In this seminar, recent developments on the formal foundations of computer security will be presented and discussed. The seminar will be based on recent research articles covering selected foundational aspects of computer security. Each article will be presented by one participant of the seminar and will then be discussed intensely by the entire group of participants.

Formal foundations of computer security are necessary to clarify desirable security guarantees and possible security threats. For instance, formal security models can be used to capture security requirements precisely and can then serve as a reliable basis for verifying whether these requirements are met. Formal foundations of security can also serve as a basis for establishing security by design, including a precise definition of security requirements, a component-based development of secure systems, and the stepwise refinement of high-level system specifications to more-detailed specifications, ultimately to secure program code.


Exemplary topics include:
  •     composition, abstraction and refinement in computer security,
  •     information-flow security and information-flow control,
  •     language-based security,
  •     security models and properties,
  •     secure usage and usage control,
  •     quantitative security, and
  •     verifiable security.