| Semester | |
| Modulnummer | INF-VS-041 |
| Studiengänge | Informatik Bachelor, Informations-Systemtechnik Bachelor, Wirtschaftsinformatik Bachelor, Informatik Master, Informations-Systemtechnik Master, Wirtschaftsinformatik Master |
| IBR Gruppe | DS (Prof. Kapitza) |
| Art | Seminar |
| Dozent | |
| Assistenten | |
| LP | 5 |
| SWS | 0+2 |
| Ort & Zeit | *Kick-Off Meeting* Friday, 22.04.2022, 11:00, BBB Online link Weekly meeting time: TBA based on a doodle |
| Scheinerwerb | Submission of the essay, and a successful presentation. The grade is determined by the activity in the seminar as well as the quality of essay and presentation. |
| Inhalt | The seminar is dedicated to exploring existing hardware technologies with emerging availability in cloud environments or datacenters. It will address problems of programmings models, trade-offs, and performance. The core of this seminar is to learn about security mechanisms and new hardware technology that is not limited to the research community but also used in the industry. In essence, showing a running example or going through an example of code in a demo-like way is demanded. The topics covered in the seminar will include: - Networking Hardware: RDMA
- Trusted Execution: SGX, AMD SME, TrustZone
The following list of topics is preliminary and is to be extended with AMD and more Remote Direct Memory Access (RDMA) topics. If you have special interest in any technology please write to Ines Messadi. Seminar Topics | Thema | | | 1) How does RDMA work and why its the fuel for fast networking | | | RDMA is a fast networking technology studied in the research community and leveraged in the industry (e.g., Microsoft). The core feature of RDMA is the ability to directly read or write the memory of a remote host, without any additional steps. This brings very low latency, 1-2 microseconds, and relieves remote CPUs. Task: Explain how to enable an RDMA-based network communication showing a demo and explaining the trade-offs between security and performance Hints | | | 2) Intel Software Guard Extensions (SGX) | | | Cloud computing faces trust issues when managing sensitive data. To address this, Intel developed Software Guard Extensions (SGX) which allows the creation of one or more trusted execution environments inside an application. This part of the application is secured even against the cloud provider or administrator. Task: Explain how does SGX work and what guarantees its security showing a sample example. You task is to explain the internal mechanisms of SGX that gives its security features. Hints | | | 3) Remote Attestation in trusted computing | | | Remote attestation gives the confidence that the remote party is running the expected secured technology. It verifies a genuine, trusted execution capable CPU before any data exchange. Intel SGX includes a remote attestation mechanism that we want to explore here. Task: Explain how does SGX remote attestation works showing a sample example running Hints | | | 4) Sealing in trusted computing | | | SGX provides the Enclave Sealing Mechanism that encrypts the enclave secret to be safely stored in an untrusted storage. Sealing is the feature that allows to retrieve the data when the enclave is destroyed Task: Explain how does SGX sealing works showing a sample example running Hints | | | 5) Graphene SGX | | | With the SGX SDK, developers need to partition their code and application logic into trusted and untrusted compartment. Graphene is a Library OS solution that allows to run your application unmodified. Task: Explain how does Graphene works showing a sample example running Hints | | | 6) Attacks and defenses for SGX | | | While Secure, we witnessed that SGX enclave can have some critical security holes,e.g, due to multithreading, side-channel attacks.. Task: Give an overview and examples of some security holes showing a running example, or explaining with a code snippet(e.g., use-after-free bug) Hints | | | 7) TrustZone-A - Trusted Hardware for ARMs application processor architectures | | | TrustZone-A enables trusted computing in the edge, e.g. on mobile devices. Besides that, it can also be used in ARM based servers. Task: Explain TrustZone for Arm application processor architectures in detail. Run an example software on a Raspberry Pi, e.g. OP-TEE. Hints | | | 8) TrustZone-M - Trust for IoT devices | | | TrustZone-M enables trusted computing for the tiniest IoT devices. It adapts TrustZone-A to the requirements of microcontroller applications: low power consumption and real-time processing Task:Explain TrustZone for Armv8-M in detail. Run an example software on the Nucleo L552ZE-Q, e.g. the bare-metal example from ST on Youtube. Hints | | | 9) Software architectures for TrustZone-M | | | TrustZone for Armv8-M is similar to TrustZone for Arm's application processor architectures. But of course software for microcontrollers is quite different compared to software for applicaton processors. What does this mean for software architectures for TrustZone-M? Can we use similar TEEs for TrustZone-M and TrustZone-A? Task:Present the available software architectures that make use of TrustZone-M. Summarize proposals by ARM, ST, the open source community and in scientific work. Run an example software on the Nucleo L552ZE-Q board, e.g Trusted Firmware M. Hints | | Das Seminar Die Präsentation und die Ausarbeitung muss auf Englisch vorbereitet werden. Jeder Teilnehmer übernimmt die Veröffentlichung(en) eines Themas. Alle Teilnehmer erstellen ein Peer Review, dazu gehört: - Besuch des Probevortrags des Peers inklusive Feedback
- Review der Ausarbeitung der Peers vor der Abgabe.
- Machen Sie mit, indem Sie Fragen stellen und zur Diskussion beitragen.
Bemerkungen Die abzugebenden Dokumente umfassen die Ausarbeitung und einen Foliensatz: - Präsentation und Ausarbeitung auf Englisch.
- Programmierauftrag.
- Präsentationszeit ca. 25 Minuten.
- Länge der Ausarbeitung ca. 4 Seiten.
Jeder Teilnehmer sollte auf seinem Paper aufbauende Veröffentlichungen studieren. Die Seminarbetreuer können bei der Themenfindung helfen. An der Universität werden akademische und persönliche Integrität groß geschrieben. Dementsprechend muss die Ausarbeitung in eigenen Worten erfolgen. Plagiate verstoßen gegen die Prüfungsordnung. Templates Das LaTeX Template für die Ausarbeitung findet sich hier. Zusätzliche Anregungen zur Ausarbeitung finden sich hier. LaTeX Templates für den Foliensatz befinden sich hier. Material Diese Unterlagen sind nur für registrierte Teilnehmer zugänglich. Um sich zu registrieren, benötigen Sie entweder einen IBR-POSIX-Account, den Sie vielleicht bereits im Rahmen einer Arbeit am Institut erhalten haben, oder einen selbst aktivierten IBR-y-Account. Anschließend melden Sie sich über die Login-Funktion dieser Website an. 3. Organization and academic research 6. Sealing, Rollback and forking attacks |
| Termine | 22.04.2022, 11:00 Uhr Kick-Off Meeting (BBB) 29.04.2022, 11:00 Uhr Academic Writing (BBB) 03.06.2022, 11:00 Uhr Intel SGX Background (BBB) 03.06.2022, 11:00 Uhr RDMA (BBB) |
| Literatur/Links | Template: Hilfestellung zum Seminar: Für die Literaturrecherche können folgende Links hilfreich sein: (La)TeX Tips + Tricks |
