News
FeedbackWritten on 30.06.26 (last change on 01.07.26) by Noah Mauthe I have uploaded the Draft Design Document of the group you have chosen as feedback to each respective group's submission. They will also be available under materials, but this way it is clear which project you are supposed to give feedback on. Further, I have installed a forum where you can ask the… Read more I have uploaded the Draft Design Document of the group you have chosen as feedback to each respective group's submission. They will also be available under materials, but this way it is clear which project you are supposed to give feedback on. Further, I have installed a forum where you can ask the group you are reviewing for clarification in case this is needed. |
Clarification of the Feedback SessionWritten on 26.06.26 by Noah Mauthe Since there have been some questions, I want to clarify the format of the upcoming feedback session. Before: We expect you to upload a written description of your design that the other group that will evaluate your design can use. You are not required, but encouraged, to use one of the provided… Read more Since there have been some questions, I want to clarify the format of the upcoming feedback session. Before: We expect you to upload a written description of your design that the other group that will evaluate your design can use. You are not required, but encouraged, to use one of the provided templates, as they already contain all necessary sections, making your life easier. Presentation: The "presentation" of your design is freeform. Meaning, we expect you to present your design in an understandable way, but do NOT require any particular format. Using slides / whiteboard / puppets or whatever else you can imagine will help other groups understand your presentation is totally up to you. The length of the presentation should be 8-10 minutes. This way, the other groups (and we as instructors) have the chance to ask questions for 20 minutes. It is NOT necessary to split the presentation among all groups members. However, everyone should of course be able to answer the questions regarding the group's design. |
Design Feedback Offer and Additional MaterialWritten on 11.06.26 by Noah Mauthe Observing your very lively design discussions this week, we realized that the alotted time might not be sufficient to flesh out your design, especially considering the number of characteristics you have identified in the course of the seminar. Thus, we are currently looking into restructuring the… Read more Observing your very lively design discussions this week, we realized that the alotted time might not be sufficient to flesh out your design, especially considering the number of characteristics you have identified in the course of the seminar. Thus, we are currently looking into restructuring the latter part of the seminar so you have more time to properly finish your designs. In the meantime, I can offer you (either by yourself or with your group) to set up individual meetings in case you want feedback on your design (or to discuss capabilities in general). This is of course completely optional and will not affect your grade in any way. To support your design process further, I have also uploaded my recently accepted work "SoK: Capability Operating Systems: Is the Future Finally Here?" to the materials section of the CMS. It will be published at USENIX Security later this year, so apart from our research group you are the first ones to read it. I hope it can give you some interesting insights! |
Creating TeamsWritten on 03.06.26 by Noah Mauthe Contrary to what I have said yesterday, it is actually much easier if you set up the groups yourself in the CMS, rather than sending me an email. The functionality is available on your personal site in CMS, same place you can also find your submissions. One group has already found it, you can just… Read more Contrary to what I have said yesterday, it is actually much easier if you set up the groups yourself in the CMS, rather than sending me an email. The functionality is available on your personal site in CMS, same place you can also find your submissions. One group has already found it, you can just ignore this message. Team groupings can be changed until the beginning of the next seminar session, then they are fixed.
|
CharacteristicsWritten on 02.06.26 by Noah Mauthe Thank you for a very productive and interactive session today! As promised, a more readable version of the characteristics can now be found in the materials section. |
Room Change TomorrowWritten on 01.06.26 by Noah Mauthe Quick reminder that tomorrow's seminar session will take place in room 3.21 (still at CISPA, same building). |
Further ReadingWritten on 20.05.26 (last change on 20.05.26) by Huda Dawoud As mentioned in yesterday’s session, I would like to once again draw your attention to the research papers and links included in the further readings. In particular, having a basic understanding of SES and Cap’n Web before our next meeting would greatly enrich the discussion. You are not required to… Read more As mentioned in yesterday’s session, I would like to once again draw your attention to the research papers and links included in the further readings. In particular, having a basic understanding of SES and Cap’n Web before our next meeting would greatly enrich the discussion. You are not required to submit something about them, but of course, sending questions in advance is highly encouraged and very welcome. |
