System Security - ITS-Wiki
System Security - ITS-Wiki
System Security - ITS-Wiki
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
1 / A.-R. Sadeghi, B. Cubaleska ©RUB, 2008<br />
Course<br />
Operating <strong>System</strong> <strong>Security</strong><br />
Introduction and<br />
Organisational Issues<br />
Prof. Dr.-Ing. Ahmad-Reza Sadeghi<br />
Chair for <strong>System</strong> <strong>Security</strong><br />
Ruhr-Universität Bochum<br />
CHAIR FOR<br />
SYSTEM SECURITY
2 / A.-R. Sadeghi, B. Cubaleska ©RUB, 2008<br />
Agenda for Today<br />
Introduce ourselves (Chair for <strong>System</strong> <strong>Security</strong>)<br />
Lectures, seminars<br />
Research activities<br />
Projects<br />
Course Operating <strong>System</strong> <strong>Security</strong><br />
Organizational issues<br />
Overview of the topics planned for this semester<br />
CHAIR FOR<br />
SYSTEM SECURITY
3 / A.-R. Sadeghi, B. Cubaleska ©RUB, 2008<br />
Chair for <strong>System</strong> <strong>Security</strong><br />
Head: Prof. Dr.-Ing. Ahmad-Reza Sadeghi<br />
12 research assistants (at the time)<br />
Technical and support stuff<br />
More than 10 student helpers (HiWi)<br />
Where we are<br />
IC / 4 (4 th floor in the Building IC)<br />
Lab for Operating <strong>System</strong> <strong>Security</strong> and Trusted Computing:<br />
IC 4/31<br />
On the web: http://www.trust.rub.de<br />
CHAIR FOR<br />
SYSTEM SECURITY
4 / A.-R. Sadeghi, B. Cubaleska ©RUB, 2008<br />
HGI-Institut<br />
HGI: Horst-Görtz Institut für Sicherheit in der<br />
Informationstechnik<br />
We are part of it, together with 5 another chars at RUB<br />
About 60 researchers in the area of IT-<strong>Security</strong><br />
Biggest institution of this kind in Europe<br />
Research and projects in all relevant areas of IT-<br />
<strong>Security</strong><br />
On the web: http://www.hgi.rub.de<br />
CHAIR FOR<br />
SYSTEM SECURITY
5 / A.-R. Sadeghi, B. Cubaleska ©RUB, 2008<br />
Structure of the HGI-Institute<br />
CHAIR FOR<br />
SYSTEM SECURITY
6 / A.-R. Sadeghi, B. Cubaleska ©RUB, 2008<br />
Lectures<br />
SysSec: Teaching<br />
<strong>System</strong> <strong>Security</strong> I (WS 2008/09)<br />
Operating <strong>System</strong> <strong>Security</strong> (WS 2008/09)<br />
<strong>System</strong> <strong>Security</strong> II (SS 2009)<br />
Trusted Computing (SS 2009)<br />
Seminars<br />
Seminar <strong>System</strong> <strong>Security</strong> (main focus changes each<br />
semester)<br />
HGI-Seminar about actual topics of IT-<strong>Security</strong><br />
Practical (Internship), Projects<br />
Lab for operating system security and trusted computing<br />
Bachelor, Diploma, Master and PhD Thesis<br />
CHAIR FOR<br />
SYSTEM SECURITY
7 / A.-R. Sadeghi, B. Cubaleska ©RUB, 2008<br />
SysSec: Research and Projects<br />
Research Activities<br />
Cryptographic Primitives and Protocols<br />
<strong>System</strong> <strong>Security</strong><br />
Operating <strong>System</strong> <strong>Security</strong><br />
Trusted Computing<br />
Digital Rights Management<br />
Secure Hardware<br />
Projects<br />
Perseus (Secure Operating <strong>System</strong>s)<br />
EMSCB (European Multilaterally Secure Computing Base)<br />
OpenTC (Open Trusted Computing)<br />
SPEED (Signal Processing in Encrypted Domain)<br />
CACE (Computer Aided Cryptographic Engineering)<br />
CHAIR FOR<br />
SYSTEM SECURITY
8 / A.-R. Sadeghi, B. Cubaleska ©RUB, 2008<br />
SysSec: Another Activities<br />
Organization of the European Summer School<br />
on Trusted Computing (Oxford and Bochum)<br />
Organization and co-organization of many<br />
important international conferences and<br />
workshops<br />
E. g. TRUST 2008 (Austria), Future of TC (Berlin)<br />
We are working together with world-leading<br />
