Suchergebnis: Katalogdaten im Frühjahrssemester 2019

Informatik Master Information
Vertiefungsfächer
Vertiefung in Information Security
Kernfächer der Vertiefung in Information Security
NummerTitelTypECTSUmfangDozierende
252-0407-00LCryptography Foundations Information
Takes place the last time in this form.
W7 KP3V + 2U + 1AU. Maurer
KurzbeschreibungFundamentals and applications of cryptography. Cryptography as a mathematical discipline: reductions, constructive cryptography paradigm, security proofs. The discussed primitives include cryptographic functions, pseudo-randomness, symmetric encryption and authentication, public-key encryption, key agreement, and digital signature schemes. Selected cryptanalytic techniques.
LernzielThe goals are:
(1) understand the basic theoretical concepts and scientific thinking in cryptography;
(2) understand and apply some core cryptographic techniques and security proof methods;
(3) be prepared and motivated to access the scientific literature and attend specialized courses in cryptography.
InhaltSee course description.
Skriptyes.
Voraussetzungen / BesonderesFamiliarity with the basic cryptographic concepts as treated for
example in the course "Information Security" is required but can
in principle also be acquired in parallel to attending the course.
Wahlfächer der Vertiefung in Information Security
NummerTitelTypECTSUmfangDozierende
252-0408-00LCryptographic Protocols Information W5 KP2V + 2UM. Hirt, U. Maurer
KurzbeschreibungThe course presents a selection of hot research topics in cryptography. The choice of topics varies and may include provable security, interactive proofs, zero-knowledge protocols, secret sharing, secure multi-party computation, e-voting, etc.
LernzielIndroduction to a very active research area with many gems and paradoxical
results. Spark interest in fundamental problems.
InhaltThe course presents a selection of hot research topics in cryptography. The choice of topics varies and may include provable security, interactive proofs, zero-knowledge protocols, secret sharing, secure multi-party computation, e-voting, etc.
Skriptthe lecture notes are in German, but they are not required as the entire
course material is documented also in other course material (in english).
Voraussetzungen / BesonderesA basic understanding of fundamental cryptographic concepts
(as taught for example in the course Information Security or
in the course Cryptography Foundations) is useful, but not required.
263-2925-00LProgram Analysis for System Security and Reliability Information W5 KP2V + 1U + 1AM. Vechev
KurzbeschreibungSecurity breaches in modern systems (blockchains, datacenters, AI, etc.) result in billions of losses. We will cover key security issues and how the latest automated techniques can be used to prevent these. The course has a practical focus, also covering systems built by successful ETH Spin-offs (ChainSecurity.com and DeepCode.ai).

More info: https://www.sri.inf.ethz.ch/teaching/pass2019
Lernziel* Learn about security issues in modern systems -- blockchains, smart contracts, AI-based systems (e.g., autonomous cars), data centers -- and why they are challenging to address.

* Understand how the latest automated analysis techniques work, both discrete and probabilistic.

* Understand how these techniques combine with machine-learning methods, both supervised and unsupervised.

* Understand how to use these methods to build reliable and secure modern systems.

* Learn about new open problems that if solved can lead to research and commercial impact.
InhaltPart I: Security of Blockchains

- We will cover existing blockchains (e.g., Ethereum, Bitcoin), how they work, what the core security issues are, and how these have led to massive financial losses.
- We will show how to extract useful information about smart contracts and transactions using interactive analysis frameworks for querying blockchains (e.g. Google's Ethereum BigQuery).
- We will discuss the state-of-the-art security tools (e.g., https://securify.ch) for ensuring that smart contracts are free of security vulnerabilities.
- We will study the latest automated reasoning systems (e.g., Dagger) for checking custom (temporal) properties of smart contracts and illustrate their operation on real-world use cases.
- We will study the underlying methods for automated reasoning and testing (e.g., abstract interpretation, symbolic execution, fuzzing) are used to build such tools.

Part II: Machine Learning for Security

- We will discuss how machine learning models for structured prediction are used to address security tasks, including de-obfuscation of binaries (Debin: https://debin.ai), Android APKs (DeGuard: http://apk-deguard.com) and JavaScript (JSNice: http://jsnice.org).
- We will study to leverage program abstractions in combination with clustering techniques to learn security rules for cryptography APIs from large codebases.
- We will study how to automatically learn to identify security vulnerabilities related to the handling of untrusted inputs (cross-Site scripting, SQL injection, path traversal, remote code execution) from large codebases.

Part III: Security of Datacenters and Networks

- We will show how to ensure that datacenters and ISPs are secured using declarative reasoning methods (e.g., Datalog). We will also see how to automatically synthesize secure configurations (e.g. using SyNET and NetComplete) which lead to desirable behaviors, thus automating the job of the network operator and avoiding critical errors.
- We will discuss how to apply modern discrete probabilistic inference (e.g., PSI and Bayonet) so to reason about probabilistic network properties (e.g., the probability of a packet reaching a destination if links fail).

