Security and Privacy of Protocols and Software with Formal Methods

The protection of users’ data conforming to best practice and legislation is one of the main challenges in computer science. Very often, large-scale data leaks remind us that the state of the art in data privacy and anonymity is severely lacking. The complexity of modern systems make it impossible for software architect to create secure software that correctly implements privacy policies without the help of automated tools. The academic community needs to invest more effort in the formal modelization of security and anonymity properties, providing a deeper understanding of the underlying concepts and challenges and allowing the creation of automated tools to help software architects and developers. This track provides numerous contributions to the formal modeling of security and anonymity properties and the creation of tools to verify them on large-scale software projects.

[1]  Pasquale Malacaria,et al.  Algebraic foundations for quantitative information flow , 2014, Mathematical Structures in Computer Science.

[2]  Julien Delange,et al.  Integrated Modeling Workflow for Security Assurance , 2016, ISoLA.

[3]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[4]  Peter Y. A. Ryan,et al.  Process algebra and non-interference , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[5]  Catherine A. Meadows,et al.  Formal methods for cryptographic protocol analysis: emerging issues and trends , 2003, IEEE J. Sel. Areas Commun..

[6]  S. O. Kuyoro,et al.  Cloud computing security issues and challenges , 2011 .

[7]  Christian W. Probst Guaranteeing Privacy-Observing Data Exchange , 2016, ISoLA.

[8]  Klaus Havelund,et al.  Model checking programs , 2000, Proceedings ASE 2000. Fifteenth IEEE International Conference on Automated Software Engineering.

[9]  Matthew Bailey,et al.  Complete Guide to Internet Privacy, Anonymity & Security , 2011 .

[10]  M. E. Kabay,et al.  Computer Security Handbook , 2002 .

[11]  Axel Legay,et al.  Quantifying information leakage of randomized protocols , 2015, Theor. Comput. Sci..

[12]  Wang Yi,et al.  UPPAAL - a Tool Suite for Automatic Verification of Real-Time Systems , 1996, Hybrid Systems.

[13]  S. Kremer,et al.  Formal Models and Techniques for Analyzing Security Protocols - Volume 5 , 2011 .

[14]  Pasquale Malacaria,et al.  Information Leakage Analysis of Complex C Code and Its application to OpenSSL , 2016, ISoLA.

[15]  Kun Peng,et al.  Anonymous Communication Networks: Protecting Privacy on the Web , 2014 .

[16]  Sébastien Gambs,et al.  Differential Privacy Models for Location-Based Services , 2016, Trans. Data Priv..

[17]  Nils Gruschka,et al.  Attack Surfaces: A Taxonomy for Attacks on Cloud Services , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[18]  Cyrille Jégourel,et al.  A Platform for High Performance Statistical Model Checking - PLASMA , 2012, TACAS.

[19]  Premkumar T. Devanbu,et al.  A large scale study of programming languages and code quality in github , 2014, SIGSOFT FSE.

[20]  Christel Baier,et al.  Principles of model checking , 2008 .

[21]  Steve Kremer,et al.  Formal Models and Techniques for Analyzing Security Protocols: A Tutorial , 2014, Found. Trends Program. Lang..

[22]  Robert Künnemann,et al.  Automated Analysis of Security Protocols with Global State , 2014, 2014 IEEE Symposium on Security and Privacy.

[23]  Yashwant K. Malaiya,et al.  Security vulnerability categories in major software systems , 2006, Communication, Network, and Information Security.

[24]  Riccardo Scandariato,et al.  A Privacy-Aware Conceptual Model for Handling Personal Data , 2016, ISoLA.

[25]  Pasquale Malacaria,et al.  Quantifying information leaks in software , 2010, ACSAC '10.

[26]  K. Popovic,et al.  Cloud computing security issues and challenges , 2010, The 33rd International Convention MIPRO.

[27]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[28]  Catuscia Palamidessi,et al.  Quantitative Notions of Leakage for One-try Attacks , 2009, MFPS.

[29]  Karen A. Scarfone,et al.  SP 800-123. Guide to General Server Security , 2008 .

[30]  Carl E. Landwehr,et al.  Formal Models for Computer Security , 1981, CSUR.

[31]  Benjamin Grégoire,et al.  Formal certification of code-based cryptographic proofs , 2009, POPL '09.

[32]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[33]  Robert C. Seacord,et al.  A Structured Approach to Classifying Security Vulnerabilities , 2005 .

[34]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[35]  Axel Legay,et al.  QUAIL: A Quantitative Security Analyzer for Imperative Code , 2013, CAV.

[36]  Jan H. P. Eloff,et al.  A taxonomy for information security technologies , 2003, Comput. Secur..

[37]  Bruce Schneier,et al.  Cryptography Engineering - Design Principles and Practical Applications , 2010 .

[38]  Gerard J. Holzmann,et al.  The SPIN Model Checker , 2003 .

[39]  Alan J. Hu,et al.  Precisely Measuring Quantitative Information Flow: 10K Lines of Code and Beyond , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[40]  Roberto Gorrieri,et al.  Non Interference for the Analysis of Cryptographic Protocols , 2000, ICALP.

[41]  Geoffrey Smith,et al.  On the Foundations of Quantitative Information Flow , 2009, FoSSaCS.

[42]  James Newsom,et al.  Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software, Network and Distributed System Security Symposium Conference Proceedings : 2005 , 2005 .

[43]  Marius Bozga,et al.  A Model-Based Approach to Secure Multiparty Distributed Systems , 2016, ISoLA.

[44]  Muttukrishnan Rajarajan,et al.  Comparative Analysis of Formal Model Checking Tools for Security Protocol Verification , 2010, CNSA.

[45]  Zhenkai Liang,et al.  BitBlaze: A New Approach to Computer Security via Binary Analysis , 2008, ICISS.

[46]  Ross J. Anderson Why information security is hard - an economic perspective , 2001, Seventeenth Annual Computer Security Applications Conference.

[47]  Tomas Olovsson,et al.  A Structured Approach to Computer Security , 1992 .