CoCon: A Conference Management System with Formally Verified Document Confidentiality

Andrei Popescu; Peter Lammich; Ping Hou

doi:10.1007/s10817-020-09566-9

CoCon: A Conference Management System with Formally Verified Document Confidentiality

Andrei Popescu, Peter Lammich, Ping Hou

Formal Methods

Research output: Contribution to journal › Article › peer-review

Abstract

We present a case study in formally verified security for realistic systems: the information flow security verification of the functional kernel of a web application, the CoCon conference management system. We use the Isabelle theorem prover to specify and verify fine-grained confidentiality properties, as well as complementary safety and “traceback” properties. The challenges posed by this development in terms of expressiveness have led to bounded-deducibility security, a novel security model and verification method generally applicable to systems describable as input/output automata.

Original language	English
Journal	Journal of Automated Reasoning
Early online date	16 Jul 2020
DOIs	https://doi.org/10.1007/s10817-020-09566-9
Publication status	Published - 2020

Access to Document

10.1007/s10817-020-09566-9Licence: CC BY

http://link.springer.com/10.1007/s10817-020-09566-9

Cite this

@article{e0a4113d8cec469089126e280bb4c69d,

title = "CoCon: A Conference Management System with Formally Verified Document Confidentiality",

abstract = "We present a case study in formally verified security for realistic systems: the information flow security verification of the functional kernel of a web application, the CoCon conference management system. We use the Isabelle theorem prover to specify and verify fine-grained confidentiality properties, as well as complementary safety and “traceback” properties. The challenges posed by this development in terms of expressiveness have led to bounded-deducibility security, a novel security model and verification method generally applicable to systems describable as input/output automata.",

author = "Andrei Popescu and Peter Lammich and Ping Hou",

year = "2020",

doi = "10.1007/s10817-020-09566-9",

language = "English",

journal = "Journal of Automated Reasoning",

issn = "0168-7433",

publisher = "Springer Nature",

}

TY - JOUR

T1 - CoCon: A Conference Management System with Formally Verified Document Confidentiality

AU - Popescu, Andrei

AU - Lammich, Peter

AU - Hou, Ping

PY - 2020

Y1 - 2020

N2 - We present a case study in formally verified security for realistic systems: the information flow security verification of the functional kernel of a web application, the CoCon conference management system. We use the Isabelle theorem prover to specify and verify fine-grained confidentiality properties, as well as complementary safety and “traceback” properties. The challenges posed by this development in terms of expressiveness have led to bounded-deducibility security, a novel security model and verification method generally applicable to systems describable as input/output automata.

AB - We present a case study in formally verified security for realistic systems: the information flow security verification of the functional kernel of a web application, the CoCon conference management system. We use the Isabelle theorem prover to specify and verify fine-grained confidentiality properties, as well as complementary safety and “traceback” properties. The challenges posed by this development in terms of expressiveness have led to bounded-deducibility security, a novel security model and verification method generally applicable to systems describable as input/output automata.

U2 - 10.1007/s10817-020-09566-9

DO - 10.1007/s10817-020-09566-9

M3 - Article

SN - 0168-7433

JO - Journal of Automated Reasoning

JF - Journal of Automated Reasoning

ER -

CoCon: A Conference Management System with Formally Verified Document Confidentiality

Abstract

Access to Document

Fingerprint

Cite this