|Titel:||Ausgewählte Themen in Verteilten Systemen|
|Englischer Titel:||Selected Topics in Distributed Systems|
|Kürzel / Nr. / Modulnr.:||ATVS / CS5900.113 / 72041|
|SWS / LP:||2S / 4LP|
|Dozent:||Prof. Dr. Frank Kargl, Prof. Dr.-Ing. Franz J. Hauck|
|Betreuungspersonen:||Leonard Bradatsch, Gerhard Habiger, Alexander Heß, Dominik Meißner, Migena Ymeraj, Nataša Trkulja, Externe|
Räume und Daten siehe Moodlekurs.
|Lernplattform:||Kursmaterialien finden Sie im Moodle-Kurs. Sie werden dem Kurs automatisch hinzugefügt, sobald Sie eines unserer Seminare besuchen.|
|Themenvergabe:||Bitte Beachten: Die zentrale Themenvergabe erfolgt immer bereits gegen Ende des vorherigen Semesters über die zentrale Seminarthemen-Vergabe-Plattform im Moodle ("Anmeldung zur Verteilung der Seminare im kommenden Sommer-/ Wintersemester").|
|Sprache:||Alle Themen können in deutscher oder englischer Sprache bearbeitet werden, sofern nicht anders angegeben.|
AlphaFold and RoseTTa - Democratizing Microbiology through Software – English only
Proteins are one of the central building blocks of biological life on earth. They perform an unimaginably large collection of tasks within our bodies every nanosecond of our existence, while we breathe and think and write seminar papers for our curriculum. The basic structure and genesis of proteins seems very simple: Proteins are created by simpy linking together molecules from a set of 20 available building blocks (called amino acids), to form long chains of these building blocks. Governed by fundamental molecular forces acting between the links of the chains, they then fold up into complicated shapes to yield a working Protein and fulfil their designated function. Since the discovery of the mechanisms behind the creation of proteins, the prediction of the resulting shape of a protein when only given the input sequence of its building blocks, i.e., how a protein folds up after being created, has been one of the longest standing and hardest problems of computational biology.
Authentication in Web Applications – English only
Modern web application development encompasses a variety of approaches to implement authentication and session handling, ranging from traditional password-based authentication and cookie-based session handling to multi-factor authentication and complex authentication protocols, such as OAuth, OpenID, and SAML. Depending on the requirements of the application some approaches are better suited than others. This seminar should explore the authentication design space and compare stateful and stateless session handling approaches.
Containerization Technologies – English only
Kubernetes, Docker Swarm, Openshift, Portainer, Apache Mesos and others are in everyones mind. They've been made to revolutionize how to separate several applications and software stacks from each other. But did you ever had a look at the underlying technologies? In this survey the student is asked to examine, compare and summarize the main differences between many (at least five) different OS-level virtualization technologies currently existing in modern desktop and server environments. As a first task, the student needs to introduce the main ideas behind the concepts of such user space instances and its differences to other approaches like hardware-based virtualization. Maybe, also an historical overview can be given as a guide for the reader. In a second step the student has to examine the differences of the proposed technologies and summarize them according to their dis-/advantages. Finally, the student has to conclude which technology might be the best for which use cases, e.g. working in privacy-aware, secure or speed-optimized environments.
Cybersecurity vulnerabilities and attacks on C-V2X networks – English only
Cellular Vehicle-to-Everything (C-V2X) networks have emerged as an alternative to Dedicated Short Range Communications (DSRC), a 802.11p-based vehicular network. C-V2X networks can operate in the so-called Mode 3, that relies on the cellular base-station to manage the allocation of frequencies for each vehicle to transmit on, as well as Mode 4, that enables the vehicles to allocate transmission frequencies on their own. This seminar aims to identify potential security vulnerabilities in C-V2X networks operating in both Mode 3 and Mode 4 and, subsequently, classify the types of attacks that could be launched on these vehicular networks.
Distributed Machine Learning – English only
Due to the poor scalability and efficiency of learning algorithms, Machine Learning cannot handle large-scale data. This issue gave rise to Distributed Machine Learning. Even though it is a promising line of research, it still faces a lot of challenges. The goal of this seminar is to discover the importance of Distributed Machine Learning, while comparing it with traditional Machine Learning environments and investigating its challenges.
Egalitarian Consensus – English only
The majority of consensus protocols require an elected leader for the coordination of the replicas, and the interaction with the clients. However, Egalitarian consensus protocols omit an explicit leader in order to provide better load-balancing throughout all replicas. While such approaches are able to achieve significantly lower latencies, given that certain preconditions are met, they also introduce further challenges in their implementation.
Failure Recovery from Persistent Memory in SMR – English only
Persistent memory modules provide a non-volatile alternative to DRAM modules. These modules are also accessible through the system's memory bus, however the stored data survives a power outage. While they come with a performance penalty compared to DRAM modules, their access time is still significantly faster in comparison to solid state disks.
A suitable use case for such memory modules, are state-machine replicated systems that achieve fault tolerance by operating multiple replicated servers. In case one of these replicas suffers from a power outage, it may lose state updates that have not yet been written to disk. After a reboot, such a replica has to recover by querying other replicas for the missing data. The use of persistent memory modules would allow to circumvent this extra step, since the updates are still present. However, simply replacing DRAM modules with persistent memory modules would drastically reduce the system's performance. Instead, different techniques have been proposed to mitigate their performance penalty, while still achieving efficient recovery. The task of this seminar is to provide an overview and a comparison of these different strategies.
