|Titel:||Ausgewählte Themen in Verteilten Systemen|
|Englischer Titel:||Selected Topics in Distributed Systems|
|Kürzel / Nr. / Modulnr.:||ATVS / CS5900.113 / 72041|
|SWS / LP:||2S / 4LP|
|Dozent:||Prof. Dr. Frank Kargl, Prof. Dr.-Ing. Franz J. Hauck|
|Betreuer:||Ala'a Al-Momani, Leonard Bradatsch, Eugen Frasch, Gerhard Habiger, Alexander Heß, Dominik Mauksch, Echo Meißner, Michael Wolf, Migena Ymeraj, Externe|
Räume und Daten siehe Moodlekurs.
|Lernplattform:||Kursmaterialien finden Sie im Moodle-Kurs. Sie werden dem Kurs automatisch hinzugefügt, sobald Sie eines unserer Seminare besuchen.|
|Themenvergabe:||Bitte Beachten: Die zentrale Themenvergabe erfolgt immer bereits gegen Ende des vorherigen Semesters über die zentrale Seminarthemen-Vergabe-Plattform im Moodle ("Anmeldung zur Verteilung der Seminare im kommenden Sommer-/ Wintersemester").|
|Sprache:||Alle Themen können in deutscher oder englischer Sprache bearbeitet werden, sofern nicht anders angegeben.|
• free (20) ✘ assigned
• Your own topic – English only
You have the possibility until the beginning of the semester to come up with your own topic and find a supervisor who is willing to mentor more students.
• Location privacy – English only
Location-based services (LBSs) have become an essential part of our daily lives. In such services, users offer their (precise) locations to service providers in return of benefiting from the service. However, offering location data to service providers put users' privacy at huge risk. Often these locations are associated with points of interest (POIs) of the users. Therefore, service providers are able to infer users' private behavior by knowing these POIs with a relatively high degree of certainty. For this reason, the adoption and deployment of location privacy protection mechanisms (LPPMs) are essential to protect users' privacy.
• Network Security Breaches – English only
The goal of this seminar is the outlining of popular network security breaches (2-3 examples). Subsequently, state-of-the-art protection or detection approaches against these presented breaches should be explained.
• First Packet Authentication – English only
All three of the above stated techniques describe an authentication process that starts with the very first packet a client sends to an network entry node when entering a network or accesing a service. This kind of authentication can be performed without having the communication parties any messages exchanged before the authentication happened.
• Accessibility in Modern Web Applications – English only
Due to "Statistisches Bundesamt" 9.52% of germany's population had a severe disability in 2019. Many of various disabilities e.g. visual impairement influence the user interaction with web applications. Although most of the impact of a disability can be compensated with accessible tools like special input devices and client-software, such tools are heavily relying on extra information from the application itself.
• State of the art in biological molecular dynamics simulation software – English only
Parallel molecular dynamics (MD) simulations are critical to researching the interactions of hundreds of millions of atoms
• CheapBFT: a resource-efficient replication approach – English only
State-machine replication is a technique to deploy mulitple server replicas at once and let them do the same on behalf of client requests. In case of faults the service is still available. Even more, the service can tolerate arbitrarily misbehaving replicas (up to a certain number) by forming a quorum of votes. This needs typically 3f+1 replicas if we want to tolerate up to f faulty replicas. CheapBFT is another approach that needs less resources and still provides fault tolerance against arbitrarily misbehaviour, so called Byzantine failures. This seminar work is supposed to characterise CheapBFT in comparison to traditional approaches against Byzantine faults by state-machine replication.
There is only a single scientific paper describing CheapBFT. However, the candidate student is requested to introduce state-machine replication by having a look at papers about fundamental aspects and related traditional approaches.
• BFT Consensus Protocols: An Overview – English only
Byzantine fault tolerant (BFT) consensus protocols enable a set of distributed nodes to agree on a series of values, even if a minority of the nodes is faulty or malicious.
• Attacks on Automotive Systems – English only
Over the last 12 years, a large number of security attacks on automotive systems were discovered and published.
• Secure over-the-air updates for vehicles – English only
Modern vehicles have become complex software products that need to be maintained for several decades in order to ensure their safe operation on the road. Typically, software is updated much more frequently than a car is taken to the shop for maintainance and therefore other ways to deploy software updates need to be considered. Over-the-air updates allow quick and cheap deployment of new or updated software to a large vehicle fleet, but security aspects need to be considered very carefully for obvious reasons.
• Concepts and techniques in Library Isolation – English only
Different applications are isolated in modern operating systems so that they can only exchange information via predefined interfaces, e.g. shared memory. However, libraries used in applications usually run in the application context and thus with the same privileges and address space as the main application. They therefore increase the attack surface of an application, e.g. in the case of return-oriented programming attacks.
