| Carl Friedrich Gauß Faculty | Department of Computer Science

Operating System Security

Semester

Winter 2020/2021

Winter 2019/2020 Winter 2018/2019

Module #

INF-IBR-07

Programme

Master Informatik

IBR Group

DS (Prof. Kapitza)

Type

Vorlesung/Übung

Lecturer

Prof. Dr. Rüdiger Kapitza
Abteilungsleiter
rrkapitz[[at]]ibr.cs.tu-bs.de
+49 531 3913294
Room 135

Assistant

Mohammad Mahhouk
Wissenschaftlicher Mitarbeiter
mahhouk[[at]]ibr.cs.tu-bs.de
+49 531 3913245
Room 133

Hiwi

Lennart Almstedt
Hiwi
almstedt[[at]]ibr.cs.tu-bs.de

Credits

Hours

2+2

Time & Place

Due to Corona virus and the current circumstances, the lecture and
the lab tutorial in the winter semester 20/21 will be held online!
The time slots of the lecture, exercise and lab tutorial stay the same. The registration to this course is done on this website as usual.

Lecture (weekly): Mondays, 13:15 - 14:45, Room 161, BBB
Exercise lecture (Tafelübung, irregular): Wednesdays, 15:00 - 16:30, Room 161, BBB
Rechnerübungen (weekly):
- Tuesdays, 13:15 - 14:45 (Mattermost, BBB)
- Fridays, 15:00 - 16:30 (Mattermost, BBB)
Exceptions:
- Exercise lecture is irregular, please see the calender below for the dates
- There will be no lecture on 07.12.2020, 21.12.2020-10.01.2021
- On 11.01.2021 and 13.01.2021 the lecture and the exercise slots will be switched
- Due to unexpected time conflicts there will be no lecture on 13.01.2021

Lecture and exercise details

Please login in order to see more details!

Please share the given links only with people that are also attending or registered to this course!
The lecture and the exercise are based on the following tools:

Lecture and exercise

The lecture and exercise will take place at the aforementioned timeslots in the IBR's BBB instance.

The BBB's link to the lecture/exercise: Please login to get more information here.

Homework submission

The homework control will also take place online in a separate BBB instance:

Homework control BBB link: Please login to get more information here.

Lab tutorial

The optional lab tutorial will take place in the above mentioned timeslots also in BBB. There will be a Mattermost channel where students as well as HiWis are gathered. You can freely use this channel to communicate with your colleagues and also ask your question related to this course and the homework.
In the tutorial timeslot, you can inform the HiWi to switch to BBB instance (same link as the Homework control BBB instance) in case you want to share the screen to explain a specific issue with the homework.

Hinweis: Discord or any propietary communication programs are not allowed to be used for Homework control

Oral Exam

The dates for the exam will be announced soon. For registration, please contact the secretary Antje Lemke.

Start

The first lecture starts on wednesday 28.10.2020 in the exercise time slot. Otherwise, as regular on mondays.
The first exercise lecture starts on wednesday 04.11.2020.
The first lab (Rechnerübungen) starts on 06.11.2020.

Attendees

Students of computer science

Prerequisites

none

Certificates

Passed oral or written exam as well as sucessfull participation during the exercises.

Registration

Die Anmeldefrist ist abgelaufen.

Please login to get more information here as a mitarb member.

Content

Material zur Vorlesung

The material is only available to registered attendees. In order to register, you need either an IBR POSIX account or a self-activated IBR-y-account. Afterwards you can login to this site.

[ Podcast | Podcast aller Formate | Newsfeed aller Formate ]

Chapter

Slides

BBB

Exercises

1. Introduction and Overview

2. Threats and Security Principles

3. Multics

4. LSM

5. Integrity

6. SELinux

7. SGX

8. Security Kernels

9. VMM

Material zur Übung

The material is only available to registered attendees. In order to register, you need either an IBR POSIX account or a self-activated IBR-y-account. Afterwards you can login to this site.

