## David Basin: Catalogue data in Spring Semester 2018 |

Name | Prof. Dr. David Basin |

Field | Informationssicherheit |

Address | Institut f. Informationssicherheit ETH Zürich, CNB F 106 Universitätstrasse 6 8092 Zürich SWITZERLAND |

Telephone | +41 44 632 72 45 |

Fax | +41 44 632 11 72 |

basin@inf.ethz.ch | |

URL | http://www.inf.ethz.ch/personal/basin/ |

Department | Computer Science |

Relationship | Full Professor |

Number | Title | ECTS | Hours | Lecturers | |
---|---|---|---|---|---|

252-0058-00L | Formal Methods and Functional Programming | 7 credits | 4V + 2U | D. Basin, P. Müller | |

Abstract | In this course, participants will learn about new ways of specifying, reasoning about, and developing programs and computer systems. The first half will focus on using functional programs to express and reason about computation. The second half presents methods for developing and verifying programs represented as discrete transition systems. | ||||

Objective | In this course, participants will learn about new ways of specifying, reasoning about, and developing programs and computer systems. Our objective is to help students raise their level of abstraction in modeling and implementing systems. | ||||

Content | The first part of the course will focus on designing and reasoning about functional programs. Functional programs are mathematical expressions that are evaluated and reasoned about much like ordinary mathematical functions. As a result, these expressions are simple to analyze and compose to implement large-scale programs. We will cover the mathematical foundations of functional programming, the lambda calculus, as well as higher-order programming, typing, and proofs of correctness. The second part of the course will focus on deductive and algorithmic validation of programs modeled as transition systems. As an example of deductive verification, students will learn how to formalize the semantics of imperative programming languages and how to use a formal semantics to prove properties of languages and programs. As an example of algorithmic validation, the course will introduce model checking and apply it to programs and program designs. | ||||

252-0211-00L | Information Security | 8 credits | 4V + 3U | D. Basin, S. Capkun | |

Abstract | This course provides an introduction to Information Security. The focus is on fundamental concepts and models, basic cryptography, protocols and system security, and privacy and data protection. While the emphasis is on foundations, case studies will be given that examine different realizations of these ideas in practice. | ||||

Objective | Master fundamental concepts in Information Security and their application to system building. (See objectives listed below for more details). | ||||

Content | 1. Introduction and Motivation (OBJECTIVE: Broad conceptual overview of information security) Motivation: implications of IT on society/economy, Classical security problems, Approaches to defining security and security goals, Abstractions, assumptions, and trust, Risk management and the human factor, Course verview. 2. Foundations of Cryptography (OBJECTIVE: Understand basic cryptographic mechanisms and applications) Introduction, Basic concepts in cryptography: Overview, Types of Security, computational hardness, Abstraction of channel security properties, Symmetric encryption, Hash functions, Message authentication codes, Public-key distribution, Public-key cryptosystems, Digital signatures, Application case studies, Comparison of encryption at different layers, VPN, SSL, Digital payment systems, blind signatures, e-cash, Time stamping 3. Key Management and Public-key Infrastructures (OBJECTIVE: Understand the basic mechanisms relevant in an Internet context) Key management in distributed systems, Exact characterization of requirements, the role of trust, Public-key Certificates, Public-key Infrastructures, Digital evidence and non-repudiation, Application case studies, Kerberos, X.509, PGP. 4. Security Protocols (OBJECTIVE: Understand network-oriented security, i.e.. how to employ building blocks to secure applications in (open) networks) Introduction, Requirements/properties, Establishing shared secrets, Principal and message origin authentication, Environmental assumptions, Dolev-Yao intruder model and variants, Illustrative examples, Formal models and reasoning, Trace-based interleaving semantics, Inductive verification, or model-checking for falsification, Techniques for protocol design, Application case study 1: from Needham-Schroeder Shared-Key to Kerberos, Application case study 2: from DH to IKE. 5. Access Control and Security Policies (OBJECTIVES: Study system-oriented security, i.e., policies, models, and mechanisms) Motivation (relationship to CIA, relationship to Crypto) and examples Concepts: policies versus models versus mechanisms, DAC and MAC, Modeling formalism, Access Control Matrix Model, Roll Based Access Control, Bell-LaPadula, Harrison-Ruzzo-Ullmann, Information flow, Chinese Wall, Biba, Clark-Wilson, System mechanisms: Operating Systems, Hardware Security Features, Reference Monitors, File-system protection, Application case studies 6. Anonymity and Privacy (OBJECTIVE: examine protection goals beyond standard CIA and corresponding mechanisms) Motivation and Definitions, Privacy, policies and policy languages, mechanisms, problems, Anonymity: simple mechanisms (pseudonyms, proxies), Application case studies: mix networks and crowds. 7. Larger application case study: GSM, mobility | ||||

364-1058-00L | Risk Center Seminar Series Number of participants limited to 50. | 0 credits | 2S | A. Bommier, D. Basin, D. N. Bresch, L.‑E. Cederman, P. Cheridito, P. Embrechts, H. Gersbach, H. R. Heinimann, M. Larsson, W. Mimra, G. Sansavini, F. Schweitzer, D. Sornette, B. Stojadinovic, B. Sudret, U. A. Weidmann, S. Wiemer, M. Zeilinger, R. Zenklusen | |

Abstract | This course is a mixture between a seminar primarily for PhD and postdoc students and a colloquium involving invited speakers. It consists of presentations and subsequent discussions in the area of modeling and governing complex socio-economic systems, and managing risks and crises. Students and other guests are welcome. | ||||

Objective | Participants should learn to get an overview of the state of the art in the field, to present it in a well understandable way to an interdisciplinary scientific audience, to develop novel mathematical models and approaches for open problems, to analyze them with computers or other means, and to defend their results in response to critical questions. In essence, participants should improve their scientific skills and learn to work scientifically on an internationally competitive level. | ||||

Content | This course is a mixture between a seminar primarily for PhD and postdoc students and a colloquium involving invited speakers. It consists of presentations and subsequent discussions in the area of modeling complex socio-economic systems and crises. For details of the program see the webpage of the seminar. Students and other guests are welcome. | ||||

Lecture notes | There is no script, but the sessions will be recorded and be made available. Transparencies of the presentations may be put on the course webpage. | ||||

Literature | Literature will be provided by the speakers in their respective presentations. | ||||

Prerequisites / Notice | Participants should have relatively good scientific, in particular mathematical skills and some experience of how scientific work is performed. |