Sjouke Mauw - Böcker

This book constitutes the proceedings of the 15th International Workshop on Security and Trust Management, STM 2019, held in Luxembourg City, Luxembourg, in September 2019, and co-located with the 24th European Symposium Research in Computer Security, ESORICS 2019.

Protocols connect the many devices used in our personal and professional lives.  Hence we require assurances that they are secure in the face of threats.Security is too important to leave to intuition and experience alone. We need methodologies to precisely determine our security goals. A security property is one that holds despite the best efforts of an attacker, as captured by a threat model. When attacking a protocol, an eavesdropper may inject messages leading to sessions being hijacked and other data breaches.This textbook goes from intuition, to theory, to tools, explaining different security properties. Ubiquitous protocols keep the discussion real:  ePassport protocols used at border checkpoints; the EMV protocol for contactless payments; and Open ID Connect used to sign in to websites. Even threats enabling car theft via relay attacks are taken into consideration by authenticating proximity. The book also analyses threats to privacy such as tracking, mitigated by making sessions unlinkable.Topics and features:The learning curve brings readers to the edge of the topic of security protocols.Multiple security and privacy properties and threats are expressed in a core calculus.Large real-world case studies showcase the methods in practice.The theory informs the accurate usage of tools for checking security protocols.Minimal protocols are selected to cleanly illustrate new concepts.This textbook is designed to take readers with some grounding in computer science to the edge of the field of security protocols. Additionally, it can serve as a highly useful reference for established researchers and security professionals branching out into threat modelling.Reynaldo Gil-Pons, Felix Stutz and Semen Yurkov were postdoctoral researchers in the Security and Trust of Software Systems group headed by Sjouke Mauw, professor at University of Luxembourg. Ross Horne directs the Cyber Security MSc at University of Strathclyde, UK.

This book constitutes the refereed proceedings of the 10th International Workshop on Security and Trust Management, STM 2014, held in Wroclaw, Poland, in September 2014, in conjunction with the 19th European Symposium Research in Computer Security, ESORICS 2014. The 11 revised full papers were carefully reviewed and selected from 29 submissions and cover topics as access control, data protection, digital rights, security and trust policies, security and trust in social networks.

This volume constitutes the thoroughly refereed post-conference proceedings of the Second International Workshop on Graphical Models for Security, GraMSec 2015, held in Verona, Italy, in July 2015.The 5 revised full papers presented together with one short tool paper and one invited lecture were carefully reviewed and selected from 13 submissions. The workshop contributes to the development of well-founded graphical security models, efficient algorithms for their analysis, as well as methodologies for their practical usage, thus providing an intuitive but systematic methodology to analyze security weaknesses of systems and to evaluate potential protection measures.

This book constitutes the refereed proceedings of the 10th IFIP WG 11.11 International Conference on Trust Management, IFIPTM 2016, held in Darmstadt, Germany, in July 2016. The 7 revised full papers and 7 short papers presented together with an invited paper were carefully reviewed and selected from 26 submissions. The papers cover a wide range of topics including trust architecture, trust modeling, trust metrics and computation, reputation and privacy, security and trust, sociotechnical aspects of trust, and attacks on trust and reputation systems.

This book constitutes revised selected papers from the 4th International Workshop on Graphical Models for Security, GraMSec 2017, held in Santa Barbara, CA, USA, in August 2017. The 5 full and 4 short papers presented in this volume were carefully reviewed and selected from 19 submissions. The book also contains one invited paper from the WISER project. The contributions deal with the latest research and developments on graphical models for security.

The papers cover a wide range of topics including trust architecture, trust modeling, trust metrics and computation, reputation and privacy, security and trust, sociotechnical aspects of trust, and attacks on trust and reputation systems.

This volume contains the proceedings of the 10th International Conference on Concurrency Theory (CONCUR'99) held in Eindhoven, The Netherlands, 24-27 August 1999. ThepurposeoftheCONCURconferencesistobringtogetherresearchers,- velopersandstudentsinordertoadvancethetheoryofconcurrencyandpromote its applications. Interest in this topic is continuously growing, as a consequence oftheimportanceandubiquityofconcurrentsystemsandtheirapplications,and of the scienti?c relevance of their foundations. The scope of CONCUR'99 covers all areas of semantics, logics and veri?cation techniques for concurrent systems. A list of speci?c topics includes (but is not limited to) concurrency-related - pects of: models of computation and semantic domains, process algebras, Petri nets, event structures, real-time systems, hybrid systems, stochastic systems, - cidability, model-checking, veri?cation techniques, re?nement techniques, term and graph rewriting, distributed programming, logic constraint programming, object-oriented programming, typing systems and algorithms, case studies, and tools and environments for programming and veri?cation. The ?rst two CONCUR conferences were held in Amsterdam (NL) in 1990 and 1991, the following ones in Stony Brook (USA), Hildesheim (D), Uppsala (S), Philadelphia (USA), Pisa (I), Warsaw (PL) and Nice (F).The proceedings have appeared in Springer LNCS, as Volumes 458, 527, 630, 715, 836, 962, 1119, 1243, and 1466.

This book constitutes the refereed proceedings of the 5th European Public Key Infrastructure Workshop: Theory and Practice, EuroPKI 2008, held in Trondheim, Norway, in June 2008. The 15 revised full papers presented together with 1 invited paper were carefully reviewed and selected from 37 submissions. Ranging from theoretical and foundational topics to applications and regulatory issues in various contexts, the papers focus on all research and practice aspects of PKI and show ways how to construct effective, practical, secure and low cost means for assuring authenticity and validity of public keys used in large-scale networked services.

Security protocols are widely used to ensure secure communications over insecure networks, such as the internet or airwaves. These protocols use strong cryptography to prevent intruders from reading or modifying the messages. However, using cryptography is not enough to ensure their correctness. Combined with their typical small size, which suggests that one could easily assess their correctness, this often results in incorrectly designed protocols. The authors present a methodology for formally describing security protocols and their environment. This methodology includes a model for describing protocols, their execution model, and the intruder model. The models are extended with a number of well-defined security properties, which capture the notions of correct protocols, and secrecy of data. The methodology can be used to prove that protocols satisfy these properties. Based on the model they have developed a tool set called Scyther that can automatically find attacks on security protocols or prove their correctness. In case studies they show the application of the methodology as well as the effectiveness of the analysis tool.The methodology’s strong mathematical basis, the strong separation of concerns in the model, and the accompanying tool set make it ideally suited both for researchers and graduate students of information security or formal methods and for advanced professionals designing critical security protocols.