When talking about security of IT systems, best-practices for the
development of secure systems or mechanisms for the protection of
systems against illegal access of valuable assets play a major role.
With this focus systems are called "secure" when the security appears
substantiated by the used design processes and the deployed security
mechanisms. This focus does not allow an objective assessment of the
security properties the IT system does actually satisfy. To enable such
an assessment, it is a necessity to make the desired security properties
explicit with the necessary level of precision, to provide a view on
the system appropriate to analyze the security of a system wrt. the
desired requirements and to come up with analysis techniques to ease the
process of judging the security of a system.
The course gives an overview on formal approaches to:
- formal modeling of security-critical systems
- formal specification of security requirements
- formal security analysis of systems
- theoretical foundations for developing secure software by stepwise refinement and composition.
The enrollment key will be provided in the first lecture.