Organizer: | Prof. Dr. Heiko Mantel |
Contact: | Yuri Gil Dantas, Tobias Hamann |
Time and place: | Tuesdays, 11:40-13:20 in S215|404K, starting from April 23, 2019. |
Office hour: |
Thursdays, 14:00-14:45, room E322 |
Language: | English |
Registration: | via TUCaN, course id 20-00-0719-pr |
Max. participants: | 12 |
Preparation Meeting: | Thursday, 18.04.2019, 15:20 in room S2|02 A213 |
All materials, including the assignment sheets, will be available in Moodle.
Nowadays, users entrust applications with an increasing amount of sensitive data, such as contacts, account data, and pictures. Malicious or faulty applications processing this data can cause substantial harm to users' information security and privacy. Proper mechanisms should therefore be in place to make applications comply with users' security requirements. Dynamic enforcement is a technique for achieving this by observing an application's runtime behavior and applying suitable countermeasures when necessary. Of particular relevance for today's information security are distributed applications like cloud storage. Dynamic enforcement for distributed applications is the focus of this lab course.
In this lab, we will cover the following topics:
|
|
After successfully participating in this course, you will have gained hands-on experience with dynamic enforcement for software security. In particular, you know how inlining of dynamic enforcement mechanisms can be achieved. You will know how to formally specify security requirements and how those requirements can be enforced dynamically in local or distributed systems. You will know how to test and evaluate dynamic enforcement mechanisms and can extend existing tools for dynamic enforcement.
Will be announced in the first lab session.
Last modified on 18 April 2019.