Formal Methods for Information Security

Overview

Lecturers and Tutors:
Dr. Cas Cremers, Dr. Mohammad Torabi Dashti

Lectures:
Thursday 9-11, CAB G 57

Exercises:
Thursday 11-12, CAB G 57

Credits: 4 ECTS (2V + 1U)

Homework:
optional, but strongly recommended

Exams:
oral exam (session examination)

Language:
English

Announcements

• The oral exam will take place on 23 and 26 August. The schedule is available.
  
• The first lecture is on Feb 21, 2013. There is no tutorial on that day.

Description

The lecture treats formal and cryptographic methods for the modeling and analysis of security-critical systems.

The first part of the lecture concentrates on cryptographic protocols. Cryptographic protocols such as SSL/TLS, SSH, Kerberos, SAML single-sign on, and IPSec, form the basis for secure communication and business processes. Numerous attacks on published protocols show that the design of these protocols is extremely error-prone. A rigorous analysis of these protocols is therefore indispensable. The lecture covers the theoretical basis for the formal analysis of such protocols and the theory underlying selected tools. The accompanying tutorials provide an opportunity to apply the theory and tools to concrete protocols.

The second part of the lecture focuses on access control policies in centralized and distributed settings. Access control policies are an integral part of modern Internet services; examples include single sign-on endpoints, distributed trust management in social Websites, and peer-to-peer networks. The lectures cover the formal foundations of authorization systems, and their applications to the synthesis and analysis of access control policies. We will also study a few notable existing models, such as XACML, DKAL and PBel.

Course Material

The slides of the lecture, the exercise sheets, and other resources are available in the secured zone.