SEMINAR: SECURE SYSTEMS ENGINEERING Introduction October 20, 2016
OUTLINE 1. Basic Requirements 2. Preliminary Dates 3. Seminar Guidelines 4. Presentation of the Topics
Basic Requirements Completion of a seminar thesis in English 20 pages written in LaTeX We provided a template Design and run a presentation Presentation is 30 min, to be held in a block seminar 20 min for the contents 10 min for discussion Reviews Internal peer-review by students also by supervisor
Preliminary Dates Thu, 20.10., 4:00 p.m.: Topic presentation Thu, 27.10., 11:00 a.m.: Seminar guidelines & introduction to scientific working The following dates have their deadline 23:59 MEZ: Thu, 24.11.: Outline and literature references (student) Thu, 15.12.: Seminar thesis for review (student) Fr, 16.12.: Assignment of peer reviews (supervisors) Fr, 23.12.: Completed peer-review (student) Su, 15.01.: Presentation for supervisor feedback (student) Su, 22.01.: Supervisor feedback: presentation (supervisors) Su, 12.02.: Camera-ready version of thesis (student) Su, 26.02.: Supervisor feedback: thesis (supervisors) Su, 12.03.: Final hand-in of thesis (student) Presentations (block seminar): 30.01.-03.02.2016
Seminar Guidelines Thursday, 27.10., 11:00 a.m. in ZM1.02-48 Presentation of seminar guidelines and rules Introduction into scientific working Participation is mandatory Topic Selection Doodle poll Choose exactly three topics Each topic will be drawn from all applicants Poll will be opened today at 6 p.m. and will be closed on Monday, October 24 th at 4 p.m. You will be informed via e-mail which topic you are assigned Please confirm this mail until Tuesday, October 25 th at 6 p.m.
OUTLINE 1. Basic Requirements 2. Preliminary Dates 3. Seminar Guidelines 4. Presentation of the Topics
Model-driven Security for Embedded Systems Supervisor: Johannes Geismann 1 When designing safe and secure embedded systems not only software but also hardware has to be considered Model-driven approaches are used to assist designers and developers in early development steps SysML-Sec is a method for this task Your task: Give a comprehensive overview Which threats / attacks are considered? Which viewpoints are covered? What are the assumptions/limitations made in this approach? Compare to related approaches Ludovic Apvrille, Yves Roudier, "SysML-Sec: A Model-Driven Environment for Developing Secure Embedded Systems", Proceedings of the 8th conference on the security of network architecture and information systems (SARSSI'2013), Mont de Marsan, France, 16-18 sept. 2013 Ludovic Apvrille, Yves Roudier, "SysML-Sec: A Model Driven Approach for Designing Safe and Secure Systems", Special session on Security and Privacy in Model Based Engineering, 3rd International Conference on Model-Driven Engineering and Software Development (Modelsward), Angers, France, Feb. 2015 7 Software Engineering
Modelling of Cryptographic Algorithms Stefan Krüger 2 In Summary: Candidates Task: Compare two modelling languages in terms of their suitability for cryptography One student: Comparison based on papers Two students: Papers + Creating a model of subdomain in both languages Supervisor: Stefan Krüger stefan.krueger@upb.de [Boucher et al., Introducing TVL, a Textbased Feature Modelling Language, VaMos 2010] [Nadi et al., Variability Modeling of Cryptographic Components (Clafer Experience Report), VaMos 2016] [Bak et al., Unifying Class and Feature Modelling, SoSyM 2014]
Architecture-based Intrusion Detection David Schubert 3 UserClient Database Code typically has flaws that can be exploited Finding all these flaws manually or by automated analyses is hard and expensive A second line of defense are runtime approaches that monitor the running system and aim at detecting intrusions (deviations from normal system behavior) These approaches are categorized by their information source Literature: Yuan, Eric, and Malek, Sam. "Mining Software Component Interactions to Detect Security Threats at the Architectural Level." DOI 10.1109/WICSA.2016.12 Lazarevic, Aleksandar, Vipin Kumar, and Jaideep Srivastava. "Intrusion detection: A survey." DOI 10.1007/0-387-24230-9_2 Your Task: 1. Recap the approach by Yuan and Malek 2. Emphazise the (dis)advantages compared to classical host and network-based intrusion detection 9 Software Engineering
