Technische Universität Braunschweig
  • Study & Teaching
    • Beginning your Studies
      • Prospective Students
      • Degree Programmes
      • Application
      • Fit4TU
    • During your Studies
      • Freshmen-Hub
      • Term Dates
      • Information for Freshman
      • Practical Information
      • Additional Qualifications
      • Financing and Costs
      • Special Circumstances
      • Campus life
    • At the End of your Studies
      • Discontinuation and Credentials Certification
      • After graduation
      • Alumni
    • For Teaching Staff
      • Strategy, Offers and Information
      • Learning Management System Stud.IP
      • Team Teaching and Media Education
    • Contact
      • Student Advice Centre
      • Academic Advice Service
      • Admissions Office
  • Research
    • Research Profile
      • Core Research Areas
      • Clusters of Excellence
      • Research Projects
      • Research Centres
    • Early Stage Researchers
      • Promotion of early career scientists
      • PhD-Students
      • Postdocs
      • Junior research group leaders
      • Junior Professorship and Tenure-Track
      • Habilitation
      • Service Offers for Scientists
    • Research Data & Transparency
      • Transparency in Research
      • Research Data
      • Open Access Strategy
      • Digital Research Announcement
    • Research Funding
      • Research funding
    • Contact
      • Research Services
      • Academy for Graduates
  • International
    • International Students
      • Why Braunschweig?
      • Degree seeking students
      • Exchange Studies
      • Doctorate (PhD)
      • Refugee Students
      • Welcome Programme
      • TU Braunschweig Summer School
    • Scientists
      • Mobile Researchers at the TU Braunschweig
      • Research Services and European Office
    • Language and intercultural competence training
      • Learning German
      • Intercultural Communication
    • International Profile
      • Internationalisation
      • International Cooperation
    • International House
      • Information for first semester students
      • Contact
      • News and Events
      • Advisory Services
      • Location
      • About us
  • TU Braunschweig
    • Our Profile
      • Aims & Values
      • Regulations and Guidelines
      • Alliances & Partners
      • Facts & Figures
      • Our History
    • Career
      • Working at TU Braunschweig
      • Vacancies
    • Economy & Business
      • Knowledge and Technology Transfer
      • Entrepreneurship
    • General Public
      • Access to the University Library
    • Media Services
      • Communications and Press Service
      • Communications and Press Service
      • Film and photo permits
      • Advices for scientists
      • Topics and stories
    • Contact
      • General Contact
      • Getting here
  • Organisation
    • Presidency & Administration
      • Presidency
      • Designated Offices
      • Administration
      • Committees
    • Faculties
      • Carl-Friedrich-Gauß-Fakultät
      • Faculty of Life Sciences
      • Architecture, Civil Engineering and Environmental Sciences
      • Faculty of Mechanical Engineering
      • Fakultät für Elektrotechnik, Informationstechnik, Physik
      • Faculty of Humanities and Studies in Education
    • Institutes
      • Institutes from A to Z
    • Facilities
      • University Library
      • Gauß-IT-Zentrum
      • International House
      • Sports Centre
      • Facilities from A to Z
    • Equal Opportunity Office
      • Equal Opportunity Office
      • Family
      • Diversity for Students
  • Search
  • Quicklinks
    • People Search
    • Webmail
    • Campus map
    • CloudStorage
    • Messenger
    • Cafeteria
    • Courses
    • Stud.IP
    • Library Catalogue
    • IT Self-Service
    • Information Portal (employees)
    • Link Collection
    • DE
    • EN
    • IBR Twitter
    • IBR YouTube
    • Facebook
    • Twitter
    • Instagram
    • YouTube
    • LinkedIn
Menu
  • Technische Universität Braunschweig
  • Organisation
  • Faculties
  • Carl-Friedrich-Gauß-Fakultät
  • Institutes
  • Institute of Operating Systems and Computer Networks
Logo IBR
IBR Login
  • Institute of Operating Systems and Computer Networks
    • News
    • About us
      • Whole Team
      • Directions
      • Floor Plan
      • Projects
      • Publications
      • Software
      • News Archive
    • Connected and Mobile Systems
      • Team
      • Courses
      • Theses
      • Projects
      • Publications
      • Software
      • Datasets
    • Distributed Systems
      • Team
      • Courses
      • Theses
      • Projects
      • Publications
      • Software
    • Algorithms
      • Team
      • Courses
      • Theses
      • Projects
      • Publications
    • Microprocessor Lab
    • Education
      • Summer 2023
      • Winter 2022/2023
      • Summer 2022
      • Theses
    • Services
      • Library
      • Mailinglists
      • Webmail
      • Knowledge Base
      • Wiki
      • Account Management
    • Spin-Offs
      • Docoloc
      • AIPARK
      • Confidential Technologies
    • Research Cooperations
      • IST.hub