Miro UpdateWritten on 13.05.26 by Noah Mauthe As discussed yesterday, I re-arranged the Miro board slightly according to our discussion and left some questions that could help you extract interesting insights from the papers for next week. The questions are definitely not exhaustive, please do not limit yourself to answering them. In fact, feel… Read more As discussed yesterday, I re-arranged the Miro board slightly according to our discussion and left some questions that could help you extract interesting insights from the papers for next week. The questions are definitely not exhaustive, please do not limit yourself to answering them. In fact, feel free to ignore them entirely and provide your own, more interesting points :) Side-note: Please remember that we are interested in your views and insights for the submissions, not summaries. |
First SessionWritten on 11.05.26 by Noah Mauthe Please remember to bring your laptop to the first session tomorrow. We will start to work on a shared miro board already. Looking forward to the first discussion! |
Quick reminder: Preparing for the first sessionWritten on 05.05.26 by Noah Mauthe Please remember to read the 5 Papers on Capabilities in General found in the materials section and submit the respective short takeaways / own thoughts on the paper. Of course you can also include questions if understanding was difficult so we can prepare accordingly. The reading is essential so… Read more Please remember to read the 5 Papers on Capabilities in General found in the materials section and submit the respective short takeaways / own thoughts on the paper. Of course you can also include questions if understanding was difficult so we can prepare accordingly. The reading is essential so the fun part of the seminar, the informed discussion, can start right away. |
LSF Registration openWritten on 24.04.26 by Sven Bugiel Dear all, the examination office mentioned that the LSF registration should now be possible. Please register by May 12 to attend the seminar and receive credits. |
Van Horn to Fuchsia: Capability-based Access Control
Overview
Capabilities as an access control paradigm have been around for nearly six decades. Still, until recently, they were a little-known access control primitive and not deployed in end-user devices. However, they recently re-emerged with the advent of CHERI and Google Fuchsia.
The seminar aims to explore the design space of capability systems on different levels. Students will be tasked with designing their own system with a set of characteristics they will identify themselves from the literature. To this end, the seminar will take place as an interactive design workshop. Accordingly, we expect active participation in discussions and group work in all sessions.
Logistics
| Location | CISPA E9.1 (see schedule for the room) |
| Time | Tuesday, 14–16 |
| Meeting | Seminar (Weekly meetings starting May 12) |
| No. of Students | max. 12 (min. 6) |
| Instructors | Sven Bugiel, Noah Mauthe, Huda Dawoud |
| Contact | Noah Mauthe (email) |
| Language | English |
| Kickoff | April 21, 14–16, room 0.07 at CISPA |
Course structure and grading
The course is structured as an interactive design workshop. The first weeks will be spent discussing scientific literature (to be read in between sessions) and extracting insights and characteristics. The seminar group as a whole will create a design framework for capability systems during this time. In the following weeks, students will work in small groups to design (not implement) their own capability system based on the constructed framework. Further, the students are expected to provide feedback on other groups' designs. The seminar will conclude with presentations of the finished designs and a discussion of lessons learned during the design process applicable to further research. Please also take a look at the seminar schedule below for more details.
While much of the seminar will require working in small, changing groups, each student must write an individual seminar report at the end!
Grading will be based on active participation in the seminar sessions (30%) and the report (70%).
Registration and prerequisites
Given the seminar's design workshop format, we expect active participation in all sessions!
Please do not register for this seminar if you are not excited about discussing research with your peers or detest group work during seminar sessions.
There are no formal prerequisites. However, students must be familiar with the basics of access control and operating system security to understand the concepts from the literature. For example, by passing the Foundations of Cybersecurity lecture, the Core Lecture Security, or the Mobile Security lecture.
Registration is handled via the central registration system of the UdS.
Seminar Schedule
| Date | Topic | Format | Preparation | Room |
|
21.4. |
Kick-off | Presentation by the instructors | 0.07 | |
|
12.5. |
Capability System Characteristics - General | Discussion - Small groups, then whole class | Read 5 papers | 0.07 |
|
19.5. |
Capability System Characteristics - Modern Systems | Discussion - Small groups, then whole class | Read 2 papers | 0.07 |
|
26.5. |
Capability System Characteristics - Language Level | Discussion - Small groups, then whole class | Read 2 papers | 0.07 |
|
2.6. |
Capability System Characteristics & Domains | Discussion - Whole class | 3.21 | |
|
9.6. |
Design your own Capability System |
Design Session - Small Groups |
0.07 | |
|
16.6 |
Design your own Capability System | Design Session - Small Groups | 0.07 | |
|
23.6. |
Design your own Capability System | Design Session - Small Groups | 0.07 | |
|
30.6. |
Feedback Session | Presentations - Short group presentations, followed by discussion | Write design draft | 0.07 |
|
7.7. |
Design your own Capability System - Incorporating Feedback | Design Session - Small Groups | Write feedback | 0.07 |
|
14.7. |
Final Design Project Presentations Lessons learned, reflection, and future research |
Presentations - Small Groups Discussion - Whole class |
0.07 |
