Hot Topics in Language Security (87175)

Seminar in Summer Term 2015

General Information
Instructor:
Juniorprof. Dr.-Ing. Christian Hammer
Abhishek Bichhawat
Type:
Seminar (7 credit points)
Course Material:
Slides and papers suggested during the course
Language:
English
Room:
0.08, E1.7
Time:
We 12:30-14:00

This seminar will cover static and dynamic approaches to enforce security policies in programs, in particular on platforms like the Web or Android. Examples are standard notions like safety properties or noninterference that e.g. guarantee that no secret may leak to public output and related concepts.

Registration is now closed

Meetings

Students are supposed to read one paper each week and summarize it. The paper will then be discussed in the seminar based on your notes. At the end of the term there will be a block where every student presents a paper based on the results of the discussion.

The weekly meetings of the seminar will take place on Wednesdays from 12:30 - 14:00 in room 0.08, building E1.7. Your summaries are due on Tuesday evening.

Papers

  1. 06 May 2015 Niklas Broberg, David Sands. Paralocks – Role-Based Information Flow Control and Beyond. POPL 2010
  2. 13 May 2015 Andrew Myers, Barbara Liskov. Protecting privacy using the decentralized label model. ACM TOSEM 2000
  3. 27 May 2015 Dennis Volpano, Cynthia Irvine, Geoffrey Smith. A sound type system for secure flow analysis. JCS 1996
  4. 27 May 2015 Aslan Askarov, Andrei Sabelfeld. Gradual Release: Unifying Declassification, Encryption and Key Release Policies. Oakland 2007
  5. 03 Jun 2015 Andrei Sabelfeld, Andrew Myers A Model for Delimited Information Release. ISSS 2003
  6. 10 Jun 2015 Aslan Askarov, Andrei Sabelfeld. Localized Delimited Release: Combining the What and Where Dimensions of Information Release. PLAS 2007
  7. 10 Jun 2015 Willem De Groef, Dominique Devriese, Nick Nikiforakis, Frank Piessens. Flowfox: a Web Browser with Flexible and Precise Information Flow Control. CCS 2012
  8. 17 Jun 2015 Mathy Vanhoef, Willem De Groef, Dominique Devriese, Frank Piessens, Tamara Rezk. Stateful Declassification Policies for Event-Driven Programs. CSF 2014
  9. 24 Jun 2015 Andrei Sabelfeld, David Sands. Declassification: Dimensions and Principles. JCS 2007
  10. 01 Jul 2015 Willard Rafnsson, Andrei Sabelfeld. Secure Multi-Execution: Fine-grained, Declassification-aware, and Transparent. CSF 2013
  11. 08 Jul 2015 Gerard Boudol. Secure Information Flow as a Safety Property. FAST 2008
  12. 15 Jul 2015 Daniel Schoepe, Andrei Sabelfeld. Understanding and Enforcing Opacity. CSF 2015
  13. 22 Jul 2015 Niklas Broberg, Bart van Delft, David Sands. The Anatomy and Facets of Dynamic Policies. CSF 2015

Presentations

Thursday - 06/08/2015
Samer Al-Bakhlul 14:00 - 14:30 Secure Multi-Execution: Fine-grained, Declassification-aware, and Transparent
Omer Asif 14:30 - 15:00 Understanding and Enforcing Opacity
Dhiman Chakraborty 15:00 - 15:30 A sound type system for secure flow analysis
Raluca-Patricia Iliuta 15:30 - 16:00 Secure Information Flow as a Safety Property
Anastasiia Izycheva 16:00 - 16:30 The Anatomy and Facets of Dynamic Policies
Lakshmikanthan Srikanthan 16:30 - 17:00 Flowfox: a Web Browser with Flexible and Precise Information Flow Control

Friday - 07/08/2015
Subhashini Ananthapadmanaban 14:00 - 14:30 A Model for Delimited Information Release
Agim Kopali 14:30 - 15:00 Declassification: Dimensions and Principles
Suresh Krishna 15:00 - 15:30 Localized Delimited Release
Jyoti Prakash 15:30 - 16:00 Protecting privacy using the decentralized label model
Juan Gabriel Umana Quiros 16:00 - 16:30 Paralocks – Role-Based Information Flow Control and Beyond
Umidjon Urunov 16:30 - 17:00 Stateful Declassification Policies for Event-Driven Programs

Requirements for successful participation