Due to Corona virus and the current circumstances, the lecture and
the lab tutorial in the winter semester 20/21 will be held online!
The time slots of the lecture, exercise and lab tutorial stay the same. The registration to this course is done on this website as usual.

Lecture and exercise details

• BigBlueButton (BBB)
• Mattermost

Lecture and exercise

The lecture and exercise will take place at the aforementioned timeslots in the IBR's BBB instance.

The BBB's link to the lecture/exercise: Please login to get more information here.

Homework submission

The homework control will also take place online in a separate BBB instance:

Homework control BBB link: Please login to get more information here.

Lab tutorial

The optional lab tutorial will take place in the above mentioned timeslots also in BBB. There will be a Mattermost channel where students as well as HiWis are gathered. You can freely use this channel to communicate with your colleagues and also ask your question related to this course and the homework.
In the tutorial timeslot, you can inform the HiWi to switch to BBB instance (same link as the Homework control BBB instance) in case you want to share the screen to explain a specific issue with the homework.

Hinweis: Discord or any propietary communication programs are not allowed to be used for Homework control

Oral Exam

Material zur Vorlesung

The material is only available to registered attendees. In order to register, you need either an IBR account or a self-activated IBR-y-account. Afterwards you can login to this site (with the function at the top of this page).

[ Podcast | Podcast aller Formate | Newsfeed aller Formate ]
Chapter	Slides	BBB	Exercises
1. Introduction and Overview
2. Threats and Security Principles
3. Multics
4. LSM
5. Integrity
6. SELinux

Material zur Übung

The material is only available to registered attendees. In order to register, you need either an IBR account or a self-activated IBR-y-account. Afterwards you can login to this site (with the function at the top of this page).

[ Podcast | Podcast aller Formate | Newsfeed aller Formate ]
Chapter	Slides	Exercises
Paper Analysis 01
1. Organisation and Intro to Namespaces
Paper Analysis 02
Paper Analysis 03
2. Securing Containers

Lecture

• Operating system security mechanisms: protection and access control
• Virtualization and container mechanisms
• Micro kernel architecture
• Trusted computing
• Secure co-processors (i.e. trusted platform module (TPM))
• Modal execution (i.e. ARM TrustZone)
• Trusted execution on commodity platforms (i.e. SGX and SEV)

Based on the Book Operating System Security by Trent Jaeger.

• T. Jaeger: Operating System Security, G - Reference, Information and Interdisciplinary Subjects Series, Morgan & Claypool Publishers, 2008 (jaeger2008operating, BibTeX)

Übung

Bei Fragen zu den Übungen kontaktiert bitte Mohammad oder Rüdiger.

• Intel SGX Programming Reference
• Intel SGX SDK Developer Reference
• AMD SME Whitepaper
• Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, André Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Daniel O'Keeffe, Mark L Stillwell, David Goltzsche, Dave Eyers, Rüdiger Kapitza, Peter Pietzuch and Christof Fetzer: SCONE: Secure Linux Containers with Intel SGX, in 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI), Savannah, GA, USA, USENIX, January 2016 (arnautov2016scone, BibTeX, Slides)
• Nico Weichbrodt, Anil Kurmus, Peter Pietzuch and Rüdiger Kapitza: AsyncShock: Exploiting Synchronisation Bugs in Intel SGX Enclaves, in Proceedings of the 21st European Symposium on Research in Computer Security (ESORICS 2016), 2016 (weichbr16esorics, BibTeX)
• David Goltzsche, Signe Rüsch, Manuel Nieke, Sébastien Vaucher, Nico Weichbrodt, Valerio Schiavoni, Pierre-Louis Aublin, Paolo Costa, Christof Fetzer, Pascal Felber, Peter Pietzuch and Rüdiger Kapitza: EndBox: Scalable Middlebox Functions Using Client-Side Trusted Execution, in Proceedings of the 48th International Conference on Dependable Systems and Networks, DSN'18, 2018 (goltzsche2018endbox, DOI, BibTeX, Slides)