News
New Scheduling for Re-examWritten on 05.04.24 by Xaver Fabian Dear students, due to to a scheduling conflict we needed to move the re-exam slots up by 2 hours. For example, 9 AM would be 11 AM now. Sorry for the inconvenience.
Cheers,
|
Re-Exam TimeslotsWritten on 04.04.24 by Xaver Fabian Dear students,
based on the information provided we created a time schedule and created another note. This should be visible to you on your personal status. Please be there 5 minutes before your timeslot and bring your student ID. If you have any questions feel free to send me a… Read more Dear students,
based on the information provided we created a time schedule and created another note. This should be visible to you on your personal status. Please be there 5 minutes before your timeslot and bring your student ID. If you have any questions feel free to send me a mail. Cheers,
|
Re-exam SchedulingWritten on 28.03.24 by Xaver Fabian Dear students, please do not forget to register in LSF if you want to take the Re-exam. To make scheduling easier for us, we would like to ask you if you want to take both parts of the oral exam (SysV and IFC). Therefore, we added another note Re-exam Parts. Please add SysV and IFC if you… Read more Dear students, please do not forget to register in LSF if you want to take the Re-exam. To make scheduling easier for us, we would like to ask you if you want to take both parts of the oral exam (SysV and IFC). Therefore, we added another note Re-exam Parts. Please add SysV and IFC if you want to take the oral exam for both parts and only SysV or IFC if you only want to take the oral exam in one of the two parts. Using this information, we will provide a time schedule for the Re-exam. You have time to fill this out until Monday 1st of April 11 AM.
Cheers,
|
Date of Re-examWritten on 14.03.24 by Xaver Fabian Dear students, we moved the re-exam to 8.04.24 at 0.01 in E 9.1 (CISPA Main Building). You will be able to register after we have entered the grades. This will be done after the Proto project is finished. After the grades are entered we will publish a note for the Oral Exam slot, similar to… Read more Dear students, we moved the re-exam to 8.04.24 at 0.01 in E 9.1 (CISPA Main Building). You will be able to register after we have entered the grades. This will be done after the Proto project is finished. After the grades are entered we will publish a note for the Oral Exam slot, similar to the main exam.
Cheers, Xaver |
Reschedule of Re-examWritten on 29.02.24 by Xaver Fabian Dear students, due to scheduling issues, we need to move the re-exam to a later date. We want to move it to the 8th of April. If you plan to take the re-exam and have a solid reason why this date is not possible for you, please email me by Monday 4.03.24, at 11 AM.
Cheers, Xaver |
Oral Exam PointsWritten on 20.02.24 by Xaver Fabian Dear students,
the points for the oral exam are now out.
Cheers,
Xaver |
Oral ExamWritten on 15.02.24 by Xaver Fabian Dear students, we published the timeslots for the oral exam. You can find them on your personal page. Please be there 5 minutes before the start of your time slot. The oral exam will be in room 0.01 in E9.1 (CISPA Main Building). Please bring your student ID and a document to identify… Read more Dear students, we published the timeslots for the oral exam. You can find them on your personal page. Please be there 5 minutes before the start of your time slot. The oral exam will be in room 0.01 in E9.1 (CISPA Main Building). Please bring your student ID and a document to identify yourself (e.g. ID card).
See you then!
Xaver
|
Points 3rd Assignment and Reschedule of joined Q&AWritten on 13.02.24 by Xaver Fabian Dear students, the points for the 3rd exercise sheet are out. Furthermore, we decided to move the joined Q&A to Friday 16.02.24 at 10 AM sharp. The updated zoom link can be found here.
See you on Friday,
Xaver |
Joined Q&A for SysV and IFCWritten on 12.02.24 by Xaver Fabian Dear students, we will have a joined Q&A session for the SysV and IFC part on Wednesday 14.02.24 at 10 AM via zoom. The zoom room can be found here.
