Form: | Project Lab - 9 CP (6 SWS) |
Organizer: | Prof. Dr. Heiko Mantel |
Contact: | Yuri Gil Dantas, Tobias Hamann |
Time and place: | Mondays, 14:25-16:05 in S115|238, starting from October 24, 2016. Note: There is no session on October 17! The sessions will start in the second week of the semester. Please attend the kickoff meeting on October 21 (see below). |
Office hour: |
Thursdays, 14:00-14:45, room TBA |
Language: | English |
Registration: | via TUCaN, course id 20-00-0797-pp |
Max. participants: | 12 |
Preparation Meeting: | Friday, 21.10.2016, 13:30-15:10 in S202|E302 (joint meeting for all labs at MAIS) |
Workload: | 6 introductory assignments, 8 weeks for a group project |
All materials including the assignment sheets will be available on the internal web page.
Nowadays, users entrust applications with an increasing amount of sensitive data, such as contacts, account data, and pictures. Malicious or faulty applications processing this data can cause substantial harm to users' information security and privacy. Proper mechanisms should therefore be in place to make applications comply with users' security requirements. Dynamic enforcement is a technique for achieving this by observing an application's runtime behavior and applying suitable countermeasures when necessary. Of particular relevance for today's information security are distributed applications like web applications and cloud storage. Dynamic enforcement for distributed applications like these is the focus of this lab course.
In this project lab, we will cover the following topics:
|
|
In the project phase, you work on a self-contained project that extends or evaluates CliSeAu, our tool for distributed dynamic enforcement in Java, Ruby and Android. Potential topics for these projects are introduced in the kickoff session and will probably cover some of the following areas:
Please note that these are tentative areas and the actual content of the projects is not yet determined. If you are interested in additional topics, you can contact Tobias Hamann.
After successfully participating in this course, you will have gained hands-on experience with dynamic enforcement for software security. In particular, you know how inlining of dynamic enforcement mechanisms can be achieved. You will know how to formally specify security requirements and how those requirements can be enforced dynamically in local or distributed systems. You will know how to test and evaluate dynamic enforcement mechanisms and can extend existing tools for dynamic enforcement.
Will be announced in the first lab session.