|Titel:||Ausgewählte Themen in Verteilten Systemen|
|Englischer Titel:||Selected Topics in Distributed Systems|
|Kürzel / Nr. / Modulnr.:||ATVS / CS5900.113 / 72041|
|SWS / LP:||2S / 4LP|
|Dozent:||Prof. Dr. Frank Kargl, Prof. Dr.-Ing. Franz J. Hauck|
|Betreuer:||Ala'a Al-Momani, Leonard Bradatsch, Eugen Frasch, Alexander Heß, Dominik Mauksch, Dominik Meißner, Michael Wolf, Migena Ymeraj, Externe|
Räume und Daten siehe Moodlekurs.
|Lernplattform:||Kursmaterialien finden Sie im Moodle-Kurs. Sie werden dem Kurs automatisch hinzugefügt, sobald Sie eines unserer Seminare besuchen.|
|Themenvergabe:||Bitte Beachten: Die zentrale Themenvergabe erfolgt immer bereits gegen Ende des vorherigen Semesters über die zentrale Seminarthemen-Vergabe-Plattform im Moodle ("Anmeldung zur Verteilung der Seminare im kommenden Sommer-/ Wintersemester").|
|Sprache:||Alle Themen können in deutscher oder englischer Sprache bearbeitet werden, sofern nicht anders angegeben.|
• free (20) ✘ assigned
• Your own topic – English only
You have the possibility until the beginning of the semester to come up with your own topic and find a supervisor who is willing to mentor more students.
• Differential privacy – English only
Statistics about user data are used heavily for improving services, performing marketing studies, and many other purposes. The acquisition and processing of potentially sensitive information poses serious privacy threats to individuals participating in, e.g., surveys. Such information might include birthdate, gender, religion, and nationality, from which identifying an individual becomes a trivial task. Moreover, inferring more sensitive information about a specific individual becomes also possible. To solve issue, many service providers, e.g., Apple and Google, started using the so-called “Differential Privacy” to preserve their users’ privacy.
• Location privacy – English only
Location-based services (LBSs) have become an essential part of our daily lives. In such services, users offer their (precise) locations to service providers in return of benefiting from the service. However, offering location data to service providers put users' privacy at huge risk. Often these locations are associated with points of interest (POIs) of the users. Therefore, service providers are able to infer users' private behavior by knowing these POIs with a relatively high degree of certainty. For this reason, the adoption and deployment of location privacy protection mechanisms (LPPMs) are essential to protect users' privacy.
• Network Security Breaches – English only
The goal of this seminar is the outlining of popular network security breaches (2-3 examples). Subsequently, state-of-the-art protection or detection approaches against these presented breaches should be explained.
• First Packet Authentication – English only
All three of the above stated techniques describe an authentication process that starts with the very first packet a client sends to an network entry node when entering a network or accesing a service. This kind of authentication can be performed without having the communication parties any messages exchanged before the authentication happened.
• Accelerating Techniques for 3D Ray Tracing – English only
Although 3D ray tracing was already used in the 70s to render simple animations, it got popular due to the gaming industry the past 10 years.
• The Elixir Programming Language – English only
Elixir is a functional and concurrent programming languague for developing highly scalable and reliable applications.
• State Machine Replication in the Libra Blockchain – English only
In 2021, Facebook wants to start a cryptocurrency called Diem, former Libra. This topic is supposed to summarise the underlying blockchain operations and present details in the seminar report and presentation. Starting from a given article the student should investigate how the blockchain works. As it has a closed group of participants, a technique called state-machine replication is used. Here all participants have to agree how to build the next block of the blockchain. The agreement protocol will be one aspect of this topic.
• Evolution of the Paxos Algorithm – English only
The Paxos algorithm enables a group of nodes to agree on a single value, even if the network communication or individual nodes temporarily drop out. While the original algorithm was layed out multiple decades ago, several modified and extended versions have been proposed over the years.
• The Hyperledger Project – English only
Hyperledger is an open-source project that comprises a set of tools and frameworks for building open-source blockchains.
