Prof. Dr.-Ing. Volker Roth
In this seminar, students perform literature research and practical exploration of computer security related topics. This is a so-called "Blockseminar" i.e., the students research their assigned topics independently throughout the semester. At the end of the semester, all seminar participants assemble for a day of seminar presentations. Details on the seminar topics and dates are given below.
Lectures:
Final presentations (expected)
Students are expected to:
Students will be graded on their preparedness for discussion, their presentations and their seminar report. The report must be typeset in LaTeX. Both the LaTeX source and the PDF generated from it must be submitted as a TAR or ZIP archive.
The seminar report must contain references to all the articles that were used. Each literature entry must include a brief and concise summary of the article's contribution and the contribution's benefits. Please use the BibTex "note" field for this purpose.
All seminar participants must perform a thorough search for scientific literature on their chosen topics. At least the following sources must be searched for relevant literature:
It is imperative that students follow literature references backwards (to identify seminal and foundational papers on their subject i.e., the first ones to report results on the topic under consideration) and forward (using the cited-by features of digital libraries, or Web searches for the current paper's title) to identify the most recent work on the topic under consideration.
Note that newsticker articles or Wikipedia articles do not count as scientific literature.
ARM produces a variety of processors and Systems on a Chip (SoC) that are used in popular mobile devices. Some of its processors support a security architecture that ARM calls ARM TrustZone. This architecture is designed to support enforcing separations between software and hardware components.
A student who chooses this topic should have the objective to learn about ARM's TrustZone in depth and to share his or her insights with the other seminar participants. An actual development board is available to a student who would like to get his or her hands dirty and who has prior experience with embedded systems. Note that is a great opportuntity to play with a unique 10K Euro hardware, and no, you can't keep it.
This topic is highly suitable as a foundation for interesting, timely and relevant Bachelor and Master theses.
Students who choose this topic should have the goal to understand the Android security model in depth, to explain it to the other participants of the seminar, and to compare it with classic security models. In particular, students should elaborate on which ideas have inspired the various aspects of Android's security model and for what reason. Students should also look at recent security vulnerabilities in Android phones and pinpoint where the implementation of the security model has failed. Lastly, students should develop and idea or a concept of how the security model of Android could be improved or extended. In particular, since programmers must define a sets of privileges that their applications request upon installation, students should investigate the possibility to apply the Take-Grant Protection Model known from the lectures to the Android security model. In other words, students should explore the possibility of obtaining provable safety guarantees i.e., can the safety question (from a rights propagation perspective) be decided for Android applications?
Students who choose this topic should perform a thorough investigation of how programming language constructs are secured using information flow controls i.e.,
and what the limitations are. The focus should be on execution based information flow control with variable security classes. However, students should point out cases that can be handled by static analysis well and point out the type of analysis the compiler must make. A good overview can be obtained from this article. The publications of Andrei Sabelfeld are a good place to start.
Students choosing this topic should perform a thorough investigation of tools and techniques for the static and dynamic analysis of program binaries. One use of these tools and techniques is the analysis of computer malware and reverse engineering in general. A good starting point for a literature search are the BitBlaze papers found here.
This meeting serves as an introduction to the seminar.
Topics will be discussed and/or assignment in the course of this meeting. Update: The meeting will start 45 Minutes late i.e., at 14:45h ct. We will talk about the first three topics to see whether there are any takers already. Otherwise, we will meet again in December to finish the topic selection process.
Due to the unexpectedly long break we will have another meeting today to finalize the topic assignments.