Cheers,
Xaver |
2nd Submission and last LectureWritten on 07.02.24 by Xaver Fabian Dear students, the points for the 2nd exercise sheet are uploaded. If you have any questions, feel free to write me an email or ask in the askbot. We will discuss the exercise sheet in the next Q&A as well. Furthermore, the last lecture tomorrow 8.02.24 will only be remote via… Read more Dear students, the points for the 2nd exercise sheet are uploaded. If you have any questions, feel free to write me an email or ask in the askbot. We will discuss the exercise sheet in the next Q&A as well. Furthermore, the last lecture tomorrow 8.02.24 will only be remote via zoom.
Cheers, Xaver |
Deadline Extension Assignment 1 and 2nd Lecture remoteWritten on 24.01.24 by Xaver Fabian Dear students, since multiple students have asked, we have decided to extend the first IFC assignment sheet deadline to the 29th of January at 1 PM. Dear students, since multiple students have asked, we have decided to extend the first IFC assignment sheet deadline to the 29th of January at 1 PM.
Xaver |
No Lecture on 18.01Written on 17.01.24 by Xaver Fabian Dear students, as mentioned in the lecture last week, there will be no lecture tomorrow because I am at a conference. See you next week for the Q&A on Monday via Zoom and the lecture on Thursday in person! Cheers, Xaver |
EvaluationWritten on 12.01.24 by Xaver Fabian Dear students, please evaluate the lecture and the Q&A. The deadline is January 31, but please do it sooner rather than later. I share the link again in the next lecture on the 25th. Cheers,
|
IFC Ex1Written on 11.01.24 by Xaver Fabian Dear students, the first exercise sheet, the slides and the recording are now available.
Cheers,
|
First IFC Lecture only Remote via ZoomWritten on 09.01.24 by Xaver Fabian Hello everyone, due to the general train strike, I can't commute to Saarbrücken. Therefore, the first lecture will be only remote via zoom. The zoom link is the same as usual.
Best, |
PROTO projectWritten on 09.01.24 by Faezeh Nasrabdi Dear Students, I have granted access to the repository https://cms-gitlab.cispa.de/kuennemann/fms2023-proto-proj/ for the students who have selected the protocol they wish to work on for their PROTO projects. If any of you have not yet chosen your desired protocol but would like to do so in the… Read more Dear Students, I have granted access to the repository https://cms-gitlab.cispa.de/kuennemann/fms2023-proto-proj/ for the students who have selected the protocol they wish to work on for their PROTO projects. If any of you have not yet chosen your desired protocol but would like to do so in the future, I will provide access to you as soon as you make your selection. Best regards, Faezeh |
Exam registration is now possibleWritten on 03.01.24 by Faezeh Nasrabdi Dear Students, You can now register in the LSF for the end-term exam. Kind regards and a Happy New Year :) Faezeh |
IFC lecture start: 11th of JanuaryWritten on 23.12.23 by Xaver Fabian Hey folks, the first IFC lecture will be on the 11th of January (instead of the 4th) giving you a two-week break. Don't forget the last Q&A session on the 8th for the PROTO part.
Happy Holidays! |
Exam registration not yet possibleWritten on 21.12.23 by Robert Künnemann Hi! Thanks for those that reported to us that exam registration is currently not possible. We talked to the examination office to resolve this issue, but due to the season, this they might take until January. Faezeh will inform you when it is possible to register. We requested the following slots,… Read more Hi! Thanks for those that reported to us that exam registration is currently not possible. We talked to the examination office to resolve this issue, but due to the season, this they might take until January. Faezeh will inform you when it is possible to register. We requested the following slots, which *should* go through, as we are using the CISPA premises, but the definite conformation will be in the LSF. Time: 19. Feb 2024 at 09:00 to 17:00, CET, Room: 0.01 in E9.1 (CISPA Main Building)
Time: 18. Mar 2024 at 09:00 to 17:00, CET Room: 0.01 in E9.1 (CISPA Main Building)
NOTE: This is not a single eight hour exam (oh dear) but the time-frame for individual oral examinations. |
Exercise sheet 3Written on 15.12.23 by Faezeh Nasrabdi Dear all, Due a few requests, we have extended the deadline for the submission of exercise for the lecture 3 until tomorrow evening. Best, Faezeh |