• Secure over-the-air updates for vehicles – English only
Modern vehicles have become complex software products that need to be maintained for several decades in order to ensure their safe operation on the road. Typically, software is updated much more frequently than a car is taken to the shop for maintainance and therefore other ways to deploy software updates need to be considered. Over-the-air updates allow quick and cheap deployment of new or updated software to a large vehicle fleet, but security aspects need to be considered very carefully for obvious reasons.
• Securing CAN bus – English only
Controller Area Network (CAN) – despite its age and bandwith limitations – is still a widely used bus standard to distribute safety-critical signals in modern vehicles. Research has shown that CAN does not have sufficient security measures to ensure basic security goals and therefore can be used by attackers to compromise the safety of a car and its passengers.
• State of the Art of Web Application Security – English only
The field of web applications is constantly and rapidly evolving, but so are attacks targeting them. For this reason the World Wide Web Consortium (W3C) assembled a working group to develop technical and policy mechanisms to improve the security for applications on the Web. In recent years, this Web Application Security Group proposed various drafts for mechanisms of which some have been refined into W3C recommendations and are now implemented in all major browsers (such as CSP and SRI). The establishment of Let's Encrypt laid the ground stone of a widespread adoption of TLS, which was further refined in TLS 1.3 and supplemented by new technologies, such as certificate transparency (CT).
• DevOps Monitoring using Grafana and Prometheus – English only
An important aspect of modern continuous delivery lifecycles is the constant monitoring of deployed applications.
• Password Managers – English only
In the current time, users have multiple accounts on different platforms. To abide security guidelines, they should have a different password for each account resulting in a many passwords to remember. Password managers help with this task by storing this sensitive information in an encrypted database, protected by a master password. However, once in a while security issues about password managers make the news.
• Secure Multi-Party Computation – English only
The goal of Secure Multi-Party Computation (MPC) is to enable parties to work together without ever knowing one another's confidential information. It plays an important role in solving security and privacy issues and there are many examples of where it can be helpful.
• Distributed Machine Learning – English only
Due to the poor scalability and efficiency of learning algorithms, Machine Learning cannot handle large-scale data. This issue gave rise to Distributed Machine Learning. Even though it is a promising line of research, it still faces a lot of challenges.
• Containerization Technologies – English only
Kubernetes, Docker Swarm, Openshift, Portainer, Apache Mesos and others are in everyones mind. They've been made to revolutionize how to separate several applications and software stacks from each other. But did you ever had a look at the underlying technologies?
• State of the Art in Attacking Hash Functions – English only
Hash functions such as MD5 or SHA1/2/3 are usually employed to ensure the integrity of a file by computing a fingerprint of the data. Common applications include white/blacklists, signatures, as well as data bases for forensic analysis.
Henning Kopp (Schutzwerk GmbH)
• Padding Oracles – English only
Block ciphers only work on inputs that are a multiple of the cipher’s block length in commonly used modes such as CBC. As data usually comes in arbitrary lengths, inputs to these algorithms need to be extended (padded) to a multiple of the block length. This seemingly simple problem lead to quite huge cryptographic problems. Depending on the scenario, it is even possible that an attacker is able to completely decrypt the ciphertext or encrypt data of their choosing.
Martin Lang (BMW Car IT)
• Secure In-Car Communication – English only
Modern cars contain an abundance of different ECUs controlling different aspects of the car's functionality. Along with an ever rising number of sensors and actuators, more and more control of the car is handed over to digital equipment. The rising complexity of these systems also leads to an increasingly large attack surface. Assuring the integrity and authenticity of in-car communication is therefore critical for the safety of driver, passengers, and other road users.
Thomas Lukaseder (Escrypt)
Sorted by Topics
Beschreibung und allgemeine Angaben, Modulbeschreibung
|Lehr- und Lernformen: Ausgewählte Themen in Verteilten Systemen, 2S, 4LP|
|Modulkoordinator: Prof. Dr. Frank Kargl|
|Turnus / Dauer: jedes Semester / ein volles Semester|
|Voraussetzungen (inhaltlich): Grundlagen der Rechnernetze, Proseminar|
|Voraussetzungen (formal): -|
|Grundlage für (inhaltlich): -|