Seminar IT-Sicherheit, VV 19572, WS 2013

General information on the place and time where the seminar takes place can be found in the Vorlesungsverzeichnis. Beware that the Vorlesungsverzeichnis does not allow timely updates of information and may be out of date. The organizer of this seminar is Prof. Volker Roth and the Secure Identity Research Group.

Seminar topics and goals

The goal of this seminar is to understand the field of language-based security with a particular focus on information flow control. Whenever feasible and reasonable, we will attempt to put the acquired knowledge into practice, e.g., by implementing information flow control techniques for a small compiler or interpreter.

Information flow control is an exciting field of research that dates back to the 1970's but is revived recently because it addresses the threat of Trojan Horse software. Trojan Horse software is a growing concern in the Web and on mobile devices as many applications surreptitiously exfiltrate users' personal information for the purpose of espionage or targeted advertising.

Prerequisites

Compiler-building knowledge and knowledge about type systems will be helpful for this seminar.

Seminar format

We begin by reading introductory material and then assign subtopics to the seminar participants. Each participant is responsible for writing a chapter of a joint document that summarizes the findings of the seminar participant. It is expected that participants perform literature research in order to find work that is relevant to their topics. Instead of working individually, participants may form pairs working jointly.

Seminar organization

In order to facilitate collaboration, I established a Git repository for the joint report and accompanying material. In order to facilitate communication and discussion we will establish a mailing list. I give the URL of the Git repository below:

git@gitlab.spline.de:seminar/sem_itsec2013.git

The seminar pacing is as follows:

The first third of the seminar focues on acquiring background knowledge and choosing a sub-topic.
Starting at mid-term (session 8), participants are expected to check into the repository a draft of their respective report chapter.
Starting at mid-term (session 8), participants begin to present their findings during seminar meetings, followed by a discussion.
Before session 15, participants are expected to check into the repository a semi-final version of their chapters so that all participants can review the entire report.
In the last session, we will discuss the status and contents of the joint report.
All participants are expected to revise their chapters until two weeks after the end of the semester.

Documents must be written in LaTeX. We will also work on a literature classification and a citation graph using, e.g., GraphViz.

Grading

The grading of active participation will be based on participation and active contribution to the seminar in the form of presentations and helpful suggestions given to other seminar participants. The grade will be based on the quality of the mid-term draft, their final draft and their presentation.

Literature

Below are the starting points for reading and for literature research. Note that all participants are required to perform literature research on top of the literature given below. For some nice examples and background on slide, see here.

Basics and surveys

Arrays and error reporting

Send/receive