[ Podcast | Podcast aller Formate | Newsfeed aller Formate ]

Chapter

Slides

Exercises

Paper Analysis 01

1. Organisation and Intro to Namespaces

Paper Analysis 02

Paper Analysis 03

2. Securing Containers

Paper Analysis 04

3. SGX

Paper Analysis 05

Paper Analysis 06

Lecture

Operating system security mechanisms: protection and access control
Virtualization and container mechanisms
Micro kernel architecture
Trusted computing
Secure co-processors (i.e. trusted platform module (TPM))
Modal execution (i.e. ARM TrustZone)
Trusted execution on commodity platforms (i.e. SGX and SEV)

Based on the Book Operating System Security by Trent Jaeger.

T. Jaeger: Operating System Security, G - Reference, Information and Interdisciplinary Subjects Series, Morgan & Claypool Publishers, 2008 (jaeger2008operating, BibTeX)

Übung

Bei Fragen zu den Übungen kontaktiert bitte Mohammad oder Rüdiger.

Schedule

Date	Description
[ Subscribe Calendar \| Download Calendar ]
28.10.2020, 15:00	Lecture (in exercise lecture time slot) (BBB)
02.11.2020, 13:15	Lecture (BBB)
04.11.2020, 15:00	Exercise lecture (BBB)
09.11.2020, 13:15	Lecture (BBB)
16.11.2020, 13:15	Lecture (BBB)
23.11.2020, 13:15	Lecture (BBB)
30.11.2020, 13:15	Lecture (BBB)
01.12.2020, 13:15	Presentations first exercise (BBB)
02.12.2020, 15:00	Exercise lecture (BBB)
04.12.2020, 15:00	Presentations first exercise (BBB)
14.12.2020, 13:15	Lecture (BBB)
11.01.2021, 13:15	Exercise lecture (BBB)
12.01.2021, 13:15	Presentations second exercise (BBB)
13.01.2021, 15:00	Lecture (canceled) (BBB)
15.01.2021, 15:00	Presentations second exercise (BBB)
18.01.2021, 13:15	Lecture (BBB)
25.01.2021, 13:15	Lecture (BBB)
01.02.2021, 13:15	Lecture (BBB)
08.02.2021, 13:15	Lecture (BBB)
09.02.2021, 13:15	Presentations third exercise (BBB)
12.02.2021, 15:00	Presentations third exercise (BBB)

References

Auf Dokumente der ACM Digital Library (http://dl.acm.org/) kann nur aus dem Netz der TU Braunschweig zugegriffen werden.

Intel SGX Programming Reference
Intel SGX SDK Developer Reference
AMD SME Whitepaper
Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, André Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Daniel O'Keeffe, Mark L Stillwell, David Goltzsche, Dave Eyers, Rüdiger Kapitza, Peter Pietzuch and Christof Fetzer: SCONE: Secure Linux Containers with Intel SGX, in 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI), Savannah, GA, USA, USENIX, January 2016 (arnautov2016scone, BibTeX, Slides)
Nico Weichbrodt, Anil Kurmus, Peter Pietzuch and Rüdiger Kapitza: AsyncShock: Exploiting Synchronisation Bugs in Intel SGX Enclaves, in Proceedings of the 21st European Symposium on Research in Computer Security (ESORICS 2016), 2016 (weichbr16esorics, BibTeX)
David Goltzsche, Signe Rüsch, Manuel Nieke, Sébastien Vaucher, Nico Weichbrodt, Valerio Schiavoni, Pierre-Louis Aublin, Paolo Costa, Christof Fetzer, Pascal Felber, Peter Pietzuch and Rüdiger Kapitza: EndBox: Scalable Middlebox Functions Using Client-Side Trusted Execution, in Proceedings of the 48th International Conference on Dependable Systems and Networks, DSN'18, 2018 (goltzsche2018endbox, DOI, BibTeX, Slides)

last changed 2021-01-12, 17:30 (dynamic content) by Prof. Dr. Rüdiger Kapitza