SECSI is a project common to Inria and the Laboratoire Spécification et Vérification (LSV), itself a common lab between CNRS (UMR 8643) and the École Normale Supérieure (ENS) de Cachan.

SECSI is a common project between Inria Saclay and the LSV (Laboratoire Spécification et Vérification), itself a common research unit of CNRS (UMR 8643) and the ENS (École Normale Supérieure) de Cachan.

The SECSI project is a research project on the security of information systems. Originally, SECSI was organized around three main themes, and their mutual relationships:

Automated verification of cryptographic protocols;

Intrusion detection;

Static analysis of programs, in order to detect security holes and vulnerabilities at the protocol level.

This has changed. Starting from 2006, SECSI concentrates on the first theme, while keeping an eye on the other two.

In a nutshell, the aim of the SECSI project is to *develop
logic-based verification techniques for security properties of
computer systems and networks*.

The thrust is towards more *automation* (new automata-based,
or theorem-proving based verification techniques), more *properties* (not just secrecy or authentication, but e.g.,
coercion-resistance in electronic voting schemes), more *realism* (e.g., cryptographic soundness theorems for formal
models).

The new objectives of the SECSI project are:

Tree-automata based methods, automated deduction, and approximate/exact cryptographic protocol verification in the Dolev-Yao model.

Enriching the Dolev-Yao model with algebraic theories, and associated decision problems.

Computational soundness of formal models (Dolev-Yao, applied pi-calculus), proofs of security in computational models.

Indistinguishability proofs allowing us to handle more properties, e.g. anonymity.

Application to new security protocols, e.g. electronic voting protocols.

Security in the presence of probabilistic and demonic non-deterministic choices.

The SECSI project officially terminates at the end of 2012.

The reason that the members of the project-team were given is that no permanent Inria researcher remains.

This will of course create a gap in the panel of research themes covered at Inria Saclay, and especially in computer security. Independently of Inria, the members of SECSI will remain active in the field of computer security. They will also define their new scientific project for the years to come. In time, this will be presented as an Inria project-team proposal.

Workshop celebrating the 15th anniversary of LSV (the lab
where SECSI is hosted) and Jean Goubault-Larrecq's CNRS silver
medal, ENS Cachan, February 06-07, 2012
(http://

The ANR project AVOTÉ on the formal analysis of electronic
voting protocols
(http://

Computer security has become more and more pressing as a concern since
the mid 1990s. There are several reasons to this: cryptography is no
longer a *chasse réservée* of the military, and has become
ubiquitous; and computer networks (e.g., the Internet) have grown
considerably and have generated numerous opportunities for attacks and
misbehaviors, notably.

The aim of the SECSI project is to *develop logic-based
verification techniques for security properties of computer systems
and networks*. Let us explain what this means, and what this does
not mean.

First, the scope of the research at SECSI started as a rather broad subset of computer security, although the core of SECSI's activities has always been on verifying cryptographic protocols.

We took this for granted in 2006, and decided to concentrate on the latter. This already includes a vast number of concerns.

First, there is a plethora of distinct *security properties* one
may wish to verify. Beyond the standard properties of secrecy (weak
or strong forms), or authentication, one considers anonymity, fairness
in contract-signing, and the subtle security properties involved in
electronic voting such as accountability, receipt-freeness, resistance
to coercion, or user verifiability. Some of these properties are
trace properties, some are not, and are therefore more complex to
state and verify.

Second, there are many available *models*. SECSI started with
the rather simple symbolic models of security known today as Dolev-Yao
models. One must then look at process algebra models (spi-calculus,
applied pi-calculus), which allow for a symbolic treatment of more
complex properties, especially those that are not trace properties.
And one must also look at the computational models favored by
cryptographers, e.g., the game-based approaches and the universal
composability/simulatability approaches. They are more realistic in
terms of security, but less directly amenable to automated
verification. One of the features of computational models that makes
them more complex is the need for computing, and bounding
probabilities of certain events. This led us into contributing to the
field of verification of probabilistic systems. One must also look at
the relations between these models.