Part IV: Security of AI-based Systems

- We will look into the security issues related to modern systems that combine machine learning models (e.g., neural networks) within traditional systems such as cars, airplanes, and medical systems.
- We will learn state-of-the-art techniques for security testing and certifying entire AI-based systems, such as autonomous driving systems.

To gain a deeper understanding, the course will involve a hands-on programming project where the methods studied in the class will be applied.
263-4600-00LFormal Methods for Information Security Information W4 KP2V + 1UR. Sasse, C. Sprenger
KurzbeschreibungThe course focuses on formal methods for the modelling and analysis of security protocols for critical systems, ranging from authentication protocols for network security to electronic voting protocols and online banking.
LernzielThe students will learn the key ideas and theoretical foundations of formal modelling and analysis of security protocols. The students will complement their theoretical knowledge by solving practical exercises, completing a small project, and using state-of-the-art tools.
InhaltThe course treats formal methods mainly for the modelling and analysis of security protocols. Cryptographic protocols (such as SSL/TLS, SSH, Kerberos, SAML single-sign on, and IPSec) form the basis for secure communication and business processes. Numerous attacks on published protocols show that the design of cryptographic protocols is extremely error-prone. A rigorous analysis of these protocols is therefore indispensable, and manual analysis is insufficient. The lectures cover the theoretical basis for the (tool-supported) formal modeling and analysis of such protocols. Specifically, we discuss their operational semantics, the formalization of security properties, and techniques and algorithms for their verification.

In addition to the classical security properties for confidentiality and authentication, we will study strong secrecy and privacy properties. We will discuss electronic voting protocols, and RFID protocols (a staple of the Internet of Things), where these properties are central. The accompanying tutorials provide an opportunity to apply the theory and tools to concrete protocols. Moreover, we will discuss methods to abstract and refine security protocols and the link between symbolic protocol models and cryptographic models.

Furthermore, we will also present a security notion for general systems based on non-interference as well as language-based information flow security where non-interference is enforced via a type system.
263-4630-00LComputer-Aided Modelling and Reasoning Information
In the Master Programme max. 10 credits can be accounted by Labs on top of the Interfocus Courses. Additional Labs will be listed on the Addendum.
W8 KP7PC. Sprenger, D. Traytel
KurzbeschreibungThe "computer-aided modelling and reasoning" lab is a hands-on course about using an interactive theorem prover to construct formal models of algorithms, protocols, and programming languages and to reason about their properties. The lab has two parts: The first introduces various modelling and proof techniques. The second part consists of a project in which the students apply these techniques
LernzielThe students learn to effectively use a theorem prover to create unambiguous models and rigorously analyse them. They learn how to write precise and concise specifications, to exploit the theorem prover as a tool for checking and analysing such models and for taming their complexity, and to extract certified executable implementations from such specifications.
InhaltThe "computer-aided modelling and reasoning" lab is a hands-on course about using an interactive theorem prover to construct formal models of algorithms, protocols, and programming languages and to reason about their properties. The focus is on applying logical methods to concrete problems supported by a theorem prover. The course will demonstrate the challenges of formal rigor, but also the benefits of machine support in modelling, proving and validating.

The lab will have two parts: The first part introduces basic and advanced modelling techniques (functional programs, inductive definitions, modules), the associated proof techniques (term rewriting, resolution, induction, proof automation), and compilation of the models to certified executable code. In the second part, the students work in teams of two on a project assignment in which they apply these techniques: they build a formal model and prove its desired properties. The project lies in the area of programming languages, model checking, or information security.
LiteraturTextbook: Tobias Nipkow, Gerwin Klein. Concrete Semantics, part 1 (www.concrete-semantics.org)
Seminar in Information Security
NummerTitelTypECTSUmfangDozierende
263-2930-00LBlockchain Security Seminar Information Belegung eingeschränkt - Details anzeigen
Number of participants limited to 22.

The deadline for deregistering expires at the end of the second week of the semester. Students who are still registered after that date, but do not attend the seminar, will officially fail the seminar.
W2 KP2SM. Vechev, D. Drachsler Cohen, P. Tsankov
KurzbeschreibungThis seminar introduces students to the latest research trends in the field of blockchains.
LernzielThe objectives of this seminar are twofold: (1) learning about the blockchain platform, a prominent technology receiving a lot of attention in computer Science and economy and (2) learning to convey and present complex and technical concepts in simple terms, and in particular identifying the core idea underlying the technicalities.
InhaltThis seminar introduces students to the latest research trends in the field of blockchains. The seminar covers the basics of blockchain technology, including motivation for decentralized currency, establishing trust between multiple parties using consensus algorithms, and smart contracts as a means to establish decentralized computation. It also covers security issues arising in blockchains and smart contracts as well as automated techniques for detecting vulnerabilities using programming language techniques.
  •  Seite  1  von  1