Seminar Verteilte Systeme: Secure or Fast? Datacenter Hardware Technologies

Semester
Summer 2022
Winter 2021/2022Winter 2019/2020Summer 2019Winter 2018/2019Summer 2018Winter 2017/2018Summer 2017Winter 2016/2017Winter 2015/2016Summer 2015Winter 2014/2015Summer 2014Summer 2013Summer 2012
Module #INF-VS-041
ProgrammesComputer Science Bachelor, Computer and Communication Systems Engineering Bachelor, Business Information Systems Bachelor, Computer Science Master, Computer and Communication Systems Engineering Master, Business Information Systems Master
IBR GroupDS (Prof. Kapitza)
TypeSeminar
Lecturer
Photo
Assoz. Prof. Leander Jehl
Ehemaliger Kommissarischer Abteilungsleiter
jehl[[at]]ibr.cs.tu-bs.de
Assistants
Photo
Ines Messadi
Ehemalige Wissenschaftliche Mitarbeiterin
messadi[[at]]ibr.cs.tu-bs.de
Photo
David Niederprüm
Wissenschaftlicher Mitarbeiter
niederpruem[[at]]ibr.cs.tu-bs.de
+49 531 3913249
Room 134
Credits5
Hours0+2
Time & Place

*Kick-Off Meeting* Friday, 22.04.2022, 11:00, BBB Online link

Weekly meeting time: TBA based on a doodle

Certificates Submission of the essay, and a successful presentation. The grade is determined by the activity in the seminar as well as the quality of essay and presentation.
Content The seminar is dedicated to exploring existing hardware technologies with emerging availability in cloud environments or datacenters. It will address problems of programmings models, trade-offs, and performance. The core of this seminar is to learn about security mechanisms and new hardware technology that is not limited to the research community but also used in the industry. In essence, showing a running example or going through an example of code in a demo-like way is demanded. The topics covered in the seminar will include:

  • Networking Hardware: RDMA
  • Trusted Execution: SGX, AMD SME, TrustZone
The following list of topics is preliminary and is to be extended with AMD and more Remote Direct Memory Access (RDMA) topics. If you have special interest in any technology please write to Ines Messadi.

Seminar Topics

Topic
1) How does RDMA work and why its the fuel for fast networking

RDMA is a fast networking technology studied in the research community and leveraged in the industry (e.g., Microsoft). The core feature of RDMA is the ability to directly read or write the memory of a remote host, without any additional steps. This brings very low latency, 1-2 microseconds, and relieves remote CPUs.

Task: Explain how to enable an RDMA-based network communication showing a demo and explaining the trade-offs between security and performance

Hints

  • RDMA one-sided tutorials
  • RDMA security
  • Design Guidelines for High Performance RDMA Systems
2) Intel Software Guard Extensions (SGX)

Cloud computing faces trust issues when managing sensitive data. To address this, Intel developed Software Guard Extensions (SGX) which allows the creation of one or more trusted execution environments inside an application. This part of the application is secured even against the cloud provider or administrator.

Task: Explain how does SGX work and what guarantees its security showing a sample example. You task is to explain the internal mechanisms of SGX that gives its security features.

Hints

  • Intel SGX for Dummies
  • Sample Enclave
  • Intel Software Guard Extensions Programming Reference
3) Remote Attestation in trusted computing

Remote attestation gives the confidence that the remote party is running the expected secured technology. It verifies a genuine, trusted execution capable CPU before any data exchange. Intel SGX includes a remote attestation mechanism that we want to explore here.

Task: Explain how does SGX remote attestation works showing a sample example running

Hints

  • Remote attestation wiki
  • SGX attestation services
4) Sealing in trusted computing

SGX provides the Enclave Sealing Mechanism that encrypts the enclave secret to be safely stored in an untrusted storage. Sealing is the feature that allows to retrieve the data when the enclave is destroyed

Task: Explain how does SGX sealing works showing a sample example running

Hints

  • Sealing
  • Rollback and Forking Detection for Trusted Execution Environments using Lightweight Collective Memory
5) Graphene SGX

With the SGX SDK, developers need to partition their code and application logic into trusted and untrusted compartment. Graphene is a Library OS solution that allows to run your application unmodified.

Task: Explain how does Graphene works showing a sample example running

Hints

  • a Library OS for Unmodified Applications
6) Attacks and defenses for SGX

While Secure, we witnessed that SGX enclave can have some critical security holes,e.g, due to multithreading, side-channel attacks..

Task: Give an overview and examples of some security holes showing a running example, or explaining with a code snippet(e.g., use-after-free bug)

Hints

  • Attacks and defenses: Taesoo Kim
  • AsyncShock: Exploiting Synchronisation Bugs in Intel SGX Enclaves
7) TrustZone-A - Trusted Hardware for ARMs application processor architectures

TrustZone-A enables trusted computing in the edge, e.g. on mobile devices. Besides that, it can also be used in ARM based servers.

