System Security AS22
Current information, documents and the exercise submission system are available on the Moodle page.
Please enroll for the course on myStudies to have access.
Autumn semester 2022
Course no. 252-1414-00L, (7 ECTS)
Course responsible: Prof. Srdjan Capkun (), Prof. Shweta Shinde ()
Teaching Assistants: Friederike Groschupp*, Daniele Lain, Mark Kuhne, Supraja Sridhara ()
Written exam
Performance assessment is based on exercises/reports submitted through the semester (20%) and a session examination at the end of the semester (80%). Details will be discussed at the end of the semester.
Learning objectives
In this lecture, students learn about the security requirements and capabilities that are expected from modern hardware, operating systems and other software environments. An overview of available technologies, algorithms and standards is given, with which these requirements can be met.
Content Description
The first part of the lecture covers hardware-based security concepts. Topics include the concept of physical and software-based side channel attacks on hardware resources, architectural support for security (e.g., memory management and permissions, disk encryption), and trusted execution environments (Intel SGX, ARM TrustZone, AMD SEV, and RISC-V Keystone).
In the second part, the focus is on system design and methodologies for building secure systems. Topics include: common software faults (e.g., buffer overflows, etc.), bug-detection, writing secure software (design, architecture, QA, testing), compiler-supported security (e.g., control-flow integrity), and language-supported security (e.g., memory safety).
Along the lectures, model cases will be elaborated and evaluated in the exercises.