CoCon: A Conference Management System with Formally Verified Document Confidentiality-Reference-Cited by-同舟云学术

CoCon: A Conference Management System with Formally Verified Document Confidentiality

Published:2020-07-16 Issue:2 Volume:65 Page:321-356
ISSN:0168-7433
Container-title:Journal of Automated Reasoning
language:en
Short-container-title:J Autom Reasoning

Author:

Popescu Andrei,Lammich Peter,Hou Ping

Abstract

AbstractWe present a case study in formally verified security for realistic systems: the information flow security verification of the functional kernel of a web application, the CoCon conference management system. We use the Isabelle theorem prover to specify and verify fine-grained confidentiality properties, as well as complementary safety and “traceback” properties. The challenges posed by this development in terms of expressiveness have led to bounded-deducibility security, a novel security model and verification method generally applicable to systems describable as input/output automata.

Funder

University of Sheffield

Publisher

Springer Science and Business Media LLC

Subject

Artificial Intelligence,Computational Theory and Mathematics,Software

Link

https://link.springer.com/content/pdf/10.1007/s10817-020-09566-9.pdf

Reference82 articles.

1. Arapinis, M., Bursuc, S., Ryan, M.: Privacy supporting cloud computing: confichair, a case study. In: POST, pp. 89–108 (2012)

2. Askarov, A., Chong, S.: Learning is change in knowledge: knowledge-based security for dynamic policies. In: CSF, pp. 308–322 (2012)

3. Askarov, A., Myers, A.C.: Attacker control and impact for confidentiality and integrity. Log. Methods Comput. Sci. (2011). https://doi.org/10.2168/LMCS-7(3:17)2011

4. Askarov, A., Sabelfeld, A.: Gradual release: unifying declassification, encryption and key release policies. In: IEEE Symposium on Security and Privacy, pp. 207–221 (2007)

5. Askarov, A., Sabelfeld, A.: Tight enforcement of information-release policies for dynamic languages. In: CSF, pp. 43–59 (2009)

Cited by 2 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Assume but Verify: Deductive Verification of Leaked Information in Concurrent Applications;Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security;2023-11-15

2. Confidential Documents Sharing Model Based on Blockchain Environment;Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing;2022-11-19