses For DevOps Toolchains Insomni'hack 24 March 2017

  10. Crash consistend applications (not all file-systems are created equal). Self-controlling software? Self-healing software? This topic will become more important with autonomous devices. Reducing Crash Recoverability to Reachability, Eric Koskinen Junfeng Yang Yale University Columbia University, Redundancy Does Not Imply Fault Tolerance: Analysis of Distributed Storage Reactions to Single Errors and Corruptions Aishwarya Ganesan, Ramnatthan Alagappan, Andrea C. Arpaci-Dusseau, https://www.usenix.org/conference/fast17/technical-sessions/presentation/ganesan and FAST 18 papers on fault-tolerant storage and what happens When during filesystem restore operation the power fails again?

  11. RustBelt: Securing the foundations of the Rust programming language Jung et al., POPL, 2018. Language security and formal verification. We should take a look at the ownership concept and compare it to an object capability. I have a tummy feeling that we are talking about the same thing here. And creating an object capability with exclusive but transferable ownership is just a capability desing pattern. And not to forget: how will Java fix the "unsafe" feature? (Rust has it also). Another thing: Checked C is an extension for the C language that is supposed to avoid buffer overruns etc. Worth looking at it as most system software is still written in C/C++.

  12. Serverless computing (FAAS): what are the implications for security? Serverless Security

  13. web assembly based on object capability principles? for caps: What are Capabilities?

  14. High-Assurance Cyber Military Systems (HACMS): Baking Hack Resistance Directly into Hardware. how does it work?

  15. A list of post mortems and what we can learn from them. Danluu, github

  16. The Importance of Features for Statistical Anomaly Detection David Goldberg, Yinan Shan, EBAY

  17. The fight for better software and systems, history: A design methodology for reliable software systems, by B. H. LISKOV, The MITRE Corporation, Bedford, Massachusetts (1972). Bernard Meyer's Design by Contract?

  18. Security Industrial Complex: EUs framework program on security. Military companies, boarder security etc. A view on global developments in military and surveillance industry.

  19. Investigate some attacks and vulnerabilities: beA (mail to lawywers), meltdown, ...Traffic hacksJavascript side channel attacks and Server side javascript injection

  20. Grey failures are failures which are very hard to find as they get frequently masked by fault-tolerant features of systems. They reduce theoretical availability and can lead to an unexpected system crash. A paper from azure engineers explains some of the problems found. Gray Failure: The Achilles’ Heel of Cloud-Scale Systems

  21. Smart Meter: how do we secure devices for IoT and Smart Home use? 9 vendors want certification from the BSI. Technological, economical and ecological considerations.

  22. How can Byzantine Protocols prevent attacks from participating nodes? What are the costs? What are the failure assumptions (DOS, wrong protocol etc.). Are those protocols alternatives for critical infrastructures. An example given by Liskov and Castro which was discussed on morningpaper. A comparison of blockchain consensus and byzantine consensus in Murat's paper summary of Bitcoin-NG

  23. The financial subsystem has shown a tendency for disaster several times in the past. Can we measure the risk inside this subsystem? There is an interesting EU project (part of FP7) that tries to identify and measure the risk. Systemic Risk Tomography Signals, Measurements, Transmission Channels and Policy Interventions . And while we are at it: let's take a look at current EU programs in security. Dan Geer just wrote a very interesting paper on global risks and interdependencies dubbed A Rubicon

  24. Bruce Schneier says that AI mightt tip the balance more towards defense against attacks because it does not suffer from the human weaknesses (speed, errors, scale). How will the black hats counter this development? And how can black hats use AI? General ML Security

  25. The train system of a country is certainly a critical infrastructure. We might be able to take a closer look at the german bundesbahn thanks to a contact I got recently.

  26. Evoting has been a topic for security a while ago. Modern societies will have to use the internet to increase participation. Hack-profing elections will be key to this.

  27. Is Quantum Computing a threat to security and which algorithms are affected?

  28. Smart Contracts are still a hot topic. Can we verify those automatically? Another look at smart contracts in Ethereum S.C.. What kind of improvements for security are possible with a not-turing-complete language?

  29. The autonomous war: robots, drones and other technology against human beings. How far are we? Killer Robots stoppen. And not to forget: there is a tight connection to the Financial Industry

  30. Hard words: Linus Torvalds, Public Mar 13, 2018, It looks like the IT security world has hit a new low. If you work in security, and think you have some morals, I think you might want to add the tag-line "No, really, I'm not a whore. Pinky promise" to your business card. Because I thought the whole industry was corrupt before, but it's getting ridiculous. At what point will security people admit they have an attention-whoring problem? AMDFLAWS.com. We can take a look at the current state of the security-industrial complex.

  31. Human Performance and Software Errors. Its time to study software problems in detail because they are very much linked to human behavior and cause major loss of money or lives nowadays. Software Troubles

  32. Security is never far from legal problems. John Kingston wrote a paper on AI and Legal Liability which covers current opinions on this difficult subject.

  33. The world economic forum on: Environment and Natural Resource Security

  34. Two nice publications for secure system research. First, Future Now Institute published its report on 225 trends and a list of post mortems and lessons learned appeared on Github.

  35. Preparedness is a big part of a resilient system. Netflix uses its Simian Army/Chaos Monkeys to cause serious errors in production, just to test their resilience.

If you want to see what we did in past terms, take a look at my blog entry on 2016 .