Master Praktikum: Mikroservice Integrity Protection (IN2106, IN4233)
Master Praktikum: Microservice Integrity Protection (IN2106, IN4233)
Lehrveranstaltung 0000004563 im SS 2018
Basisdaten
| LV-Art | Praktikum |
|---|---|
| Umfang | 6 SWS |
| betreuende Organisation | Informatik 4 - Lehrstuhl für Software & Systems Engineering (Prof. Pretschner) |
| Dozent(inn)en |
Leitung/Koordination: Alexander Pretschner |
| Termine |
Di, 14:00–16:30, MI 00.11.038 sowie 1 einzelner oder verschobener Termin |
Zuordnung zu Modulen
-
IN2106: Master-Praktikum / Advanced Practical Course
Dieses Modul ist in den folgenden Katalogen enthalten:- weitere Module aus anderen Fachrichtungen
weitere Informationen
Lehrveranstaltungen sind neben Prüfungen Bausteine von Modulen. Beachten Sie daher, dass Sie Informationen zu den Lehrinhalten und insbesondere zu Prüfungs- und Studienleistungen in der Regel nur auf Modulebene erhalten können (siehe Abschnitt "Zuordnung zu Modulen" oben).
| ergänzende Hinweise | Microservices expose a wider attack surface, express a more dynamic behaviour and change more rapidly, which make security a major concern in such systems. Worse yet, the new build and deployment paradigms, so-called "DevOps", have empowered a larger group of the organizational users with an extended access on production machines. This, in turn, significantly increased the risk of rogue insiders harming system assets. In the given setting protecting system integrity has become a challenging task. Modules taught will include Module 0: Crash course on Microservices Module 1: Integrity threats and protections Module 1: SIP-toolchain (hands on) Module 2: Intel SGX and data protection Module 3: Intel SGX and behavioural integrity Module 4: Intel SGX and infrastructure security Phase1: “Software-based service integrity protection using SIP-toolchain” In this phase, we raise the bar against insider attackers using software-based protection. Students will utilize different tools provided in the SIP-toolchain to protect integrity assets of a provided dataset of microservices. All the steps taken, including the rationale behind choosing tools and the necessary configurations, will be documented by each group. At the end of this phase, each group will submit their protection script, protected programs and a comprehensive documentation of the entire procedure. Phase2: “Sensitive data protection using Intel SGX” In this phase, we aim at protecting data assets in the given set of microservices. Students will first identify sensitive data with which tampering renders system’s security defeated. Subsequently, they will utilize Intel SGX SDK to safeguard accesses to such data. All the source codes along with a comprehensive documentation will be submitted by each group. Phase3: “Behavioural integrity protection via Intel SGX” In this phase, students will get hands on experience with protecting the integrity of sensitive operations. Similar to phase 2, they will first identify sensitive operations in the given services, and then use Intel SGX to protect them. All the source codes along with a comprehensive documentation will be submitted by each group. Phase4: “Trusted infrastructure” Phase 4 aims at protecting the system integrity at the infrastructure level. In this phase, we use state-of-the-art tools to run microservices in trusted containers (powered by SGX). On top of this setting students will design and implement a secure mediating service to seed in secrets and configurations. Phase 5: “Evaluation” In this phase, every group will carry out a thorough evaluation of their implemented protected services. Each group will measure and report throughput and latency of their protected microservices. Further, security guarantees and limitations of the utilized schemes will be analysed. The outcome of the performance and security analyses will be documented and delivered by each group at the end of this phase. |
|---|---|
| Links |
LV-Unterlagen E-Learning-Kurs (z. B. Moodle) Zusatzinformationen TUMonline-Eintrag |