Official course description:

Full info last published 15/05-23
Course info
Language:
English
ECTS points:
15.0
Course code:
KSADSEC1KU
Participants max:
24
Offered to guest students:
yes
Offered to exchange students:
yes
Offered as a single subject:
yes
Price for EU/EEA citizens (Single Subject):
21250 DKK
Programme
Level:
MSc. Master
Programme:
MSc in Computer Science
Staff
Course manager
Carsten Schürmann
Full Professor
Teacher
Rosario Giustolisi
Associate Professor
Course semester
Semester
Efterår 2023
Start
28 August 2023
End
26 January 2024
Exam
Exam type
ordinær
Internal/External
ekstern censur
Grade Scale
7-trinsskala
Exam Language
GB
Abstract

The proliferation of technology in decision making challenges the collective trust in society.  Mathematical models predict the economy and political decisions are made accordingly. National ID infrastructures, such as MitID, authenticate citizens to digital services who still need to trust that they also protect their private data. AI systems are making decisions that affect many, who must learn how to live with them. Living in a modern digital world means that technology operates in an adversarial and partly unverifiable environment. All too often, technologies are expected be trusted although they are untrustworthy by design.

The concept of verifiability provides mechanisms to check retroactively if operations of a specific technology were correct. Not all technologies and infrastructures support the concept of verifiability, because often verifiability and confidentiality are at odds. Most technologies could support it but only few do.  In this advanced course called Advanced Security, we study the concept of verifiability and trust.

You will take this course as part of the security specialization. As prerequisites, we expect you to be able to program and have taken an introductory course in cybersecurity, such as Security 1 or Applied Information Security, a course on Cryptography, and of course Discrete Mathematics.



Description

Trust is known to be difficult to create but easy to destroy.  In these lectures, we study trust and technical notions of verifiability to strengthen trust.  We also study techniques to evaluate if verifiability really strengthens trust and show that this not necessarily the case. The lectures are given alternating by the lecturers and the students. There is no coursebook (yet) for this material, which means that most of the material will be covered in research papers and students are required to read at least one of the papers and present it to the class.

Module 1: Trust, Distrust and Verifiability. In this module, we look at different ways to think about trust. We look at formal definitions of verifiability, and accountability. We’ll be reading papers on the philosophical foundations of trust, distrust, and discuss various game-based definitions of verifiability and accountability, and trust into AI systems. We also discuss how privacy factors into the topic of trust.

Module 2: Logical Methods.  In this module, we look at topics, such as language-based security, information flow control, and protocol verification. We also investigate how to make databases more private and how to make AI reasoning more robust. As logic is meant to capture truth, and truth is a precursor for trust, logic is a good trust base for computing.

Module 3: Cryptographic Methods. In this module we look at topics, such as secure multi-party computation (MPC) using voting protocols as examples. We look at constructions supporting verifiability, such as zero-knowledge proofs, and cryptographic mixing that are designed to be verifiable while preserving privacy.

Module 4: Statistical Methods. Here will present techniques for auditing, including risk-limiting audits and testing, AI-watermarking, and others designed for verifiability. Statistical methods are also used to evaluate user studies and to the effectiveness of trust generation.


Formal prerequisites

Formal prerequisites 

    Security 1

    Cryptography

    Discrete Mathematics

    Introduction to Programming

 

Intended learning outcomes

After the course, the student should be able to:

  • Module 1: Design and study cryptographic protocols.
  • Module 2: Analyze protocols for accountability
  • Module 3: Apply information flow control techniques.
  • Module 4: Explain usability security design techniques.
  • Module 5: Analyze socio-technical systems.
  • Module 6: Describe cryptographic protocols used for voting.
Learning activities

  • Analyze the verifiability and accountability of security protocols
  • Create verifiable cryptographic protocols
  • Explain the robust AI concept
  • Reason about programs using language based security techniques
  • Explain auditing techniques

Mandatory activities

There are 6 quizes. 

The student will receive the grade NA (not approved) at the ordinary exam, if the mandatory activities are not approved and the student will use an exam attempt.

Course literature

The course literature is published in the course page in LearnIT.

Student Activity Budget
Estimated distribution of learning activities for the typical student
  • Preparation for lectures and exercises: 15%
  • Lectures: 25%
  • Exercises: 25%
  • Assignments: 15%
  • Exam with preparation: 10%
  • Other: 10%
Ordinary exam
Exam type:
B: Oral exam, External (7-point scale)
Exam variation:
B22: Oral exam with no time for preparation.
Exam duration per student for the oral exam:
30 minutes


reexam
Exam type:
B: Oral exam, External (7-point scale)
Exam variation:
B22: Oral exam with no time for preparation.
Exam duration per student for the oral exam:
30 minutes

Time and date
Ordinary Exam Thu, 11 Jan 2024, 09:00 - 21:00
Ordinary Exam Fri, 12 Jan 2024, 09:00 - 21:00