seminar: secure systems engineering · pdf filepresentation is 30 min, to be held in a block...
TRANSCRIPT
OUTLINE
1. Basic Requirements
2. Preliminary Dates
3. Seminar Guidelines
4. Presentation of the Topics
Basic Requirements
Completion of a seminar thesis in English
20 pages written in LaTeX
We provided a template
Design and run a presentation
Presentation is 30 min, to be held in a block seminar
20 min for the contents
10 min for discussion
Reviews
Internal peer-review by students
also by supervisor
Thu, 20.10., 4:00 p.m.: Topic presentation
Thu, 27.10., 11:00 a.m.: Seminar guidelines & introduction to scientific working
The following dates have their deadline 23:59 MEZ:
Thu, 24.11.: Outline and literature references (student)
Thu, 15.12.: Seminar thesis for review (student)
Fr, 16.12.: Assignment of peer reviews (supervisors)
Fr, 23.12.: Completed peer-review (student)
Su, 15.01.: Presentation for supervisor feedback (student)
Su, 22.01.: Supervisor feedback: presentation (supervisors)
Su, 12.02.: Camera-ready version of thesis (student)
Su, 26.02.: Supervisor feedback: thesis (supervisors)
Su, 12.03.: Final hand-in of thesis (student)
Presentations (block seminar): 30.01.-03.02.2016
Preliminary Dates
Seminar Guidelines
Thursday, 27.10., 11:00 a.m. in ZM1.02-48
Presentation of seminar guidelines and rules
Introduction into scientific working
Participation is mandatory
Topic Selection
Doodle poll
Choose exactly three topics
Each topic will be drawn from all applicants
Poll will be opened today at 6 p.m. and will be closed on Monday,
October 24th at 4 p.m.
You will be informed via e-mail which topic you are assigned
Please confirm this mail until Tuesday, October 25th at 6 p.m.
OUTLINE
1. Basic Requirements
2. Preliminary Dates
3. Seminar Guidelines
4. Presentation of the Topics
Model-driven Security for Embedded SystemsSupervisor: Johannes Geismann
7
When designing safe and secure embedded systems not only software but also
hardware has to be considered
Model-driven approaches are used to assist designers and developers in early
development steps
SysML-Sec is a method for this task
Your task:
Give a comprehensive overview
Which threats / attacks are considered?
Which viewpoints are covered?
What are the assumptions/limitations made in this approach?
Compare to related approaches
Software Engineering
Ludovic Apvrille, Yves Roudier, "SysML-Sec: A Model-Driven Environment for Developing Secure Embedded Systems", Proceedings of the 8th conference
on the security of network architecture and information systems (SARSSI'2013), Mont de Marsan, France, 16-18 sept. 2013
Ludovic Apvrille, Yves Roudier, "SysML-Sec: A Model Driven Approach for Designing Safe and Secure Systems", Special session on Security and Privacy
in Model Based Engineering, 3rd International Conference on Model-Driven Engineering and Software Development (Modelsward), Angers, France, Feb.
2015
1
[Nadi et al., Variability Modeling of Cryptographic
Components (Clafer Experience Report), VaMos
2016]
[Boucher et al., Introducing TVL, a Text-
based
Feature Modelling Language, VaMos
2010]
[Bak et al., Unifying Class and
Feature Modelling, SoSyM
2014]
Candidates In Summary:
Task: Compare two modelling languages in terms of their suitability for
cryptography
One student: Comparison based on papers
Two students: Papers + Creating a model of subdomain in both languages
Supervisor: Stefan Krüger
2Modelling of Cryptographic AlgorithmsStefan Krüger
Architecture-based Intrusion DetectionDavid Schubert
9
Literature:
Yuan, Eric, and Malek, Sam. "Mining Software
Component Interactions to Detect Security Threats at the
Architectural Level." DOI 10.1109/WICSA.2016.12
Lazarevic, Aleksandar, Vipin Kumar, and Jaideep
Srivastava. "Intrusion detection: A survey." DOI
10.1007/0-387-24230-9_2
Software Engineering
Your Task:
1. Recap the approach by Yuan and Malek
2. Emphazise the (dis)advantages compared to
classical host and network-based intrusion detection
Code typically has flaws that can be exploited
Finding all these flaws manually or by automated analyses is hard and expensive
A second line of defense are runtime approaches that monitor the running system and aim at detecting intrusions (deviations from
normal system behavior)
These approaches are categorized by their information source
DatabaseUserClient
3
Secure Isolation of Native Code for JavaAndreas Dann [email protected]
10 Software Engineering
3rd Party
LibraryJava Application
Security Risk:
Malicious/Buggy
Outside of
Language Security
General Risk:
Java, Python, C#,
JS, etc.