PROTO1 recording online / I was in the wrong room!Written on 01.12.23 by Robert Künnemann Hi! While uploading the recording for yesterdays lecture, I noticed that I had mistakingly entered the Q&A channel instead of the one for the lecture. I am so sorry! That's why there was noone else in there.... Please excuse this mistake, there are many things to setup (and consequently miss… Read more Hi! While uploading the recording for yesterdays lecture, I noticed that I had mistakingly entered the Q&A channel instead of the one for the lecture. I am so sorry! That's why there was noone else in there.... Please excuse this mistake, there are many things to setup (and consequently miss configure) in hybrid mode. At least the recording is complete. Moreover, the lecture script is up, too, with some syntacting simplifications in the latest revision. Cheers, Robert |
Postponing the QA sessionWritten on 27.11.23 by Hamed Nemati Due to some technical problems, I have to cancel the QA session today and postpone it to tomorrow at 16. If it doesn’t work for you. I will aslo be present in the next week QA session to answer your questions. We apologise for the inconvenience. |
Q&A Schedule UpdateWritten on 27.11.23 by Faezeh Nasrabdi Dear all, The question and answer session will be held today via zoom. Best, |
PROTO1 in hybrid modeWritten on 24.11.23 by Robert Künnemann Hi! With the SYS part concluded, we move on to the PROTO part. The next four lectures will take place in CISPA E9.1, room 0.02 again, like the intro lecture. Of course, we will also set up zoom at the usual URL. I've put up the full lecture script for PROTO part in the material's section. Feel… Read more Hi! With the SYS part concluded, we move on to the PROTO part. The next four lectures will take place in CISPA E9.1, room 0.02 again, like the intro lecture. Of course, we will also set up zoom at the usual URL. I've put up the full lecture script for PROTO part in the material's section. Feel free to read ahead and think about questions for the lecture (if you want), but wait for questions in askbot until we covered that chapter in the lecture (one chapter = one lecture). See you, Robert |
Exercise sheet 1Written on 17.11.23 by Hamed Nemati Due a few requests, we have extended the deadline for the submission of exercise for the lecture 1 until tomorrow evening. |
SysV's Third LectureWritten on 15.11.23 by Faezeh Nasrabdi Dear all, You can find the recorded lecture and slides for the third lecture of SysV on its page. Best, |
Q&A Schedule UpdateWritten on 13.11.23 by Faezeh Nasrabdi Dear all, The question and answer session will be held today at 16:30 instead of 16:00. Best, |
SysV's second lecture via zoomWritten on 09.11.23 by Faezeh Nasrabdi Dear all, The SysV's second lecture will start in about 5 minutes via zoom. Best, |
SysV's Second LectureWritten on 08.11.23 by Faezeh Nasrabdi Dear all, You can find the recorded lecture and slides for the second lecture of SysV on its page. Best, |
SysV's Lectures Schedule UpdateWritten on 02.11.23 (last change on 02.11.23) by Faezeh Nasrabdi Dear all, Hamed will give the next lectures for this part of the course (SysV) via zoom. Therefore, there will be no in-person class on the following dates: Best, |
SysV's first lectureWritten on 02.11.23 by Faezeh Nasrabdi Dear all, You can find the recorded lecture, slides, notes on formalization of noninterference and the first assignment on SysV page. Best, |
Despite decades of research in computer security, security vulnerabilities still plague computer systems with an ever-growing number of new vulnerabilities discovered every day. How can we ensure that computer systems are really secure? Formal methods offer a promising approach towards this goal: they can guarantee the absence of specific security vulnerabilities with mathematical certainty and therefore help us develop mode reliable systems.
In this course, we will study how formal methods can be applied to verify that the design and implementation of computer systems respect their intended security policies. The course is structured in three independent parts, which focus on specific techniques for different domains: language-based information-flow control, security protocols, and system-level verification. As a whole, the course will give you hands-on experience in reasoning about security at different layers of abstraction through established principled techniques and a broad introduction to state-of-the-art research in the area.
Topics and Instructors
-
Introductory Lecture (26 October 2023)
We'll give an overview of the three parts. Robert will give it live while Hamed and Xaver will use Zoom (find the zoom link in the calendar entry, calendar link is below -- not in the CMS timetable).