research labs and manufacturers<br />
IBM research, HP research, Infineon, Phillips …<br />
CHAIR FOR<br />
SYSTEM SECURITY
9 / A.-R. Sadeghi, B. Cubaleska ©RUB, 2008<br />
Agenda for today<br />
Introduce ourselves (Chair for <strong>System</strong> <strong>Security</strong>)<br />
Lectures, Seminars<br />
Research activities<br />
Projects<br />
Introduce yourself<br />
Course Operating <strong>System</strong> <strong>Security</strong><br />
Organizational issues<br />
Overview of the topics planned for this semester<br />
CHAIR FOR<br />
SYSTEM SECURITY
10 / A.-R. Sadeghi, B. Cubaleska ©RUB, 2008<br />
Introduce Yourself<br />
Master / Diploma Students ?<br />
Background<br />
Courses, previous knowledge?<br />
We will be interactive!!!<br />
Feedback is very important<br />
CHAIR FOR<br />
SYSTEM SECURITY
11 / A.-R. Sadeghi, B. Cubaleska ©RUB, 2008<br />
Agenda for today<br />
Introduce ourselves (Chair for <strong>System</strong> <strong>Security</strong>)<br />
Lectures, Seminars<br />
Research activities<br />
Projects<br />
Introduce yourself<br />
Course Operating <strong>System</strong> <strong>Security</strong><br />
Organizational issues<br />
Overview of the topics planned for this semester<br />
CHAIR FOR<br />
SYSTEM SECURITY
12 / A.-R. Sadeghi, B. Cubaleska ©RUB, 2008<br />
OSS: Organizational Issues<br />
Lecture: Prof. A.-R. Sadeghi<br />
Tuesdays: 10.15 - 11.45<br />
Exercises: Team of SysSec<br />
Announced: Tuesdays: 9.15 – 10.00 Not relevant!<br />
Instead of 14 times (weeks) one hour we will have 7 times<br />
two hours<br />
Exercises in the lab for OSS<br />
Second half of the semester; Start: Last November week<br />
Terms will be given in advance<br />
With the exercises you can earn 20% of the exam<br />
performance!<br />
CHAIR FOR<br />
SYSTEM SECURITY
13 / A.-R. Sadeghi, B. Cubaleska ©RUB, 2008<br />
OSS: Organizational Issues<br />
Course home page:<br />
http://www.ei.rub.de/studierende/lehrveranstaltungen/et/232/<br />
All relevant information (e.g., literature recommendation)<br />
Announcements<br />
Files with slides, assignments<br />
Lab infos and schedule<br />
Course mailing list (?)<br />
Prof. Sadeghi will be supported by his<br />
assistants<br />
Biljana Cubaleska (IC 4/33, biljana.cubaleska@trust.rub.de)<br />
Marcel Winandy (IC 4/43, marcel.winandy@trust.rub.de)<br />
CHAIR FOR<br />
SYSTEM SECURITY
14 / A.-R. Sadeghi, B. Cubaleska ©RUB, 2008<br />
OS <strong>Security</strong>: Topics (intended)<br />
Introduction to system security<br />
Introduction to operating systems<br />
Memory management<br />
Process management<br />
IO management<br />
<strong>Security</strong> threats in operating systems<br />
Attacks from inside<br />
Attacks from outside<br />
Authentication in OS<br />
Access control in OS<br />
Memory protection<br />
Virtualization<br />
Another security measures<br />
CHAIR FOR<br />
SYSTEM SECURITY
15 / A.-R. Sadeghi, B. Cubaleska ©RUB, 2008<br />
Lecture slides<br />
Books<br />
Literature<br />
Silberschatz & Galvin “Operating <strong>System</strong><br />
Concepts” (Addison Wesley)<br />
− Gives a very nice overview operating system concepts, but the focus is not<br />
on the security concepts<br />
Morrie Gasser “Building a Secure Computer<br />
<strong>System</strong>”<br />
− Gives a very nice overview of the basic security concepts and advanced<br />
cryptographic primitives (also available online)<br />
Some original papers<br />
Will be listed on the course web-site<br />
CHAIR FOR<br />
SYSTEM SECURITY
16 / A.-R. Sadeghi, B. Cubaleska ©RUB, 2008<br />
Questions …<br />
… are welcome any time<br />
… we will try to give a response at once (“online”), or<br />
to prepare it for the next meeting (if very exhaustive)<br />
Questions?<br />
CHAIR FOR<br />
SYSTEM SECURITY