Real-Problem:
Web-Server,
Android, Plugins…
Solution:
SFI, Process,…
Your Task: Compare Approaches
• What is the concept?
• What threats are mitigated?
• What are drawbacks?
• Your Conclusion?
Approaches:
• Robusta, Siefers J. et al., 2010
DOI: 10.1145/1866307.1866331
• JVM-Portable Sandboxing, Sun, M., 2012
DOI: 10.1007/978-3-642-33167-1_48
• JNICodejail, Hassanshai B., 2013
DOI: 10.1145/2500828.2500848
4
Static Analysis using LLVMSupervisor: Philipp Schubert ([email protected])
Software Engineering11
Static analyses can be used for automated bug detection and code optimization
Static analysis builds on compiler infrastructure and vice versa
Your task
Familiarize yourself with the powerful compiler technology LLVM (C/C++ based)
Give an overview on LLVMs capabilities
What is the concept? What are the benefits? What are the drawbacks?
What are the characteristics of the used IR?
Compare the LLVM project to related approaches
Two students: comprehensive comparison with Graal & Truffle project
Learning outcomes
Understand basic concepts of compiler technology & static analysis
Gain deeper understanding of how programming languages are processed
Chris Lattner and Vikram Adve. 2004. LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation. In Proceedings of the international symposium
on Code generation and optimization: feedback-directed and runtime optimization (CGO '04). IEEE Computer Society, Washington, DC, USA, 75-.
5
Graal & Truffle Compiler TechnologySupervisor: Philipp Schubert ([email protected])
Software Engineering12
Static analyses can be used for automated bug detection and code optimization
Several compiler projects exist (specific advantages / disadvantages)
Your task
Familiarize yourself with the Graal & Truffle project (Java based)
What is the concept of Graal & Truffle?
What are the benefits? What are the drawbacks?
What are the characteristics of the used IR?
Compare the Graal project to related approaches
Two students: comprehensive comparison with the LLVM project
Learning outcomes
Understand basic concepts of compiler technology & static analysis
Gain deeper understanding of how programming languages work
https://github.com/graalvm/graal-core/blob/master/docs/Publications.md
6
Android Apps can exchange messages to make a re-use of some functionalities provided by components in other applications
For example, a review app for restaurants can ask the map application to display the location of the restaurant
Problem: The Android passing message system which enables the Inter-App communication may be attacked if it is used incorrectly. The messages can be sniffed, modified, or stolen.
Approach: Analysis of Android applications and automatic detection of known vulnerabilities related to the Inter-App communication
Your task:
Give an overview and classification of attacks to the Inter-App communication
Evaluate at least two analysis tools using your classification
Security Risks in Android’s Inter-App Communication Supervisor: Goran Piskachev
Literature:
Erika Chin, Adrienne Porter Felt, Kate Greenwood, and David Wagner. 2011. Analyzing inter-application
communication in Android. In Proceedings of the 9th international conference on Mobile systems, applications, and
services (MobiSys '11). ACM, New York, NY, USA, 239-252
Damien Octeau, Patrick McDaniel, Somesh Jha, Alexandre Bartel, Eric Bodden, Jacques Klein, and Yves Le Traon.
2013. Effective inter-component communication mapping in Android with Epicc: an essential step towards holistic
security analysis. In Proceedings of the 22nd USENIX conference on Security (SEC'13). USENIX Association,
Berkeley, CA, USA, 543-558.