Secure Isolation of Native Code for Java Andreas Dann adann@mail.upb.de General Risk: Java, Python, C#, JS, etc. Security Risk: Malicious/Buggy 4 Real-Problem: Web-Server, Android, Plugins Java Application 3 rd Party Library Outside of Language Security Solution: SFI, Process, Approaches: Robusta, Siefers J. et al., 2010 DOI: 10.1145/1866307.1866331 JVM-Portable Sandboxing, Sun, M., 2012 DOI: 10.1007/978-3-642-33167-1_48 JNICodejail, Hassanshai B., 2013 DOI: 10.1145/2500828.2500848 Your Task: Compare Approaches What is the concept? What threats are mitigated? What are drawbacks? Your Conclusion? 10 Software Engineering
Static Analysis using LLVM Supervisor: Philipp Schubert (Philipp.Schubert@upb.de) 5 Static analyses can be used for automated bug detection and code optimization Static analysis builds on compiler infrastructure and vice versa Your task Familiarize yourself with the powerful compiler technology LLVM (C/C++ based) Give an overview on LLVMs capabilities What is the concept? What are the benefits? What are the drawbacks? What are the characteristics of the used IR? Compare the LLVM project to related approaches Two students: comprehensive comparison with Graal & Truffle project Learning outcomes Understand basic concepts of compiler technology & static analysis Gain deeper understanding of how programming languages are processed Chris Lattner and Vikram Adve. 2004. LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation. In Proceedings of the international symposium on Code generation and optimization: feedback-directed and runtime optimization (CGO '04). IEEE Computer Society, Washington, DC, USA, 75-. 11 Software Engineering
Graal & Truffle Compiler Technology Supervisor: Philipp Schubert (Philipp.Schubert@upb.de) 6 Static analyses can be used for automated bug detection and code optimization Several compiler projects exist (specific advantages / disadvantages) Your task Familiarize yourself with the Graal & Truffle project (Java based) What is the concept of Graal & Truffle? What are the benefits? What are the drawbacks? What are the characteristics of the used IR? Compare the Graal project to related approaches Two students: comprehensive comparison with the LLVM project Learning outcomes Understand basic concepts of compiler technology & static analysis Gain deeper understanding of how programming languages work https://github.com/graalvm/graal-core/blob/master/docs/publications.md 12 Software Engineering
Security Risks in Android s Inter-App Communication Supervisor: Goran Piskachev 7 Android Apps can exchange messages to make a re-use of some functionalities provided by components in other applications For example, a review app for restaurants can ask the map application to display the location of the restaurant Problem: The Android passing message system which enables the Inter-App communication may be attacked if it is used incorrectly. The messages can be sniffed, modified, or stolen. Approach: Analysis of Android applications and automatic detection of known vulnerabilities related to the Inter-App communication Your task: Give an overview and classification of attacks to the Inter-App communication Evaluate at least two analysis tools using your classification Literature: Erika Chin, Adrienne Porter Felt, Kate Greenwood, and David Wagner. 2011. Analyzing inter-application communication in Android. In Proceedings of the 9th international conference on Mobile systems, applications, and services (MobiSys '11). ACM, New York, NY, USA, 239-252 Damien Octeau, Patrick McDaniel, Somesh Jha, Alexandre Bartel, Eric Bodden, Jacques Klein, and Yves Le Traon. 2013. Effective inter-component communication mapping in Android with Epicc: an essential step towards holistic security analysis. In Proceedings of the 22nd USENIX conference on Security (SEC'13). USENIX Association, Berkeley, CA, USA, 543-558.
