263-4600-00L  Formal Methods for Information Security

SemesterSpring Semester 2022
LecturersS. Krstic, R. Sasse, C. Sprenger
Periodicityyearly recurring course
Language of instructionEnglish



Courses

NumberTitleHoursLecturers
263-4600-00 VFormal Methods for Information Security2 hrs
Tue10:15-12:00CAB G 59 »
S. Krstic, R. Sasse, C. Sprenger
263-4600-00 UFormal Methods for Information Security1 hrs
Tue12:15-13:00CAB G 59 »
S. Krstic, R. Sasse, C. Sprenger
263-4600-00 AFormal Methods for Information Security1 hrsS. Krstic, R. Sasse, C. Sprenger

Catalogue data

AbstractThe course focuses on formal methods for the modeling and analysis of security protocols for critical systems, ranging from authentication protocols for network security to electronic voting protocols and online banking. In addition, we will also introduce the notions of non-interference and runtime monitoring.
Learning objectiveThe students will learn the key ideas and theoretical foundations of formal modeling and analysis of security protocols. The students will complement their theoretical knowledge by solving practical exercises, completing a small project, and using state-of-the-art tools. The students also learn the fundamentals of non-interference and runtime monitoring.
ContentThe course treats formal methods mainly for the modeling and analysis of security protocols. Cryptographic protocols (such as SSL/TLS, SSH, Kerberos, SAML single-sign on, and IPSec) form the basis for secure communication and business processes. Numerous attacks on published protocols show that the design of cryptographic protocols is extremely error-prone. A rigorous analysis of these protocols is therefore indispensable, and manual analysis is insufficient. The lectures cover the theoretical basis for the (tool-supported) formal modeling and analysis of such protocols. Specifically, we discuss their operational semantics, the formalization of security properties, and techniques and algorithms for their verification.

The second part of this course will cover a selection of advanced topics in security protocols such as abstraction techniques for efficient verification, secure communication with humans, the link between symbolic protocol models and cryptographic models as well as RFID protocols (a staple of the Internet of Things) and electronic voting protocols, including the relevant privacy properties.

Moreover, we will give an introduction to two additional topics: non-interference as a general notion of secure systems, both from a semantic and a programming language perspective (type system), and runtime verification/monitoring to detect violations of security policies expressed as trace properties.

Performance assessment

Performance assessment information (valid until the course unit is held again)
Performance assessment as a semester course
ECTS credits5 credits
ExaminersC. Sprenger, S. Krstic, R. Sasse
Typesession examination
Language of examinationEnglish
RepetitionThe performance assessment is only offered in the session after the course unit. Repetition only possible after re-enrolling.
Mode of examinationoral 25 minutes
Additional information on mode of examinationThe grade is determined by a project [20%] and the final oral exam [80%]. The compulsory project will be worked on by teams of two students.
This information can be updated until the beginning of the semester; information on the examination timetable is binding.

Learning materials

 
Main linkFormal Methods for Information Security -- Course Web Page
Only public learning materials are listed.

Groups

No information on groups available.

Restrictions

There are no additional restrictions for the registration.

Offered in

ProgrammeSectionType
CAS in Computer ScienceFocus Courses and ElectivesWInformation
Cyber Security MasterElectivesWInformation
DAS in Cyber SecurityElective CoursesWInformation
Computer Science MasterElective Focus Courses General StudiesWInformation
Computer Science MasterElective CoursesWInformation
Computer Science MasterMinor in Information SecurityWInformation
Computer Science MasterMinor in Programming Languages and Software EngineeringWInformation