Semester | |
Module # | INF-VS-041 |
Programmes | Computer Science Bachelor, Computer and Communication Systems Engineering Bachelor, Business Information Systems Bachelor, Computer Science Master, Computer and Communication Systems Engineering Master, Business Information Systems Master |
IBR Group | DS (Prof. Kapitza) |
Type | Seminar |
Lecturer | |
Assistants | |
Credits | 5 |
Hours | 0+2 |
Time & Place | *Kick-Off Meeting* Friday, 22.04.2022, 11:00, BBB Online link Weekly meeting time: TBA based on a doodle |
Certificates | Submission of the essay, and a successful presentation. The grade is determined by the activity in the seminar as well as the quality of essay and presentation. |
Content | The seminar is dedicated to exploring existing hardware technologies with emerging availability in cloud environments or datacenters. It will address problems of programmings models, trade-offs, and performance. The core of this seminar is to learn about security mechanisms and new hardware technology that is not limited to the research community but also used in the industry. In essence, showing a running example or going through an example of code in a demo-like way is demanded. The topics covered in the seminar will include: - Networking Hardware: RDMA
- Trusted Execution: SGX, AMD SME, TrustZone
The following list of topics is preliminary and is to be extended with AMD and more Remote Direct Memory Access (RDMA) topics. If you have special interest in any technology please write to Ines Messadi. Seminar Topics | Topic | | | 1) How does RDMA work and why its the fuel for fast networking | | | RDMA is a fast networking technology studied in the research community and leveraged in the industry (e.g., Microsoft). The core feature of RDMA is the ability to directly read or write the memory of a remote host, without any additional steps. This brings very low latency, 1-2 microseconds, and relieves remote CPUs. Task: Explain how to enable an RDMA-based network communication showing a demo and explaining the trade-offs between security and performance Hints | | | 2) Intel Software Guard Extensions (SGX) | | | Cloud computing faces trust issues when managing sensitive data. To address this, Intel developed Software Guard Extensions (SGX) which allows the creation of one or more trusted execution environments inside an application. This part of the application is secured even against the cloud provider or administrator. Task: Explain how does SGX work and what guarantees its security showing a sample example. You task is to explain the internal mechanisms of SGX that gives its security features. Hints | | | 3) Remote Attestation in trusted computing | | | Remote attestation gives the confidence that the remote party is running the expected secured technology. It verifies a genuine, trusted execution capable CPU before any data exchange. Intel SGX includes a remote attestation mechanism that we want to explore here. Task: Explain how does SGX remote attestation works showing a sample example running Hints | | | 4) Sealing in trusted computing | | | SGX provides the Enclave Sealing Mechanism that encrypts the enclave secret to be safely stored in an untrusted storage. Sealing is the feature that allows to retrieve the data when the enclave is destroyed Task: Explain how does SGX sealing works showing a sample example running Hints | | | 5) Graphene SGX | | | With the SGX SDK, developers need to partition their code and application logic into trusted and untrusted compartment. Graphene is a Library OS solution that allows to run your application unmodified. Task: Explain how does Graphene works showing a sample example running Hints | | | 6) Attacks and defenses for SGX | | | While Secure, we witnessed that SGX enclave can have some critical security holes,e.g, due to multithreading, side-channel attacks.. Task: Give an overview and examples of some security holes showing a running example, or explaining with a code snippet(e.g., use-after-free bug) Hints | | | 7) TrustZone-A - Trusted Hardware for ARMs application processor architectures | | | TrustZone-A enables trusted computing in the edge, e.g. on mobile devices. Besides that, it can also be used in ARM based servers. Task: Explain TrustZone for Arm application processor architectures in detail. Run an example software on a Raspberry Pi, e.g. OP-TEE. Hints | | | 8) TrustZone-M - Trust for IoT devices | | | TrustZone-M enables trusted computing for the tiniest IoT devices. It adapts TrustZone-A to the requirements of microcontroller applications: low power consumption and real-time processing Task:Explain TrustZone for Armv8-M in detail. Run an example software on the Nucleo L552ZE-Q, e.g. the bare-metal example from ST on Youtube. Hints | | | 9) Software architectures for TrustZone-M | | | TrustZone for Armv8-M is similar to TrustZone for Arm's application processor architectures. But of course software for microcontrollers is quite different compared to software for applicaton processors. What does this mean for software architectures for TrustZone-M? Can we use similar TEEs for TrustZone-M and TrustZone-A? Task:Present the available software architectures that make use of TrustZone-M. Summarize proposals by ARM, ST, the open source community and in scientific work. Run an example software on the Nucleo L552ZE-Q board, e.g Trusted Firmware M. Hints | | Seminar The talk and essay has to be done in English. Each participant will take one or more papers under a specific topic. Participants are responsible for a peer review, including: - Attend peer's presentation dry run and give feedback.
- Review peer's essay before submission.
- Participate by asking questions, contributing to the discussion.
Notes Please submit the essay as well as your presentation slides. The requirements for presentation and essay are listed as follows: - Presentation and essay in English.
- Programming assignment.
- Presentation time about 25 minutes.
- Essay should comprise about 4 pages.
Each participant is supposed to do further research based on the paper. The supervisors are always glad to help in this case. The strength of the university depends on academic and personal integrity. In this seminar, essays must be done in your own words. Plagiarism is an offense against the examination regulations. Templates The LaTeX template for seminar essay can be found here. Additional considerations for the design of the essay can be found on the website of IBR. LaTeX templates for presentation slides can be found here. Additional considerations for the design can be found on the website of IBR. Material The material is only available to registered attendees. In order to register, you need either an IBR POSIX account or a self-activated IBR-y-account. Afterwards you can login to this site. 3. Organization and academic research 6. Sealing, Rollback and forking attacks |
Schedule | 22.04.2022, 11:00 Kick-Off Meeting (BBB) 29.04.2022, 11:00 Academic Writing (BBB) 03.06.2022, 11:00 Intel SGX Background (BBB) 03.06.2022, 11:00 RDMA (BBB) |
References | Template: On World-Wide-Web, there are different ways to enhance your seminar presentations: For the literature review there links might be helpful: (La)TeX Tips + Tricks |