Surveying Requirements Specification Approaches for Information Flow Security Supervisor: Christopher Gerking 8 Secure Information Flow of Cyber-Physical Systems (CPS) is critical Problem: How to specify Information Flow Requirements? Your Task: review existing Approaches for Security Requirements Specification, asses their Applicability in the Context of Information Flow Security for CPS Literature Fabian, B., Gürses, S., Heisel, M., Santen, T., Schmidt, H.: A comparison of security requirements engineering methods. Requirements Engineering 15(1), 7 40 (2010) Meland, P.H., Tøndel, I.A., Jaatun, M.G.: Security requirements for the rest of us: A survey. IEEE Software 25(1), 20 27 (2008) Mellado, D., Blanco, C., Sánchez, L.E., Fernández-Medina, E.: A systematic review of security requirements engineering. Computer Standards Interfaces 32(4), 153 165 (2010) 14 Software Engineering
Relaxing Information Flow Restrictions by means of Information Declassification Supervisor: Christopher Gerking 9 Classical Noninterference Policy too strict in Practice Problem: How to relax Information Flow Restrictions? Your Task: study the Theory of Noninterference, give an Overview of existing Approaches for Declassification, demonstrate Advantages and Shortcomings in the context of CPS Literature Goguen, J.A., Meseguer, J.: Security policies and security models. In: 1982 IEEE Symposium on Security and Privacy. pp. 11 20. IEEE Computer Society (1982) Zdancewic, S.: Challenges for information-flow security. In: Workshop on the Programming Language Interference and Dependence (PLID 04) (2004) Sabelfeld, A., Sands, D.: Declassification: Dimensions and principles. Journal of Computer Security 17(5), 517 548 (2009) 15 Software Engineering
A Survey of Static Code Analysis techniques for PLC Programs Supervisor: Faezeh Ghassemi Static code analysis (SCA) is analyzing the code without executing it 10 There are plenty of SCA tools and techniques for languages like Java and C Not many tools/ approaches for PLC programming languages Your task Make a survey of existing static analysis tools and methods for PLC programming languages and explain their capabilities as well as advantages and disadvantages Literature H. Prahofer; F. Angerer; R. Ramler; F. Grillenberger, "Static Code Analysis of IEC 61131-3 Programs: Comprehensive Tool Support and Experiences from Large-Scale Industrial Application," in IEEE Transactions on Industrial Informatics, vol.pp, no.99, pp.1-1 doi: 10.1109/TII.2016.2604760 S. Stattelmann, S. Biallas, B. Schlich and S. Kowalewski, "Applying static code analysis on industrial controller code," Proceedings of the 2014 IEEE Emerging Technology and Factory Automation (ETFA), Barcelona, 2014, pp. 1-4. doi: 10.1109/ETFA.2014.7005254 faezeh.ghassemi@iem.fraunhofer.de
SECURE TROPOS Integrating Security and Systems Engineering Supervisor: Thorsten Koch 11 Problem Security is a crucial issue for information systems. However, in Software Engineering security is mainly considered as non-function requirements after the definition of the systems. This approach often leads to problems, which translate to security vulnerabilities. Approach The methodology Secure Tropos is proposed to model and analyze security requirements alongside functional requirements. It provides a requirements analysis process that drives system designers from the acquisition of requirements up to their verification to consider security during the whole development process. Your Task Describe the methodology Secure Tropos Especially focus on the possibilities to analyze the specified security requirements Literature Mouratidis, H.; Giorgini, P.; Manson, G.: Integrating Security and Systems engineering: Towards the Modelling of Secure Information Systems in CAiSE 2003 [http://dx.doi.org/10.1007/3-540-45017-3_7] [http://www.troposproject.org/node/301]
Topic Selection Doodle poll Choose exactly three topics Each topic will be drawn from all applicants Poll will be opened today at 6 p.m. and will be closed on Monday, October 24 th at 4 p.m. Write a mail if you would like to work in a group Names of both students Topic number Important: Both students have to mark this topic in the doodle poll! You will be informed via e-mail which topic you are assigned Please confirm this mail until Tuesday, October 25 th at 6 p.m.