This website is no longer updated.

As of 1.10.2022, the Faculty of Physics has been merged into the TUM School of Natural Sciences with the website https://www.nat.tum.de/. For more information read Conversion of Websites.

de | en
Login

Master Praktikum: Microservice Integrity Protection (IN2106, IN4233)

Course 0000004563 in SS 2018

General Data

Course Type practical training
Semester Weekly Hours 6 SWS
Organisational Unit Informatics 4 - Chair of Software & Systems Engineering (Prof. Pretschner)
Lecturers Responsible/Coordination: Alexander Pretschner
Dates Tue, 14:00–16:30, MI 00.11.038
and 1 singular or moved dates

Assignment to Modules

Further Information

Courses are together with exams the building blocks for modules. Please keep in mind that information on the contents, learning outcomes and, especially examination conditions are given on the module level only – see section "Assignment to Modules" above.

additional remarks Microservices expose a wider attack surface, express a more dynamic behaviour and change more rapidly, which make security a major concern in such systems. Worse yet, the new build and deployment paradigms, so-called "DevOps", have empowered a larger group of the organizational users with an extended access on production machines. This, in turn, significantly increased the risk of rogue insiders harming system assets. In the given setting protecting system integrity has become a challenging task. Modules taught will include Module 0: Crash course on Microservices Module 1: Integrity threats and protections Module 2: SIP-toolchain (hands on) Module 3: Intel SGX and data protection Module 4: Intel SGX and behavioural integrity Module 5: Intel SGX and infrastructure security Phase1: “Software-based service integrity protection using SIP-toolchain” In this phase, we raise the bar against insider attackers using software-based protection. Students will utilize different tools provided in the SIP-toolchain to protect integrity assets of a provided dataset of microservices. All the steps taken, including the rationale behind choosing tools and the necessary configurations, will be documented by each group. At the end of this phase, each group will submit their protection script, protected programs and a comprehensive documentation of the entire procedure. Phase2: “Sensitive data protection using Intel SGX” In this phase, we aim at protecting data assets in the given set of microservices. Students will first identify sensitive data with which tampering renders system’s security defeated. Subsequently, they will utilize Intel SGX SDK to safeguard accesses to such data. All the source codes along with a comprehensive documentation will be submitted by each group. Phase3: “Behavioural integrity protection via Intel SGX” In this phase, students will get hands on experience with protecting the integrity of sensitive operations. Similar to phase 2, they will first identify sensitive operations in the given services, and then use Intel SGX to protect them. All the source codes along with a comprehensive documentation will be submitted by each group. Phase4: “Trusted infrastructure” Phase 4 aims at protecting the system integrity at the infrastructure level. In this phase, we use state-of-the-art tools to run microservices in trusted containers (powered by SGX). On top of this setting students will design and implement a secure mediating service to seed in secrets and configurations. Phase 5: “Evaluation” In this phase, every group will carry out a thorough evaluation of their implemented protected services. Each group will measure and report throughput and latency of their protected microservices. Further, security guarantees and limitations of the utilized schemes will be analysed. The outcome of the performance and security analyses will be documented and delivered by each group at the end of this phase.
Links Course documents
E-Learning course (e. g. Moodle)
Additional information
TUMonline entry
Top of page