Quicklinks

Reliable Security Guarantees

peterschreiber.media – stock.adobe.com

Reliable Security Guarantees

The fragile security of today's IT infrastructure is the result of a perpetual arms race between attackers and defenders. Just as the defenders continuously improve their ability to tackle attacks, the attackers keep devising new malicious practices, refining classic attacks on programming errors as well as exploiting a broadening attack surface including routers, firmware, and the Internet of Things. Formal methods offer a way out of this arms race. Based on mathematically precise system and attacker models, we can systematically eliminate entire classes of attack strategies. With recent advances in logic and automated reasoning, the application can even be largely automated. Too often, however, formal methods are based on abstract system models and thus leave gaps that are not considered in these models. This research area aims for a phase transition in the scope and practical applicability of formal methods, striving for computer-aided analysis and construction of secure systems with the strongest possible formal guarantees. This includes the development of methods for achieving rigorous security guarantees for systems and software, runtime methods for monitoring and enforcement, design-time methods for static analysis and program repair, and a comprehensive methodology for building secure large-scale systems from small secure building blocks.

Members

Most Recent Publications

Title Date Authors Meta
 2019
2019
 Swen Jacobs, Mouhammad Sakr
 NRA2
 Acta Informatica
 2019
2019
 Kathrin Grosse, Thomas A. Trost, Marius Mosbach, Michael Backes
 NRA2 , NRA3
 ArXiv e-prints
 2019
2019
 Marcel Steinmetz, Àlvaro Torralba
 NRA2
 Proceedings of the 29th International Conference on Automated Planning and Scheduling (ICAPS'19), Berkeley, CA, USA, 2019.
 2019
IEEE EuroS&P
2019
 Cas Cremers, Lucca Hirschi
 NRA2
 4th IEEE European Symposium on Security and Privacy
 2019
CSF
2019
 Cas Cremers, Dennis Jackson
 NRA2
 32nd IEEE Computer Security Foundations Symposium