263-2925-00L  Program Analysis for System Security and Reliability

SemesterFrühjahrssemester 2020
DozierendeP. Tsankov
Periodizitätjährlich wiederkehrende Veranstaltung
LehrspracheEnglisch



Lehrveranstaltungen

NummerTitelUmfangDozierende
263-2925-00 VProgram Analysis for System Security and Reliability2 Std.
Mo14:00-16:00ER SA TZ »
14:15-16:00CAB G 61 »
P. Tsankov
263-2925-00 UProgram Analysis for System Security and Reliability1 Std.
Di15:00-16:00ER SA TZ »
15:15-16:00CAB G 61 »
P. Tsankov
263-2925-00 AProgram Analysis for System Security and Reliability2 Std.P. Tsankov

Katalogdaten

KurzbeschreibungSecurity issues in modern systems (blockchains, datacenters, AI) result in billions of losses due to hacks. This course introduces the security issues in modern systems and state-of-the-art automated techniques for building secure and reliable systems. The course has a practical focus and covers systems built by successful ETH spin-offs.
Lernziel* Learn about security issues in modern systems -- blockchains, smart contracts, AI-based systems (e.g., autonomous cars), data centers -- and why they are challenging to address.

* Understand how the latest automated analysis techniques work, both discrete and probabilistic.

* Understand how these techniques combine with machine-learning methods, both supervised and unsupervised.

* Understand how to use these methods to build reliable and secure modern systems.

* Learn about new open problems that if solved can lead to research and commercial impact.
InhaltPart I: Security of Blockchains

- We will cover existing blockchains (e.g., Ethereum, Bitcoin), how they work, what the core security issues are, and how these have led to massive financial losses.
- We will show how to extract useful information about smart contracts and transactions using interactive analysis frameworks for querying blockchains (e.g. Google's Ethereum BigQuery).
- We will discuss the state-of-the-art security tools (e.g., Link) for ensuring that smart contracts are free of security vulnerabilities.
- We will study the latest automated reasoning systems (e.g., Link) for checking custom (temporal) properties of smart contracts and illustrate their operation on real-world use cases.
- We will study the underlying methods for automated reasoning and testing (e.g., abstract interpretation, symbolic execution, fuzzing) are used to build such tools.


Part II: Security of Datacenters and Networks

- We will show how to ensure that datacenters and ISPs are secured using declarative reasoning methods (e.g., Datalog). We will also see how to automatically synthesize secure configurations (e.g. using SyNET and NetComplete) which lead to desirable behaviors, thus automating the job of the network operator and avoiding critical errors.
- We will discuss how to apply modern discrete probabilistic inference (e.g., PSI and Bayonet) so to reason about probabilistic network properties (e.g., the probability of a packet reaching a destination if links fail).


Part III: Machine Learning for Security

- We will discuss how machine learning models for structured prediction are used to address security tasks, including de-obfuscation of binaries (Debin: Link), Android APKs (DeGuard: Link) and JavaScript (JSNice: Link).
- We will study to leverage program abstractions in combination with clustering techniques to learn security rules for cryptography APIs from large codebases.
- We will study how to automatically learn to identify security vulnerabilities related to the handling of untrusted inputs (cross-Site scripting, SQL injection, path traversal, remote code execution) from large codebases.


To gain a deeper understanding, the course will involve a hands-on programming project where the methods studied in the class will be applied.

Leistungskontrolle

Information zur Leistungskontrolle (gültig bis die Lerneinheit neu gelesen wird)
Leistungskontrolle als Semesterkurs
ECTS Kreditpunkte6 KP
PrüfendeP. Tsankov
FormSessionsprüfung
PrüfungsspracheEnglisch
RepetitionDie Leistungskontrolle wird nur in der Session nach der Lerneinheit angeboten. Die Repetition ist nur nach erneuter Belegung möglich.
Prüfungsmodusschriftlich 120 Minuten
Zusatzinformation zum Prüfungsmodus50% of the grade is determined by mandatory course projects, 50% of the grade is determined by a written 2 hr exam
Hilfsmittel schriftlichKeine
Diese Angaben können noch zu Semesterbeginn aktualisiert werden; verbindlich sind die Angaben auf dem Prüfungsplan.

Lernmaterialien

 
HauptlinkInformation
Es werden nur die öffentlichen Lernmaterialien aufgeführt.

Gruppen

Keine Informationen zu Gruppen vorhanden.

Einschränkungen

Keine zusätzlichen Belegungseinschränkungen vorhanden.

Angeboten in

StudiengangBereichTyp
CAS in InformatikFokusfächer und WahlfächerWInformation
Cyber Security MasterKernfächerWInformation
Cyber Security MasterKernfächerWInformation
Cyber Security MasterWahlfächerWInformation
Data Science MasterWählbare KernfächerWInformation
Informatik MasterKernfächer der Vertiefung in Information SystemsWInformation
Informatik MasterKernfächer der Vertiefung General StudiesWInformation
Informatik MasterKernfächer der Vertiefung in Software EngineeringWInformation
Informatik MasterWahlfächer der Vertiefung in Information SecurityWInformation