Feasibility of real-world evasion attacks against machine learning for image recognition – English only
This seminar topic shall compare existing machine learning evasion attacks on image recognition models to estimate their feasibility under the assumption of a limited attacker. Thus, the most recent attacks that propose to work with a physical patch or object–forged to manipulate the recognition outcome without direct access to the software or hardware (e. g., digital camera image)–should be identified from literature. A selection of three of these attacks should be compared with each other with focus on the qualitative discussion how likely the attack may be a threat to a deployed cyber physical system.
Stephan Kleber (Daimler TSS)
Federated Learning – English only
Federated Learning (FL) is a privacy-preserving machine learning technique, enabling parties to train their own model, using their own data on the device. An important aspect of FL is that data never leaves the device. Your task in this seminar is to investigate the role of FL in supporting privacy-sensitive applications, while analyzing its advantages and core challenges.
Machine learning methods for cybersecurity applications – English only
Machine learning has been used in a variety of applications ranging from recommendation engines, medical diagnosis, financial market analysis to self-driving vehicles. The goal of this seminar is to investigate how different machine learning methods have been employed for cybersecurity applications, as well as to analyze the effectiveness of these methods in such applications.
Network Security Breaches – English only
The goal of this seminar is the outlining of popular network security breaches (1-3 examples). Subsequently, state-of-the-art protection or detection approaches against these presented breaches should be explained.
Feasibility of real-world evasion attacks against machine learning for image recognition – English only
Block ciphers only work on inputs that are a multiple of the cipher’s block length in commonly used modes such as CBC. As data usually comes in arbitrary lengths, inputs to these algorithms need to be extended (padded) to a multiple of the block length. This seemingly simple problem lead to quite huge cryptographic problems. Depending on the scenario, it is even possible that an attacker is able to completely decrypt the ciphertext or encrypt data of their choosing. Your paper and presentation should explain the details of how a padding oracle works and how it can be used for decryption and ciphertext forgery. Moreover, you should give an overview of the problems this attack scenario caused as well as how the security community tries to avoid it nowadays.
Martin Lang (BMW)
Perimeter Security and why it is no longer sufficient – English only
Perimeter security is still the dominant network security architecture in 2022. In this paper, the basic principle of perimeter security will be presented. Above all, however, the weak points are to be pointed out.
Privacy-Preserving Machine Learning in Healthcare Domain – English only
Hospitals, other public institutions or companies are using medical information to perform computations and use the results for their own analysis. However, the data being collected or shared, might be sensitive and leak critical information about the data source. Therefore, Privacy-Preserving Machine Learning (PPML) plays an essential role, enabling machine learning process without compromising the private data. The goal of this seminar is to give an overview of PPML approaches applied in the healthcare domain, while explaining their role in protecting health data.
Secure Multi-Party Computation – English only
The goal of Secure Multi-Party Computation (MPC) is to enable parties to work together without ever knowing one another's confidential information. It plays an important role in solving security and privacy issues and there are many examples of where it can be helpful. The aim of this seminar is to investigate MPC with respect to both theoretical and practical aspects.
Security Vulnerabilities in Video Games – English only
The video game industry is booming, fueled by the Covid crysis, but also driven by eSports where tournaments are held with a price money of up to 45 million dollars. In order to take a good share of this cake, video games are released in faster cycles. As with other software applications, less development times, means more flaws. Latest releases of big publishers showed games with a huge number of bugs, where most of them affect stability or the user experience. But some do also affect the security of the gamers' computer. In this seminar you should gather security vulnerabilities introduced by the gaming industry (including their clients), analyze and categorize them.
Smart Contract Security – English only
Distributed ledgers such as Ethereum allow digital ownership of funds and their programmatical transfer via so-called smart contracts. The novel architecture of these distributed state machines poses new security challenges. As smart contracts deal with financial values, each security issue potentially has a financial impact. This seminar should highlight the unique security challenges of smart contracts such as re-entrancy issues, the impossibility of storing private data on-chain, or the dependence on randomness oracles that can be manipulated.
Henning Kopp (Code White)
Software-transactional Memory – English only
Software-transactional memory, or STM for short, is a concept to change content within main memory with a single atomic action. This can be used to implement atomic operations, or even transactions as known from database management systems. To implement classic transactions multiple versions of data may be kept in memory, and some tracking of dependencies is necessary to finally avoid inconsistent transactional semantics. Some implementation avoid any form of locking, but rely on atomic memory-access instructions like swapping one or two to memory words. Others add locking to avoid retries. For this topic, the student shall introduce the idea of STM and consider some of the techniques how to use and/or implement it. The approach could be more theory oriented or more implementation oriented, e.g. by also considering implementations for Java.
The Raft Consensus Algorithm and its Applications – English only
Raft is a Crash-Fault Tolerant consensus algorithm, which was developed with the motivation of providing a more comprehensible alternative to the Paxos algorithm. The Raft algorithm was proposed in 2014, and has been heavily adopted by different orchestration and database management tools by now.
Zero-knowledge Proofs – English only
In cryptography zero-knowledge proofs are protocols for two parties where on party can proof a statement to a verifying party without revealing additional information to the verifier except that the statement is true. This cryptographic building block is used within a variety of applications and other cryptographic protocols, such as authentication, distributed ledgers, and online voting. This topic should introduce zero-knowledge proofs and provide an overview of different types of zero-knowledge proofs as well as how proofs for different statements can be constructed.
Sorted by Topics
Beschreibung und allgemeine Angaben, Modulbeschreibung
|Lehr- und Lernformen: Ausgewählte Themen in Verteilten Systemen, 2S, 4LP|
|Modulkoordinator: Prof. Dr. Frank Kargl|
|Turnus / Dauer: jedes Semester / ein volles Semester|
|Voraussetzungen (inhaltlich): Grundlagen der Rechnernetze, Proseminar|
|Voraussetzungen (formal): -|
|Grundlage für (inhaltlich): -|