Third, there are many important *applications*. While SECSI
started looking at the rather simple and now mundane confidentiality
and authentication protocols, two important application domains have
emerged: the verification of electronic voting protocols, and the
verification of cryptographic APIs.

Apart from cryptographic protocols, the initial vision of the SECSI project was that computer security, being a global concern, should be taken as a whole, as far as possible. This is why one of the initial objectives of SECSI included topic in intrusion detection, again seen from the logical point of view.

One should remember the following. First, one of the key phrases in the SECSI motto is “logic-based”. It is a founding theme of SECSI that logic matters in security, and opportunities are to be grabbed. Another key phrase is “verification techniques”. The expertise of SECSI is not in designing protocols or security architectures. Verifying protocols, formally, is an arduous task already, and has proved to be an extremely rich area.

SECSI has five objectives:

Objective 1: symbolic verification of cryptographic protocols. Tree-automata based methods, automated deduction, and approximate/exact cryptographic protocol verification in the Dolev-Yao model. Enriching the Dolev-Yao model with algebraic theories, and associated decision problems.

Objective 2: verification of cryptographic protocols in computational models. Computational soundness of formal models (Dolev-Yao, applied pi-calculus).

Objective 3: security of group protocols, fair exchange, voting and other protocols. Other security properties, other security models. Security properties based on notions of indistinguishability.

Objective 4: probabilistic transition systems. Security in the presence of probabilistic and demonic non-deterministic choices.

Objective 5: intrusion detection, network and host protection in the large.

Here are a few examples of applications of research done in SECSI:

Security of electronic voting schemes: the case of the Helios protocol, used in particular at University of Louvain-la-Neuve (2010) and at the International Association for Cryptographic Research (IACR).

Security of the protocols involved in the TPM (Trusted Platform Module) chip, a chip present in most PC laptops today, and which is meant to act as a trusted base.

Security of the European electronic passport—and the discovery of an attack on the French implementation of it.

The Tookan tool allows one to assess the security of security tokens. These tokens are meant as safes holding secret keys, which should never be permitted to get out unencrypted. Several vulnerabilities discovered. Several interesting customers in banking (Barclays), in aeronautics (Boeing), notably.

Intrusion detection with the Orchids tool: several interested partners, among which EADS Cassidian, Thales, Galois Inc. (USA), the French Direction Générale de l'Armement (DGA).

See also the web page
http://

Tookan is a security analysis tool for cryptographic devices such as smartcards, security tokens and Hardware Security Modules that support the most widely-used industry standard interface, RSA PKCS#11. Each device implements PKCS#11 in a slightly different way since the standard is quite open, but finding a subset of the standard that results in a secure device, i.e. one where cryptographic keys cannot be revealed in clear, is actually rather tricky. Tookan analyses a device by first reverse engineering the exact implementation of PKCS#11 in use, then building a logical model of this implementation for a model checker, calling a model checker to search for attacks, and in the case where an attack is found, executing it directly on the device. Tookan has been used to find at least a dozen previously unknown flaws in commercially available devices.

The ORCHIDS real-time intrusion detection system was created in 2003-04 at SECSI. After a few years where research and development around ORCHIDS was relatively quiet, several new things happened, starting from the end of 2010.

First, several companies and institutions expressed interest in ORCHIDS, among which, notably, EADS Cassidian, Thalès, Galois Inc. (USA), the French Direction Générale de l'Armement (DGA).

Second, Baptiste Gourdin was hired as a development engineer (Dec. 2010-Nov. 2011) on an Action de Développement Technologique (ADT). He improved Orchids in several ways.

Nasr-Eddine Yousfi followed up on Baptiste Gourdin, starting from December 2011, on an ITI engineer position allotted by Inria's CSATT. He mostly explored ways of writing security meta-policies for confidentiality of sensitive dat.

Orchids will be the core of a contract between Inria and DGA, to be signed in December 2012, for three years.

One of the main issues in the formal verification of the security protocols is the validity (and scope) of the formal model. Otherwise, it may happen that a protocol is proved and later someone finds an attack. This paradoxical situation may happen when the formal model used in the proof is too abstract.

