Lab Course: Dynamic Enforcement for Software Security

Organizer: Prof. Dr. Heiko Mantel
Contact: Yuri Gil Dantas, Tobias Hamann
Time and place: Tuesdays, 11:40-13:20 in S215|404K, starting from April 23, 2019.
Office hour:
 Thursdays, 14:00-14:45, room E322
Language: English
Registration: via TUCaN, course id 20-00-0719-pr
Max. participants: 12
Preparation Meeting: Thursday, 18.04.2019, 15:20 in room S2|02 A213

Materials

All materials, including the assignment sheets, will be available in Moodle.

Content

Nowadays, users entrust applications with an increasing amount of sensitive data, such as contacts, account data, and pictures. Malicious or faulty applications processing this data can cause substantial harm to users' information security and privacy. Proper mechanisms should therefore be in place to make applications comply with users' security requirements. Dynamic enforcement is a technique for achieving this by observing an application's runtime behavior and applying suitable countermeasures when necessary. Of particular relevance for today's information security are distributed applications like cloud storage. Dynamic enforcement for distributed applications is the focus of this lab course.

In this lab, we will cover the following topics:


  • introduction to tools for runtime monitoring and enforcement like CliSeAu, JavaMOP and Polymer
  • specification of security requirements in different formalisms
  • combination of mechanisms for runtime monitoring and enforcement with target programs, in particular using inlining
  • basic concepts of dynamic monitoring and enforcement in distributed systems
  • central vs decentralized monitoring and enforcement in distributed systems
  • protocols for coordinating actions of decentralized mechanisms
 Encapsulation with dynamic enforcement mechanisms

Learning Objectives

After successfully participating in this course, you will have gained hands-on experience with dynamic enforcement for software security. In particular, you know how inlining of dynamic enforcement mechanisms can be achieved. You will know how to formally specify security requirements and how those requirements can be enforced dynamically in local or distributed systems. You will know how to test and evaluate dynamic enforcement mechanisms and can extend existing tools for dynamic enforcement.

Prerequisites

  • Knowledge of Computer Science equivalent to the first four semesters in the Computer Science Bachelor program
  • Good programming skills in Java
  • A solid background in formal methods

Literature

Will be announced in the first lab session.

Last modified on 18 April 2019.

A A A | Print | Imprint | Sitemap | Contact
zum Seitenanfang