263-4600-00L  Formal Methods for Information Security

SemesterFrühjahrssemester 2020
DozierendeR. Sasse, C. Sprenger
Periodizitätjährlich wiederkehrende Veranstaltung
LehrspracheEnglisch



Lehrveranstaltungen

NummerTitelUmfangDozierende
263-4600-00 VFormal Methods for Information Security2 Std.
Do09:15-11:00CAB G 52 »
R. Sasse, C. Sprenger
263-4600-00 UFormal Methods for Information Security1 Std.
Do11:15-12:00CAB G 52 »
R. Sasse, C. Sprenger
263-4600-00 AFormal Methods for Information Security1 Std.R. Sasse, C. Sprenger

Katalogdaten

KurzbeschreibungThe course focuses on formal methods for the modelling and analysis of security protocols for critical systems, ranging from authentication protocols for network security to electronic voting protocols and online banking.
LernzielThe students will learn the key ideas and theoretical foundations of formal modelling and analysis of security protocols. The students will complement their theoretical knowledge by solving practical exercises, completing a small project, and using state-of-the-art tools.
InhaltThe course treats formal methods mainly for the modelling and analysis of security protocols. Cryptographic protocols (such as SSL/TLS, SSH, Kerberos, SAML single-sign on, and IPSec) form the basis for secure communication and business processes. Numerous attacks on published protocols show that the design of cryptographic protocols is extremely error-prone. A rigorous analysis of these protocols is therefore indispensable, and manual analysis is insufficient. The lectures cover the theoretical basis for the (tool-supported) formal modeling and analysis of such protocols. Specifically, we discuss their operational semantics, the formalization of security properties, and techniques and algorithms for their verification.

In addition to the classical security properties for confidentiality and authentication, we will study strong secrecy and privacy properties. We will discuss electronic voting protocols, and RFID protocols (a staple of the Internet of Things), where these properties are central. The accompanying tutorials provide an opportunity to apply the theory and tools to concrete protocols. Moreover, we will discuss methods to abstract and refine security protocols and the link between symbolic protocol models and cryptographic models.

Furthermore, we will also present a security notion for general systems based on non-interference as well as language-based information flow security where non-interference is enforced via a type system.

Leistungskontrolle

Information zur Leistungskontrolle (gültig bis die Lerneinheit neu gelesen wird)
Leistungskontrolle als Semesterkurs
ECTS Kreditpunkte5 KP
PrüfendeC. Sprenger, R. Sasse
FormSessionsprüfung
PrüfungsspracheEnglisch
RepetitionDie Leistungskontrolle wird nur in der Session nach der Lerneinheit angeboten. Die Repetition ist nur nach erneuter Belegung möglich.
Prüfungsmodusmündlich 25 Minuten
Zusatzinformation zum PrüfungsmodusThe grade is determined by a project [20%] and the final oral exam [80%]. The compulsory project will be worked on by teams of two students. It will start in week 4 and must be completed by the end of the semester.
Diese Angaben können noch zu Semesterbeginn aktualisiert werden; verbindlich sind die Angaben auf dem Prüfungsplan.

Lernmaterialien

 
HauptlinkFormal Methods for Information Security
Es werden nur die öffentlichen Lernmaterialien aufgeführt.

Gruppen

Keine Informationen zu Gruppen vorhanden.

Einschränkungen

Keine zusätzlichen Belegungseinschränkungen vorhanden.

Angeboten in

StudiengangBereichTyp
CAS in InformatikFokusfächer und WahlfächerWInformation
Cyber Security MasterWahlfächerWInformation
DAS in Cyber SecurityWahlfächerWInformation
Informatik MasterWahlfächer der Vertiefung in Information SecurityWInformation
Informatik MasterWahlfächer der Vertiefung General StudiesWInformation