Formal Aspects of Security and Trust

1. Front Matter

   PDF

2. Verifying Cryptographic Code in C: Some Experience and the Csec Challenge

   • Mihhail Aizatulin, François Dupressoir, Andrew D. Gordon, Jan Jürjens

   Pages 1-20

3. Better Security and Privacy for Web Browsers: A Survey of Techniques, and a New Implementation

   • Willem De Groef, Dominique Devriese, Frank Piessens

   Pages 21-38

4. Differential Privacy: On the Trade-Off between Utility and Information Leakage

   • Mário S. Alvim, Miguel E. Andrés, Konstantinos Chatzikokolakis, Pierpaolo Degano, Catuscia Palamidessi

   Pages 39-54

5. On-the-Fly Inlining of Dynamic Dependency Monitors for Secure Information Flow

   • Luciano Bello, Eduardo Bonelli

   Pages 55-69

6. Min-Entropy Leakage of Channels in Cascade

   • Barbara Espinoza, Geoffrey Smith

   Pages 70-84

7. Secure Recharge of Disposable RFID Tickets

   • Riccardo Focardi, Flaminia L. Luccio

   Pages 85-99

8. Avoiding Delegation Subterfuge Using Linked Local Permission Names

   • Simon N. Foley, Samane Abdi

   Pages 100-114

9. Verifiable Control Flow Policies for Java Bytecode

   • Arnaud Fontaine, Samuel Hym, Isabelle Simplot-Ryl

   Pages 115-130

10. Concepts and Proofs for Configuring PKCS#11

    • Sibylle Fröschle, Nils Sommer

    Pages 131-147

11. Service Automata

    • Richard Gay, Heiko Mantel, Barbara Sprick

    Pages 148-163

12. Analysing Applications Layered on Unilaterally Authenticating Protocols

    • Thomas Gibson-Robinson, Gavin Lowe

    Pages 164-181

13. Type-Based Enforcement of Secure Programming Guidelines — Code Injection Prevention at SAP

    • Robert Grabowski, Martin Hofmann, Keqin Li

    Pages 182-197

14. TBA : A Hybrid of Logic and Extensional Access Control Systems

    • Timothy L. Hinrichs, William C. Garrison III, Adam J. Lee, Skip Saunders, John C. Mitchell

    Pages 198-213

15. Diffie-Hellman without Difficulty

    • Sebastian Mödersheim

    Pages 214-229

16. Is Cryptyc Able to Detect Insider Attacks?

    • Behnam Sattarzadeh, Mehran S. Fallah

    Pages 230-244

17. Formal Analysis of Anonymity in ECC-Based Direct Anonymous Attestation Schemes

    • Ben Smyth, Mark Ryan, Liqun Chen

    Pages 245-262

18. Risk Balance in Optimistic Non-repudiation Protocols

    • Mohammad Torabi Dashti, Jan Cederquist, Yanjing Wang

    Pages 263-277

19. Back Matter

    PDF

This book constitutes the thoroughly refereed post-conference proceedings of the 8th International Workshop on Formal Aspects of Security and Trust, FAST 2011, held in conjunction with the 16th European Symposium on Research in Computer Security, ESORICS 2011, in Leuven, Belgium in September 2011. The 15 revised full papers presented together with 2 invited papers were carefully reviewed and selected from 42 submissions. The papers focus on security and trust policy models; security protocol design and analysis; formal models of trust and reputation; logics for security and trust; distributed trust management systems; trust-based reasoning; digital assets protection; data protection; privacy and ID issues; information flow analysis; language-based security; security and trust aspects of ubiquitous computing; validation/analysis tools; web service security/trust/privacy; grid security; security risk assessment; and case studies.

• authentication protocols
• information flow security
• privacy
• trusted computing
• user-controlled anonymity

• IMDEA Software Institute, Universidad Politecnica de Madrid, Boadilla del Monte, Spain

  Gilles Barthe

• Carnegie Mellon University, Moffet Field, USA

  Anupam Datta

• Faculty of Mathematics and Computer Science, Embedded Systems Security Group, Technical University of Eindhoven, Eindhoven, The Netherlands

  Sandro Etalle

Policies and ethics