This is a project-oriented course intended to give students hands-on experience. We will see a variety of analysis techniques to evaluate security protocols and security ceremonies. A network protocol such as SSL (Secure Sockets Layer) may fail in four ways: the protocol design may be flawed, the cryptography may be inadequate, the implementation may be buggy or it can not cope with the humans in its ends.
This course is primarily concerned with techniques for identifying design flaws, but we will also talk about cryptography secure implementation and usability to the extent that they affect security protocol and security ceremony design.
The first part of the course will survey contemporary security protocols and their properties, including confidentiality, authentication, secure group communication, privacy, and anonymity. We will also cover cryptographic primitives, as well as standard formal models and tools used for mechanised verification of secure systems. We will then The second part of the course will focus primarily on student projects, carried out individually or in small teams. A typical project may involve:
• Coming up with a security specification for a particular system and performing a detailed
analysis of its properties; or
• Extending an existing tool or method to support analysis of a new class of security
• Conducting a theoretical study of the relationship between several models.A selection of candidate projects will be provided, but students are encouraged to propose
Lectures will be given in English to broaden the outreach of the course and to facilitate access to standard material of the area such as book, articles and manuals of the tools. Also the course may be joined by international partners under cooperation agreements with UFSC, where credits are interchangeable. A second but no least import reason for the Lecture to be conducted in English is that experts on the field will be invited to speak in some guest lectures. Guest Lectures will be limited to three throughout the semester and will cover some tools and techniques from the viewpoint of its creators.
The course will be conducted using the official departmental virtual conference room for all classes. In this sense the guest lecturers will use this platform, as well as some of the international students enrolled in the course. All the students will be required to join the virtual lecture room at the required time using the virtual conference software. The students MUST HAVE A WEBCAM for all the meetings so that participation can be attested. The
lack of a webcam will imply in no record for attendance control purposes. For those who do not own a webcam, it will be lended by the lecturer. All the meetings will be recorded and made available for later viewing for the students. This course is a presential course over a virtual environment. In this sense it follows all University regulations regarding regular courses. No online self-study strategies will be applied.
The evaluation will be conducted over a final technical report written by the students, together or not with their research supervisors or the course professor. This technical report will be constructed over the semester with oversight of the course professor. The technical report will be assessed using standard strategies used to evaluate conference papers. The technical reports will be evaluated over their readability, adherence to the
proposed topic, contribution, coherence of the experimentation conducted and the results achieved.
Technical reports will be already graded using the standard grading system for the PPGCC program and will be the final grade achieved by the student. Technical reports with a pass mark should be fit for submission to the main conferences in the area of security protocols, formal methods or foundations of computer security.
Course Location and Times:
The course will run from the second week of August to the Third week of November. Out meeting will happen on Tuesdays and Thursdays from 11:00-12:30 (Brazilian Time). For international participants, please be aware that Brazil is in the southern hemisphere, so we adjust our clocks forward on the third Sunday of October. It most likely also that you will adjust yours backwards earlier than that.
The course will be conducted using a virtual meeting room available at:
Students are recommended to test the platform before classes. Using a Webcam is MANDATORY to have you attendance recorded.
All lecture will be recorded and made available at this Moodle course.