COMP 790-132: Verified Security

COMP 790-132, Fall 2013
MW 2:00-3:15
Cynthia Sturton
Office hours:
By appointment.

It is a well known adage in computer security that while the defender has to shore up every possible vulnerability in the system, the attacker only needs to find one to exploit. The attacker has the advantage.

In this class we will discuss one powerful tool for strengthening the defense: proving security properties of systems using formal verification methods. We will study the application of model checking and theorem proving for a wide range of security-critical systems. A few examples include voting machines, operating systems, and cryptographic protocols. We will discuss the benefits and challenges of using formal methods for security in various settings.

There are no prerequisites for this class. The class is meant for students who are interested in software and systems security, as well as students interested in the application of formal methods. The class will be research focused: classes will be centered around discussion of published research in the security community, and students will work on an original research project and write a workshop-quality paper describing their work.


Students will work in groups of 2 on an original research project. At the end of the semester, each group will submit a workshop-quality paper and give a short (~10 min) presentation in class describing their work. Project proposals will be due Monday, September 23rd. We will discuss possible project ideas in class, although you are encouraged to develop your own idea.

Paper Readings

A schedule with the list of readings.

We will read 1-2 papers per class. You are required to complete the reading before class. For each paper, you will write a short synopsis and review, and email it to me by 10pm the night before the class. The synopsis should be 1-3 bullet points describing the problem being addressed, the basic approach, and the key insight or innovation of the paper. The review should be 4-6 sentences and should describe the pros and cons of the paper, as you see it. Although your written response will be short, the reading will not be quick. You will need to read each paper thoroughly and in-depth in order to write an insightful review, and actively participate in the class discussion.

In addition, you will write a full length review for two of the papers we read this semester. This will be a comprehensive review, similar to what you might write as a member of a conference program committee responsible for reviewing submissions. These reviews are due by 10pm the night before the class in which we discuss your chosen paper.

Background Material

There are no required textbooks for this class. If you are looking for some additional background material, I recommend the following books.

Logic in Computer Science: Modelling and Reasoning about Systems, Michael Huth and Mark Ryan. Cambridge Univ. Press, June 2004 (2nd edition).

Chapters 12-14 of Introduction to Embedded Systems, A Cyber-Physical Systems Approach, Edward A. Lee and Sanjit A. Seshia, 2011. (Available as a PDF.)

This list of verification tools is comprehensive and nicely categorized.


Final project: 50%
Paper reviews: 20%
Class discussion & short reviews: 30%