Dynamic Enforcement of System Requirements

Form: Project Lab - 9 CP (6 SWS)
Organizer: Prof. Dr. Heiko Mantel
Contact: Yuri Gil Dantas, Tobias Hamann
Time and place: Mondays, 14:25-16:05 in S115|238, starting from October 23, 2017
Important: There will be no lab session on October 16! The sessions will start in the second week of
the semester. Please attend the kickoff meeting (see below).
Office hour:
Language: English
Registration: via TUCaN, course id 20-00-0797-pp
Max. participants: 15
Preparation Meeting: Thursday 19.10.2017, 16:15-17:55 in A313
Workload: 6 introductory assignments, 8 weeks for a group project



All materials including the assignment sheets will be available on the internal web page.


Nowadays, users entrust applications with an increasing amount of sensitive data, such as contacts, account data, and pictures. Malicious or faulty applications processing this data can cause substantial harm to users' information security and privacy. Proper mechanisms should therefore be in place to make applications comply with users' security requirements. Dynamic enforcement is a technique for achieving this by observing an application's runtime behavior and applying suitable countermeasures when necessary. Of particular relevance for today's information security are distributed applications like web applications and cloud storage. Dynamic enforcement for distributed applications like these is the focus of this lab course.

In this project lab, we will cover the following topics:

  • introduction to tools for runtime monitoring and enforcement like CliSeAu, JavaMOP and Polymer
  • specification of security requirements in different formalisms
  • combination of mechanisms for runtime monitoring and enforcement with target programs, in particular using inlining
  • basic concepts of dynamic monitoring and enforcement in distributed systems
  • central vs decentralized monitoring and enforcement in distributed systems
  • protocols for coordinating actions of decentralized mechanisms
  • adaptation of mechanisms for dynamic monitoring and enforcement to concrete target programs in small teams
  • extension of an existing framework for dynamic monitoring and enforcement in distributed systems and evaluation of extensions in small teams
Encapsulation with dynamic enforcement mechanisms

Teaching form

This project lab consists of two phases.

Phase 1: Introduction to Dynamic Enforcement

In the introduction phase, you get to know different mechanisms for dynamic enforcement and tools that use these mechanisms. You solve exercise sheets that introduce these tools and you will get a first hands-on experience with the different mechanisms. We use different formalization techniques to describe security properties and examine how to enforce these in small software examples.

Phase 2: Developing solutions for dynamic enforcement problems in a self-contained project

In the project phase, you work on a self-contained project that extends or evaluates CliSeAu, our tool for distributed dynamic enforcement in Java, Ruby and Android. Potential topics for these projects are introduced in the kickoff session and will probably cover some of the following areas:

  • Language Extensions/Support for programs of additional target languages in CliSeAu
  • Evaluation of CliSeAu for mobile applications
  • Dynamic Instrumentation techniques
  • Robustification of already implemented language support
  • Network Topolgies in CliSeAu (P2P, hierarchical topologies, ...)
  • Development of additional case studies
  • Policy language support (LTL, ACL, ...)
  • ...

    Please note that these are tentative areas and the actual content of the projects is not yet determined. If you are interested in additional topics, you can contact Tobias Hamann.

    Learning Objectives

    After successfully participating in this course, you will have gained hands-on experience with dynamic enforcement for software security. In particular, you know how inlining of dynamic enforcement mechanisms can be achieved. You will know how to formally specify security requirements and how those requirements can be enforced dynamically in local or distributed systems. You will know how to test and evaluate dynamic enforcement mechanisms and can extend existing tools for dynamic enforcement.


  • Knowledge of Computer Science equivalent to the first four semesters in the Computer Science Bachelor program
  • Good programming skills in Java
  • A solid background in formal methods


    Will be announced in the first lab session.

    A A A | Print | Imprint | Sitemap | Contact
    zum Seitenanfang