Tutorials

Tutorial Chairs

  • Thorsten Holz (Ruhr-University Bochum, DE)
  • Gregory Neven (IBM Research – Zurich, CH)

You may contact the chairs at ccs-tutorials@trust.cased.de

Tutorial Abstracts and Lecturer Resumes

Constructive and Destructive Aspects of Embedded Security in the Internet of Things

Lecturer: Christof Paar

Time: Tuesday, Nov 5th, 2013, 2 – 5 pm in Room B07-B08

Abstract: Through the prevalence of interconnected embedded systems, the vision of pervasive computing has become reality over the last few years. More recently, this evolutionary development has become better known as the Internet of Things. As part of this development, embedded security has become an increasingly important issue in a multitude of applications. Examples include the Stuxnet virus, which has allegedly delayed the Iranian nuclear program, killer applications in the consumer area like iTunes or Amazon’s Kindle (the business models of which rely heavily on IP protection) and even medical implants like pace makers and insulin pumps that allow remote configuration. These examples show the destructive and constructive aspects of modern embedded security. In this tutorial I will talk about the technologies that are behind some of our research projects over the last few years. I will address both the constructive and “penetration testing” aspect of embedded security.

About Christof Paar: Christof Paar has the Chair for Embedded Security at the University of Bochum, Germany, and is affilated professor at the University of Massachusetts at Amherst. He co-founded, with Cetin Koc, the CHES (Cryptographic Hardware and Embedded Systems) conference. Christof’s research interests include highly efficient software and hardware realizations of cryptography, physical security, penetration of real-world systems, trusted systems and cryptanalytical hardware. He also works on real-world applications of embedded security, e.g., in cars, consumer devices, smart cards and RFID. Christof has over 150 peer-reviewed publications and is co-author of the textbook Understanding Cryptography (Springer, 2009). He has given invited talks at MIT, Yale, Stanford University, IBM Labs and Intel. He has taught cryptography extensively in industry, including courses at NASA, Motorola Research, and Philips Research. Christof is Fellow of the IEEE. He co-founded ESCRYPT Inc. – Embedded Security, a leading system provider in industrial security which was acquired by Bosch.

 

Trusted Execution Environments on Mobile Devices

Lecturers: Jan-Erik Ekberg, Kari Kostiainen, N. Asokan

Time: Wednesday, Nov 6th, 2013, 9:30 am – 12:30 pm in Room B07-B08

Abstract: A trusted execution environment (TEE) is a secure processing environment that is isolated from the “normal” processing environment where the device operating system and applications run. The first mobile phones with hardware-based TEEs appeared almost a decade ago, and today almost every smartphone and tablet contains a TEE like ARM TrustZone. Despite such a large-scale deployment, the use of TEE functionality has been limited for developers. With emerging standardization this situation is about to change. In this tutorial, we explain the security features provided by mobile TEEs and describe On-board Credentials (ObC) system that enables third-party TEE development. We discuss ongoing TEE standardization activities, including the recent Global Platform standards and the Trusted Platform Module (TPM) 2.0 specification, and identify open problems for the near future of mobile hardware security. Slides to be presented at the tutorial can be found here.

About Jan-Erik Ekberg: Jan-Erik Ekberg is Director of Advanced Development at Trustonic. His background is in the Telecom industry, where he worked for 18 years at Nokia Research Center. His primary interests are with issues related to platform security and TEEs, but he has also background in (securing) network protocols and telecom systems, as well with short-range communication technologies like NFC, BT-LE and WLAN. Jan-Erik received his doctorate in Computer Science from Aalto Univesity.

 

About Kari Kostiainen: Kari is a postdoctoral researcher at System Security Group of ETH Zurich. His research focus is on security and privacy issues of mobile devices. Before joining ETH, Kari spent several years at Nokia Research Center in Helsinki, and also briefly in Palo Alto. Kari has a doctorate in computer science from Aalto University.

 

About N. Asokan: N. Asokan is a Professor at Aalto University and the University of Helsinki. He joined the academia recently after a long spell in industrial research at Nokia Research Center and IBM Research. He holds a doctorate in Computer Science from the University of Waterloo.

 

Easily Instrumenting Android Applications for Security Purposes

Lecturer: Eric Bodden

Time: Thursday, Nov 7th, 2013, 2 – 5 pm in Room B07-B08

Abstract: Novel types of malware on mobile devices have raised researchers interest in implementing static and dynamic techniques for detecting and mitigating malicious behavior of mobile applications. In this hands-on tutorial we will demonstrate and explain different techniques for instrumenting Android applications using the Aspect Bench Compiler (abc) and the program analysis and transformation tool Soot. Through high-level abstractions such as AspectJ aspects and Tracematches, abc supports a declarative style of instrumentation that lends itself to the rapid prototyping of at least simple instrumentation schemes. Soot supports instrumentation in an imperative style, which requires more work but allows more fine-grained control. Both abc and Soot are inter operable, as they instrument the same intermediate program representation. Furthermore, as we show, both can be easily integrated with static program analyses that can be used to specialize instrumentation schemes based on additional information extracted from the static structure of the instrumented app.

About Eric Bodden: Eric Bodden is currently heading the Secure Software Engineering Group at Fraunhofer SIT, Technische Universität Darmstadt and the European Center for Security and Privacy by Design (EC SPRIDE), head of the Emmy Noether Group RUNSECURE funded through the DFG, and also a Principal Investigator within the research area “Secure Services” of the Center for Advanced Security Research Darmstadt (CASED). At Fraunhofer SIT he is also heading the Attract-Group on Secure Software Engineering. There they develop code analysis technology for security, in collaboration with the leading national and international software development companies. He is also the chief maintainer of the Soot program analysis and optimization framework, a contributor to the AspectBench Compiler, the open research compiler for AspectJ, the inventor of the Clara and TamiFlex frameworks. Together with his research group, Eric created the FlowDroid analysis framework for Android and the Droid Bench benchmark suite. Until fall 2011, He was a Post-doctoral Researcher at the Software Technology Group of the Technical University Darmstadt. During this time, he also coordinated the Graduate School at CASED.