• Evolution of the Hypertext Transfer Protocol – English only
Since HTTP was first developed at CERN in 1989 it has seen many changes. While it still serves its original purpose, HTTP also became a ubiquitous application protocol with a variety of uses that go far beyond the transportation of hypertext documents. But not only the applications of HTTP have changed drastically in the last 32 years, the protocol stack has also evolved. Nowadays more than 90% of the HTTP traffic is encrypted using TLS and while the adoption of HTTP/2 is steadily increasing, the IETF is in the process of finalizing the HTTP/3 protocol with 71% of running web browsers already supporting it.
• Authentication in Web Applications – English only
Modern web application development encompasses a variety of approaches to implement authentication and session handling, ranging from traditional password-based authentication and cookie-based session handling to multi-factor authentication and complex authentication protocols, such as OAuth, OpenID, and SAML. Depending on the requirements of the application some approaches are better suited than others. This seminar should explore the authentication design space and compare stateful and stateless session handling approaches.
• Differential Privacy – English only
Differential Privacy (DP) is a privacy enhancing technology (PET) which should help to increase the privacy of users submitting data. Very simply spoken, during the data gathering phase noise is added to the value of each user in such a way that the individual user cannot be distinguished of others, and in the evaluation phase, the noise is taken into consideration to calculate certain analytics over the whole dataset. This oversimplified example was only used to explain the basics of the idea behind this PET, which has more specifics and potential.
• The Boring Loop - a critical analysis – English only
Elon Musk opened recently the Las Vegas Convention Center Loop which was build by his company "The Boring Company". This project was created to speed up travel time in cities between specific locations, but also show that the cost of tunnel drilling can be reduced drastically. With the Loop in Vegas now finished, theses promises can be examined critically, as well as the concept of individual transport through tunnels.
• Secure Multi-Party Computation – English only
The goal of Secure Multi-Party Computation (MPC) is to enable parties to work together without ever knowing one another's confidential information. It plays an important role in solving security and privacy issues and there are many examples of where it can be helpful.
• Distributed Machine Learning – English only
Due to the poor scalability and efficiency of learning algorithms, Machine Learning cannot handle large-scale data. This issue gave rise to Distributed Machine Learning. Even though it is a promising line of research, it still faces a lot of challenges.
• Containerization Technologies – English only
Kubernetes, Docker Swarm, Openshift, Portainer, Apache Mesos and others are in everyones mind. They've been made to revolutionize how to separate several applications and software stacks from each other. But did you ever had a look at the underlying technologies?
• Timing Attacks - An Overview – English only
Classical cryptographic research deals with adversaries of polynomially bounded computational power. However, this attack model is not always realistic. In particular, an attacker may be able to measure the time it takes to run cryptographic algorithms. As often the running time of an algorithm depends on its input, this can be used to gather various information about the inputs to the algorithm or its internal workings. In a security context, sensitive data such as encryption keys and passwords may be recoverable by measuring the run time of programs. Examples are the run time of multiplications in the RSA algorithm, the POODLE and Lucky Thirteen Attack on TLS, as well as various forms of Cache timing attacks (PRIME+PROBE, EVICT+TIME).
Henning Kopp (Schutzwerk GmbH)
• Padding Oracles – English only
Block ciphers only work on inputs that are a multiple of the cipher’s block length in commonly used modes such as CBC. As data usually comes in arbitrary lengths, inputs to these algorithms need to be extended (padded) to a multiple of the block length. This seemingly simple problem lead to quite huge cryptographic problems. Depending on the scenario, it is even possible that an attacker is able to completely decrypt the ciphertext or encrypt data of their choosing.
Martin Lang (BMW Car IT)
• Secure In-Car Communication – English only - Master only (RTDS)
Modern cars contain an abundance of different ECUs controlling different aspects of the car's functionality. Along with an ever rising number of sensors and actuators, more and more control of the car is handed over to digital equipment. The rising complexity of these systems also leads to an increasingly large attack surface. Assuring the integrity and authenticity of in-car communication is therefore critical for the safety of driver, passengers, and other road users.
Thomas Lukaseder (Escrypt)
Sorted by Topics
Beschreibung und allgemeine Angaben, Modulbeschreibung
|Lehr- und Lernformen: Ausgewählte Themen in Verteilten Systemen, 2S, 4LP|
|Modulkoordinator: Prof. Dr. Frank Kargl|
|Turnus / Dauer: jedes Semester / ein volles Semester|
|Voraussetzungen (inhaltlich): Grundlagen der Rechnernetze, Proseminar|
|Voraussetzungen (formal): -|
|Grundlage für (inhaltlich): -|