Project Lab: Dynamic Enforcement of System Requirements

Form:
Project Lab - 9 CP (6 SWS)
Organizer:
Prof. Dr.-Ing. Heiko Mantel
Regular meetings:
Mondays 16:15 - 17:55, at S115/238
Language:
English
TUCAN Id:
20-00-0797-pp
Registration:
via TUCaN (20-00-0797-pp), or Jinwei Hu (S2|02 E322)
Max. participants:
20
Preparation meeting:
April 14, 2015, 16:15-17:55, in E302

Information for Participants

Participants of the course can find detailed information on the internal web page.

  • Slides of the Introductory Meeting
  • Slides of Session 1
  • Assignments 1 and 2
  • Assignment 3
  • Slides of Session 3
  • An example aspect for Exercise 1 of Assignment 1
  • Assignment 4
  • A link to how to run Fiddler in Linux
  • Assignment 5
  • Assignment 6
  • Assignment 7
  • Assignment 8
  • Documentation Requirements

Content

In short,

we will counter against system vulnerabilities for systems like
  • distributed storage systems
  • web applications
  • web services
Example vulnerabilities include
  • shop-for-free in e-commerce applications (an example video), and
  • impersonation in single-sign-on services.
Each team will choose a concrete vulnerability to cope with and present the achieved protection in the end.

In not so short, ...

Nowadays, users entrust applications with an increasing amount of sensitive data, such as contacts, account data, and pictures. Malicious or faulty applications processing this data can cause substantial harm to users' information security and privacy. Proper mechanisms should therefore be in place to make applications comply with users' security requirements. Dynamic enforcement is a technique for achieving this by observing an application's runtime behavior and applying suitable countermeasures when necessary. Of particular relevance for today's information security are distributed applications like web applications and cloud storage. Dynamic enforcement for distributed applications like these is the focus of this lab course.

This project lab will cover the following topics.

  • basic concepts of dynamic monitoring and enforcement in distributed systems
  • introduction to tools for runtime monitoring and enforcement like CliSeAu, JavaMOP and Polymer
  • specification of requirements in different formalisms
  • combination of mechanisms for runtime monitoring and enforcement with target programs
  • central vs decentralized monitoring and enforcement in distributed systems
  • protocols for coordinating actions of decentralized mechanisms
  • independent adaptation of mechanisms for dynamic monitoring and enforcement to concrete target programs in small teams
  • independent extension of an existing framework for dynamic monitoring and enforcement in distributed systems and evaluation of extensions in small teams

Prerequisites

  • programming skills in Java
  • knowledge in computer science as of the 4th term of Bachelor studies in Computer Science

History

This lab grows from and expands the DynamoLab SS2013.

Flyer

 

Last modified on 7 March 2016.

A A A | Print | Imprint | Sitemap | Contact
zum Seitenanfang