A main stream of research therefore consists in proving
full abstraction results (also called *soundness*): if the
protocol is secure in the (symbolic) model, then an attack can only
occur with negligible probability in a computational model. Such
results have two main drawbacks: first they are very complicated,
and have to be completed again and again for each combination of
security primitives. Second, they require strong hypotheses on the
primitives, some of which are not realistic. For instance, it is
assumed that the attacker cannot forge his own keys (or that all
keys come with their certificates, even for symmetric encryption
keys).

Hubert Comon-Lundh, Véronique Cortier and Guillaume Scerri propose an extension of the symbolic model, and prove it computationally sound, without this restriction on the dishonest keys.

Hubert Comon-Lundh, Véronique Cortier and Guillaume Scerri show how one can drop one of the assumptions of computational soundness results. However, the proofs remain very complicated and there are still assumptions such as the absence of key cycles, or no dynamic corruption... that are still necessary for all these results.

Gergei Bana and Hubert Comon-Lundh investigated a completely
different approach to formal security proofs , which
does not make any such assumptions. The idea can be stated in a
nutshell: whereas all existing formal models state the attacker's
abilities, they propose to formally state what the attacker
*cannot* do.

This makes a big difference, since the soundness need only to be proved formula by formula and only the very necessary assumptions are used for such formulas (for instance, no absence of key cycles is needed). This does not need to be proved again when a primitive is added.

The counterpart of this nice approach is the difficulty of the automation: a tool is required for checking the consistency of a set of axioms, together with the conditions accumulated along a trace. This problem is the subject of research for the next year(s).

One of the outstanding problems that remains in the denotational semantics of higher-order programming languages with probabilistic choice is the existence of a suitable, convenient category of domains for defining the denotations of types. Technically, a category of so-called continuous domains is sought after, which would be Cartesian-closed and stable by the action of the probabilistic powerdomain functor. This is not known to exist, and is part of the Jung-Tix conjecture. Jean Goubault-Larrecq found out that relaxing continuity to quasi-continuity helped gaining stability by the action of the probabilistic powerdomain functor . This is an extended version of previous work published at the LICS'10 conference.

Well-structured transition systems form a large class of infinite-state transition systems on which one can decide coverability (a slightly relaxed form of reachability). These include Petri nets, lossy channel systems, and various process algebras.

With Alain Finkel, Jean Goubault-Larrecq developed a theory of
*complete* well-structured transition systems, allowing one to
generalize Karp and Miller's coverability tree construction for
Petri nets to all well-structured transition systems. This work
culminated in , following two conference papers
(STACS'09, ICALP'09). The general theory was the topic of the
invited talk .

Static analyses allows one to obtain guarantees about the behavior of programs, without running them. Programs that handle numerical data such as feedback control loops pose a challenge in this area. This gets even harder when one considers programs that read numerical data from sensors, and write to actuators, as these data are imprecise, and are governed by probability distributions that may themselves be unknown, and only know to fall into some interval of distributions. As part of the ANR projet blanc CPP, an efficient static analysis framework that deals with this kind of programs was proposed , based on P-boxes and Dempster-Shafer structures to handle imprecise probabilities. This is based on work first presented at the SCAN'11 conference.

RSA PKCS#1v1.5 is the most commonly used standard for public key encryption, used for example in TLS/SSL. It has been known to be vulnerable to a so-called padding-oracle attack since 1998 when Bleichenbacher described the vulnerability at CRYPTO. The attack, known was the “million message attack” was not thought to present a practical threat, due in part to the large number of oracle messages required. In a paper published at CRYPTO 2012 we gave original modifications showing how the attack can be completed in a median of just 15 000 messages. The results led to widespread interest, indicated by over 1400 downloads of the long version of the paper from the HAL webpage and articles in the New York Times, Boston Globe and Süddeutscher Zeitung.

Most existing results focus on trace properties like secrecy or authentication. There are however several security properties, which cannot be defined (or cannot be naturally defined) as trace properties and require the notion of indistinguishably. Typical examples are anonymity, privacy related properties or statements closer to security properties used in cryptography.

