02244
Language Based Security (Spring 2013)
The course is
taught in F2A: Mondays at 13.00 – 17.00 in room 033 building 322;
it starts February 4th 2013.
Overview: The course covers two main topics:
1. Access
Control and Information Flow: This part covers techniques to describe
policies of who-should-have-access-to-what (access control) and
who-may-learn-what (information flow) and goes into techniques for ensuring
that these policies are upheld.
2. Security
Protocols: This part is about formally defining security protocols, their
goals, and an intruder. We then look at automated techniques for analyzing
security protocols. In a final part of the course we look at two larger case
studies of probabilistic protocols.
Slides and additional
materials will be made available on Campus Net under File Sharing.
Track 1:
Access Control and Information Flow / Flemming Nielson
|
Date |
Topic |
|
4. February |
Course Introduction Access Control – Theory and Concepts [1] Access Control – The Bell-LaPadula
Model [2] Announcement of the first project report
[IF-0] |
|
11. February |
Access Control – The Biba Model
[3] Access Control – Enriching DAC with Mandatory Restrictions
[4] Information
Flow – Denning’s Approach [IF-1] |
|
18. February |
Access Control – Role Based Access Control [5] Access Control – New Paradigms for Access Control in Open
Environments [6] |
|
25. February |
Information Flow – Volpano’s
Approach [IF-2] Background on Inference Systems |
|
4. March |
Information Flow – The Decentralised
Label Model [IF-3] |
|
11. March |
Access Control – XACML: eXtensible
Access Control Markup Language [7] |
|
15. March |
Hand in of first project report
at noon |
Track 2:
Security Protocols / Sebastian Mödersheim
|
Date |
Topic |
|
18. March |
Modeling Protocols: Syntax and Semantics I Announcement of the second project
report. |
|
8. April |
Modeling Protocols: Syntax and Semantics II |
|
15. April |
Wrap up Syntax and Semantics; introduction to automated
analysis |
|
22. April |
Protocol Analysis: The Lazy Intruder |
|
29. April |
Protocol Analysis: Abstract Interpretation |
|
6. May |
Channels and Protocol Composition |
|
13. May |
Case studies in protocol analysis |
|
15. May |
Hand in of second project report
at noon |
Reports: Students must write two reports about the projects described
above. While the project work should be done in groups, reports must be
written individually. Each report must indicate which resources have been
used to perform the work. This includes text books, research papers,
information found on the web, detailed suggestions from teachers, and results
of discussions or cooperation with other students (who must be named).
The first
project must be
handed in by March 15th at 12.00.
The second
project must be
handed in by May 15th at 12.00.
Evaluation: Examination of the two reports. Scale of marks: 7 step
scale. Internal examiner.
Lecturer: Sebastian Mödersheim
| email
Lecturer: Flemming Nielson | email
Asssistant Lecturer: Ender Yuksel | email
Textbooks/Course
materials:
Several papers
will be used in the course; no book is required.