7
Surveying Requirements Specification Approaches
for Information Flow SecuritySupervisor: Christopher Gerking
Software Engineering14
Literature Fabian, B., Gürses, S., Heisel, M., Santen, T., Schmidt, H.: A comparison of security requirements
engineering methods. Requirements Engineering 15(1), 7–40 (2010)
Meland, P.H., Tøndel, I.A., Jaatun, M.G.: Security requirements for the rest of us: A survey. IEEE Software
25(1), 20–27 (2008)
Mellado, D., Blanco, C., Sánchez, L.E., Fernández-Medina, E.: A systematic review of security
requirements engineering. Computer Standards Interfaces 32(4), 153–165 (2010)
Secure Information Flow of Cyber-Physical Systems (CPS) is critical
Problem: How to specify Information Flow Requirements?
Your Task: review existing Approaches for Security Requirements Specification,
asses their Applicability in the Context of Information Flow Security for CPS
8
Relaxing Information Flow Restrictions
by means of Information DeclassificationSupervisor: Christopher Gerking
Software Engineering15
Literature Goguen, J.A., Meseguer, J.: Security policies and security models. In: 1982 IEEE Symposium on Security
and Privacy. pp. 11–20. IEEE Computer Society (1982)
Zdancewic, S.: Challenges for information-flow security. In: Workshop on the Programming Language
Interference and Dependence (PLID’04) (2004)
Sabelfeld, A., Sands, D.: Declassification: Dimensions and principles. Journal of Computer Security 17(5),
517–548 (2009)
Classical Noninterference Policy too strict in Practice
Problem: How to relax Information Flow Restrictions?
Your Task: study the Theory of Noninterference, give an Overview of existing Approaches
for Declassification, demonstrate Advantages and Shortcomings in the context of CPS
9
A Survey of Static Code Analysis techniques for PLC ProgramsSupervisor: Faezeh Ghassemi
Static code analysis (SCA) is analyzing the code without executing it
There are plenty of SCA tools and techniques for languages like Java and C
Not many tools/ approaches for PLC programming languages
Your task
Make a survey of existing static analysis tools and methods for PLC programming languages and
explain their capabilities as well as advantages and disadvantages
Literature
H. Prahofer; F. Angerer; R. Ramler; F. Grillenberger, "Static Code Analysis of
IEC 61131-3 Programs: Comprehensive Tool Support and Experiences from
Large-Scale Industrial Application," in IEEE Transactions on Industrial
Informatics , vol.PP, no.99, pp.1-1 doi: 10.1109/TII.2016.2604760
S. Stattelmann, S. Biallas, B. Schlich and S. Kowalewski, "Applying static
code analysis on industrial controller code," Proceedings of the 2014 IEEE
Emerging Technology and Factory Automation (ETFA), Barcelona, 2014, pp.
1-4. doi: 10.1109/ETFA.2014.7005254
10
SECURE TROPOS – Integrating Security and Systems
Engineering Supervisor: Thorsten Koch
Problem
Security is a crucial issue for information systems. However, in Software Engineering security is mainly considered as
non-function requirements after the definition of the systems. This approach often leads to problems, which translate to
security vulnerabilities.
Approach
The methodology Secure Tropos is proposed to model and analyze security requirements alongside functional
requirements. It provides a requirements analysis process that drives system designers from the acquisition of
requirements up to their verification to consider security during the whole development process.
Your Task
Describe the methodology Secure Tropos
Especially focus on the possibilities to analyze the specified security requirements
Literature
Mouratidis, H.; Giorgini, P.; Manson, G.: Integrating Security and Systems engineering: Towards the Modelling of
Secure Information Systems in CAiSE 2003 [http://dx.doi.org/10.1007/3-540-45017-3_7]
[http://www.troposproject.org/node/301]
11
Topic Selection
Doodle poll
Choose exactly three topics
Each topic will be drawn from all applicants
Poll will be opened today at 6 p.m. and will be closed on Monday,
October 24th at 4 p.m.
Write a mail if you would like to work in a “group”
Names of both students
Topic number
Important: Both students have to mark this topic in the doodle poll!
You will be informed via e-mail which topic you are assigned
Please confirm this mail until Tuesday, October 25th at 6 p.m.