Task: Explain TrustZone for Arm application processor architectures in detail. Run an example software on a Raspberry Pi, e.g. OP-TEE.

Hints

  • www.developer.arm.com
  • Demystifying Arm TrustZone: A Comprehensive Survey
  • www.trustedfirmware.org/projects/op-tee
8) TrustZone-M - Trust for IoT devices

TrustZone-M enables trusted computing for the tiniest IoT devices. It adapts TrustZone-A to the requirements of microcontroller applications: low power consumption and real-time processing

Task:Explain TrustZone for Armv8-M in detail. Run an example software on the Nucleo L552ZE-Q, e.g. the bare-metal example from ST on Youtube.

Hints

  • www.developer.arm.com
  • Demystifying Arm TrustZone: A Comprehensive Survey
  • STM32L5 MCU Series using TrustZone on youtube
9) Software architectures for TrustZone-M

TrustZone for Armv8-M is similar to TrustZone for Arm's application processor architectures. But of course software for microcontrollers is quite different compared to software for applicaton processors. What does this mean for software architectures for TrustZone-M? Can we use similar TEEs for TrustZone-M and TrustZone-A?

Task:Present the available software architectures that make use of TrustZone-M. Summarize proposals by ARM, ST, the open source community and in scientific work. Run an example software on the Nucleo L552ZE-Q board, e.g Trusted Firmware M.

Hints

  • www.developer.arm.com
  • www.tf-m-user-guide.trustedfirmware.org
  • uTango: an open-source TEE for IoT devices
  • On Security of TrustZone-M Based IoT Systems
  • Towards a Green and Secure Architecture for Reconfigurable IoT End-Devices

Seminar

The talk and essay has to be done in English. Each participant will take one or more papers under a specific topic. Participants are responsible for a peer review, including:

  • Attend peer's presentation dry run and give feedback.
  • Review peer's essay before submission.
  • Participate by asking questions, contributing to the discussion.

Notes

Please submit the essay as well as your presentation slides. The requirements for presentation and essay are listed as follows:

  • Presentation and essay in English.
  • Programming assignment.
  • Presentation time about 25 minutes.
  • Essay should comprise about 4 pages.

Each participant is supposed to do further research based on the paper. The supervisors are always glad to help in this case.

The strength of the university depends on academic and personal integrity. In this seminar, essays must be done in your own words. Plagiarism is an offense against the examination regulations.

Templates

The LaTeX template for seminar essay can be found here.

Additional considerations for the design of the essay can be found on the website of IBR.

LaTeX templates for presentation slides can be found here.

Additional considerations for the design can be found on the website of IBR.

Material

The material is only available to registered attendees. In order to register, you need either an IBR POSIX account or a self-activated IBR-y-account. Afterwards you can login to this site.
Chapter
Slides
Exercises
1. Kick-off
pdfpdfpdf
2. Deadlines
pdfpdfpdf
3. Organization and academic research
pdfpdfpdf
4. Intel SGX Overview
pdfpdfpdf
5. RDMA Overview
pdfpdfpdf
6. Sealing, Rollback and forking attacks
pdfpdfpdf
Schedule
[ Subscribe Calendar | Download Calendar ]
22.04.2022, 11:00
Kick-Off Meeting (BBB)
29.04.2022, 11:00
Academic Writing (BBB)
03.06.2022, 11:00
Intel SGX Background (BBB)
03.06.2022, 11:00
RDMA (BBB)
References Template:
  • Essay Review Template

On World-Wide-Web, there are different ways to enhance your seminar presentations:

  • How to Read a Paper, S. Keshav, University of Waterloo
  • How to Give a Talk, Paul N. Edwards, School of Information, University of Michigan
  • How to Give a Good Presentation

For the literature review there links might be helpful:

  • ACM Digital Library
  • IEEE Xplore
  • Network Bibliography
  • Citeseer (Research Index) citation index
  • Google Scholar

(La)TeX Tips + Tricks


last changed 2022-05-10, 11:21 by Ines Messadi

For All Visitors

Vacancies of TU Braunschweig
Career Service' Job Exchange 
Merchandising

For Students

Term Dates
Courses
Degree Programmes
Information for Freshman
TUCard

Internal Tools

Glossary (GER-EN)
Change your Personal Data

Contact

Technische Universität Braunschweig
Universitätsplatz 2
38106 Braunschweig

P. O. Box: 38092 Braunschweig
GERMANY

Phone: +49 (0) 531 391-0

Getting here

© Technische Universität Braunschweig
ImprintPrivacyAccessibility