When assessing the security of IT systems, one needs to take into account which capabilities and which intentions the potential attackers might have. The purpose of attacker models is to make an attacker's capabilities, goals, or other aspects explicit. Formal foundations of attacker models increase precision, avoid ambiguities, and provide a basis for automatic security analyses. Languages for attacker models often come with a graphical display notation that eases understanding and building up intuition.

Attacker models enjoy a widespread use in industrial practice and have been subject of intensive research efforts. Security analyses based on attacker models are not limited to assessing how secure a system is, but can be also used as the basis for economic decisions, e.g., maximizing the return on security invest.

This seminar is based on scientific publications on topics such as:

•  formal and graphical languages for modelling attackers
• security analyses based on attacker models
• automated generation of attacker models
• systematic engineering of attacker models
• interplay between attacker actions and defenses
• selective mitigation of attacks
• security economics

After successful participation, students will be able to discuss selected developments in the area of attacker models. Furthermore, students will have improved their skills in reading and understanding scientific articles, in presenting scientific results, and in scientific discussions.

Knowledge of Computer Science and Mathematics equivalent to the first four semesters in the Computer Science Bachelor program, in particular the ability to use formal languages and calculi.