- Proof techniques for system verification (Hamed Nemati & Faezeh Nasrabadi)
The main goal of the first part of the course main goal is to show you how we should approach verification of large scale systems like micro-kernels and hypervisors. This is a very challenging task in practice. We will study abstraction, decomposition and refinement as techniques that usually used in practice to facilitate verification of such systems. Finally, in our last lecture we see how we can combine fuzzing and formal verification to validate systems that their verification is not feasible in practice.
-
Protocol Verification (Robert Künnemann)
Protocol verification assumes that the cryptography is perfect and tries to ensure that they are used correctly. It is not about defending against super smart mathematicians exploiting biases in key streams, but equally smart hackers confusing one party about the state of another party.We will discuss how to get from the Alice-bob notation to a minimalistic, precise specification of the protocol and its setuphow to formulate our security requirements and how to verify that these requirements hold, using tools that have by now reached an impressive degree of automation. -
Language-based Information-Flow Control (Xaver Fabian)
In the last part of the course, we will study information-flow control techniques that track how data flows in a program to enforce data confidentiality and integrity. We will discuss both static and dynamic IFC techniques based on security type systems and taint tracking, as well as techniques that track data flows in a program at a different granularity (for example per program variable or per program block). Finally, we will see how programming languages principles can be applied to formally verify that these techniques enforce security. Basic knowledge of programming languages theory is preferred, but not required.
Organization
Registration: open now! (Once you are registered here, don't forget to register in the LSF.)
When: Thu 14h-16h (official starting time is 14:15)
Where: 0.02 in E9.1 (Cispa Main Building) (all links also appear in the calendar events)
- Zoom (for all classes): https://cispa-de.zoom-x.de/j/63805152014?pwd=aHgwcldETGJCL3pCM3dqZmJCUWRiZz09
Calendar & Lecture plan: link (Click "..." next to calendar for subscription link for your favorite application).
Mode:
- SYSV (Hamed & Faezeh): live lectures on Thursday 14-16
- PROTO (ROBERT): live lectures on Thursday 14-16
- IFC (Xaver): live lectures on Thursday 14-16
Q&A sessions: (all information also appears in the calendar events)
When: Mon 16h-18h (sharp) starting from 06.11.2023 (Exception: we start at 16:30 on 13.11.2023 and 20.11.2023)
Where: 0.05 in E9.1 (Cispa Main Building) (Exception: it will be at room 3.21 in E9.1 on 20.11.2023 and it will be via zoom on 27.11.2023)
- Zoom (for all classes): https://cispa-de.zoom-x.de/j/64869899419?pwd=Z1Q2RHVSY1cyK2xZNEwxQ01SbTZwQT09
Exam requirements: three exercise sheets per part, 50% of total points, work in groups allowed
Exam: two oral exams (first and third part), and one project (second part). Passing requirement is >4.0 on two of the three.
Final Exam (time and room):
- Time: 19. Feb 2024 at 09:00 to 17:00, CET
- Room: 0.01 in E9.1 (CISPA Main Building)
Re-Exam (time and room):
- Time: 08 April 2024 at 09:00 to 17:00, CET
- Room: 0.01 in E9.1 (CISPA Main Building)
Course Goals
-
Understand the challenges of some open problems in computer security
-
Learn state-of-the-art techniques to address these problems and how to apply them (as a programmer, protocol designer, web developer etc.)
-
By-product: a taxonomy of where things can go wrong in security on different layers
Learning Objectives
After the course, students will be able to:
-
Understand fundamental concepts in verification.
-
Learn how to use formal techniques to find vulnerabilities in low-level systems.
-
Gain knowledge to be able to read and understand papers in system verification.
-
Model protocols and cryptographic assumptions in the applied-pi calculus.
-
Express authentication and secrecy properties via correspondence and reachability.
-
Exploit automated tools to verify protocols.
-
Apply Information-Flow Control (IFC) techniques to the design of secure programming languages.
-
Analyze the security guarantees of IFC languages through programming languages principles.
-
Discuss problems, solutions, and open challenges presented in IFC research papers.
Target Audience
Mainly M.Sc students and interested graduate students. Interested and motivated B.Sc students should contact us and argue that (a) they are particularly interested and (b) they have the necessary background in logical reasoning to follow the course.