Information Security Group

Search

en

Formal Methods for Information Security

Spring Semester 2015 (263-4600-00L)

Overview

Lecturers and Tutors:
Dr. Mohammad Torabi Dashti, Dr. Sasa Radomirovic

Lectures:
Thursday 9-11am, CAB G 57

Exercises:
Thursday 11-12am, CAB G 57

Credits: 4 ECTS (2V + 1U)

Homework:
optional, but strongly recommended

Exams:
Wednesday, 19 August 2015. Oral exam (session examination)

Language: English

Announcements

  • The oral exams will take place on Wednesday, 19 August 2015.
  • The first lecture takes place on 19 Feb 2015. There is no exercise session on the first day of the course.

Description

The lecture treats formal methods for the modelling and analysis of security-critical systems.

The first  part of the lecture focuses on access control policies in centralized and distributed settings. Access control policies are an integral part of modern Internet services; examples include single sign-on endpoints, distributed trust management in social Websites, and peer-to-peer networks. The lectures cover the formal foundations of authorization systems, and their applications to the synthesis and analysis of access control policies. We will also study a few notable existing models, such as XACML, DKAL and PBel.

The second  part of the lecture concentrates on cryptographic protocols. Cryptographic protocols (such as SSL/TLS, SSH, Kerberos, SAML single-sign on, and IPSec) form the basis for secure communication and business processes. Numerous attacks on published protocols show that the design of cryptographic protocols is extremely error-prone. A rigorous analysis of these protocols is therefore indispensable. The lecture covers the theoretical basis for the formal modeling and analysis of such protocols. Specifically, we discuss their operational semantics, the formalization of security properties, and techniques and algorithms for their verification. In addition to the classical security properties for confidentiality and authentication, we will study privacy properties and the fairness property in contract signing. The accompanying tutorials provide an opportunity to apply the theory and tools to concrete protocols.

Resources

Literature

The lecture is based mainly on various journal/conference papers, but see also (all available at the library):

  • Benedikt Schmidt, "external pageFormal analysis of key exchange protocols and physical protocols", 2012
  • Cremers and Mauw, "Operational semantics and verification of security protocols", 2013
  • Boyd, "Protocols for authentication and key establishment", 2003
  • Bella, "Formal correctness of security protocols", 2007
  • Ryan and Schneider, "The modeling and analysis of security protocols", 2001
  • Vanstone, van Oorschot and Menezes, "Handbook of applied cryptography", 1997

Course Material

The lecture notes, exercises, slides, and other resources are available in our protected pagesecured area.

JavaScript has been disabled in your browser