Formal Methods for Information Security

Lecturer: Prof. Dr.-Ing. Heiko Mantel
Assistants: Tobias Hamann
Format: Integrated course (IV6)
Language: English
Place and time: Tuesday 13:30-15:10 in C110
(exception: April 17 and June 19, 08:00-09:40;
Two slots on May 15: 8:00-9:40 and 13:30-15:10)
  Wednesday 11:40-13:20 in C120
  Thursday 09:50-11:30 in C110
Midterm exam: June 5, 13:30-15:10 (regular lecture slot)
Final exam: July 12, 9:50-11:30 (regular lecture slot), room S103/221
Max. participants: 80
Links: TUCaN page (course id: 20-00-0362-iv)
D120 Forum (bulletin board of the Fachschaft)


  • The final exam will take place in room S103/221 on Thursday, July 12 from 9:50 to 11:30.
  • The exercise session originally planned for June 19 will take place on Monday, June 25 from 15:20 - 17:00 in room A313 in the Piloty Building.
  • Exercise sheet 2 will be corrected. Please hand in your solution at the postboxes in front of E318 before May 2, 11:30 to receive feedback.

Online Materials

The online material can be accessed here using the password communicated in the first lecture.


When talking about security of IT systems, best-practices for the development of secure systems or mechanisms for the protection of systems against illegal access of valuable assets play a major role. With this focus systems are called "secure" when the security appears substantiated by the used design processes and the deployed security mechanisms. This focus does not allow an objective assessment of the security properties the IT system does actually satisfy. To enable such an assessment, it is a necessity to make the desired security properties explicit with the necessary level of precision, to provide a view on the system appropriate to analyze the security of a system wrt. the desired requirements and to come up with analysis techniques to ease the process of judging the security of a system.

The course gives an overview on formal approaches to:

  • formal modeling of security-critical systems
  • formal specification of security requirements
  • formal security analysis of systems
  • theoretical foundations for developing secure software by stepwise refinement and composition.

The topics covered include:

  • introduction to formal methods for information security
  • formal modeling and analysis of access control mechanisms
  • formal modeling and analysis of information flow control
  • formal modeling and analysis of security protocols


Knowledge of Computer Science and Mathematics, equivalent to the first four Semesters in the Computer Science Bachelor program, in particular

  • ability to use formal languages and calculi
  • and basic knowledge about logic.


Scientific articles (to be announced in the lecture) and slides of the lectures (will be available online after the lecture). Additionally, e.g., one of the following books:

  • M. Bishop: "Computer Security", Addison-Wesley, 2002.
  • D. Gollmann: "Computer Security", Wiley, 2010.
  • C. P. Pfleeger, S. L. Pfleeger: "Security in Computing", Prentice Hall, 2015.
  • J. Viega, G. McGraw: "Building Secure Software", Addison-Wesley, 2011.
  • D. Denning: "Cryptography and Data Security", Addison Wesley, 1982 (out of print, but still available on the internet)

Reference literature on logics and automata theory

  • H.-D. Ebbinghaus, J. Flum, and W. Thomas: "Mathematical Logic", 2nd Edition, Springer, 1996.
  • H.-D. Ebbinghaus, J. Flum, and W. Thomas: "Einführung in die mathematische Logik", 5th edition, Spektrum, 2007.
  • J. E. Hopcroft, R. Motwani, and J. Ullman: "Introduction To Automata Theory, Languages, And Computation", Pearson Education Limited, 2013.

Last modified on 11 July 2018.

A A A | Print | Imprint | Sitemap | Contact
zum Seitenanfang