Formal Methods for Information Security

Lecturer: Prof. Dr.-Ing. Heiko Mantel
Assistants: Tobias Hamann, Dr. Damien Marion
Format: Integrated course (IV6)
Language: English
Place and time: Tuesday 13:30-15:10 in S306/053 (no slot on October 15 2019!)
  Wednesday 13:30-15:10 in S306/052
  Thursday 11:40-13:20 in S217/103
Midterm exam: December 10 2019, 13:30 - 15:10
Final exam: February 13 2020, 11:40 - 13:20
Max. participants: 80
Links: TUCaN page (course id: 20-00-0362-iv)
D120 Forum (bulletin board of the Fachschaft)


  • The course will start on Wednesday, October 16 2019. There is no slot on Tuesday, October 15.

    Online Materials

    The online material will be accessible via moodle using the password communicated in the first lecture.


    When talking about security of IT systems, best-practices for the development of secure systems or mechanisms for the protection of systems against illegal access of valuable assets play a major role. With this focus systems are called "secure" when the security appears substantiated by the used design processes and the deployed security mechanisms. This focus does not allow an objective assessment of the security properties the IT system does actually satisfy. To enable such an assessment, it is a necessity to make the desired security properties explicit with the necessary level of precision, to provide a view on the system appropriate to analyze the security of a system wrt. the desired requirements and to come up with analysis techniques to ease the process of judging the security of a system.

    The course gives an overview on formal approaches to:

    • formal modeling of security-critical systems
    • formal specification of security requirements
    • formal security analysis of systems
    • theoretical foundations for developing secure software by stepwise refinement and composition.

    The topics covered include:

    • introduction to formal methods for information security
    • formal modeling and analysis of access control mechanisms
    • formal modeling and analysis of information flow control
    • formal modeling and analysis of security protocols


    Knowledge of Computer Science and Mathematics, equivalent to the first four Semesters in the Computer Science Bachelor program, in particular

    • ability to use formal languages and calculi
    • and basic knowledge about logic.


    Scientific articles (to be announced in the lecture) and slides of the lectures (will be available online after the lecture). Additionally, e.g., one of the following books:

    • M. Bishop: "Computer Security", Addison-Wesley, 2002.
    • D. Gollmann: "Computer Security", Wiley, 2010.
    • C. P. Pfleeger, S. L. Pfleeger: "Security in Computing", Prentice Hall, 2015.
    • J. Viega, G. McGraw: "Building Secure Software", Addison-Wesley, 2011.
    • D. Denning: "Cryptography and Data Security", Addison Wesley, 1982 (out of print, but still available on the internet)

    Reference literature on logics and automata theory

    • H.-D. Ebbinghaus, J. Flum, and W. Thomas: "Mathematical Logic", 2nd Edition, Springer, 1996.
    • H.-D. Ebbinghaus, J. Flum, and W. Thomas: "Einführung in die mathematische Logik", 5th edition, Spektrum, 2007.
    • J. E. Hopcroft, R. Motwani, and J. Ullman: "Introduction To Automata Theory, Languages, And Computation", Pearson Education Limited, 2013.

    Last modified on 16 October 2019.

A A A | Print | Imprint | Sitemap | Contact
zum Seitenanfang