As explained above, static equivalence is a cornerstone to provide decision procedures for observational equivalence.

Stéphanie Delaune, in collaboration with Mathieur Baudet and Véronique Cortier, has designed a generic procedure for deducibility and static equivalence that takes as input any convergent rewrite system . They have shown that their algorithm covers most of the existing decision procedures for convergent theories. They also provide an efficient implementation, and compare it briefly with the tools ProVerif and KiSs. This paper is a journal version of the work presented in .

In , Ştefan Ciobâcă, Stéphanie Delaune and Steve Kremer propose a representation of deducible terms to overcome the limitation of the procedure mentionned above. This new procedure terminates on a wide range of equational theories. In particular, they obtain a new decidability result for the theory of trapdoor bit commitment encountered when studying electronic voting protocols. The algorithm has been implemented in the KiSs tool. This paper is a journal version of the work presented in .

In , Stéphanie Delaune, in collaboration with
Véronique Cortier (LORIA, France), shows that existing decidability
results can be easily combined for any disjoint equational theories:
if the deducibility and indistinguishability relations are decidable
for two disjoint theories, they are also decidable for their union.
They also propose a general setting for solving deducibility and
indistinguishability for an important class (called *monoidal*)
of equational theories involving

When processes under study do not contain replication, trace equivalence can be reduced to the problem of deciding symbolic equivalence, an equivalence relation introduced by M. Baudet .

Stéphanie Delaune, Steve Kremer, and Daniel Pasaila study this symbolic equivalence problem when cryptographic primitives are modeled using a group equational theory, a special case of monoidal equational theories. The results strongly rely on the correspondance between group theories and rings. This allows them to reduce the problem under study to the problem of solving systems of equations over rings. This result was published at IJCAR'12 ,

When processes under study contain replication, the approach relying on symbolic equivalence does not work anymore. Moreover, since it is well-known that deciding reachability properties is undecidable under various restrictions, there is actually no hope to do better for equivalence-based properties. Rémy Chrétien, Véronique Cortier, and Stéphanie Delaune provide the first results of (un)decidability for certain classes of protocols for the equivalence problem. They consider a class of protocols shown to be decidable for reachability properties, and establish a first undecidability result. Then, they restrained the class of protocols a step further by making the protocols deterministic in some sense and preventing it from disclosing secret keys. This tighter class of protocols was then shown to be decidable after reduction to an equivalence between deterministic pushdown automata (see )

To deal with replication, another approach was studied by Vincent Cheval in collaboration with Bruno Blanchet. They propose an extension of the automatic protocol verifier ProVerif. ProVerif can prove observational equivalence between processes that have the same structure but differ by the messages they contain. In order to extend the class of equivalences that ProVerif handles, they extend the language of terms by defining more functions (destructors) by rewrite rules. These extensions have been implemented in ProVerif and allow one to automatically prove anonymity in the private authentication protocol by Abadi and Fournet. This work is currently under submission .

Mobile ad hoc networks consist of mobile wireless devices which
autonomously organize their communication infrastructure: each node
provides the function of a router and relays packets on paths to
other nodes. Finding these paths in an a priori unknown and
constantly changing network topology is a crucial functionality of
any ad hoc network. Specific protocols, called *routing
protocols*, are designed to ensure this functionality known as
*route discovery*. Secured versions of routing protocols have
been proposed to provide more guarantees on the resulting routes,
and some of them have been designed to protect the privacy of the
users.

However, existing results and tools do not apply to routing protocols. This is due in particular to the fact that all possible topologies (infinitely many) have to be considered. Véronique Cortier, Jan Degrieck, and Stéphanie Delaune propose a simple reduction result: when looking for attacks on properties such as the validity of the route, it is sufficient to consider topologies with only four nodes, resulting in a number of just five distinct topologies to consider. As an application, several routing protocols, such as the SRP applied to DSR and the SDMSR protocols, have been analysed using the ProVerif tool. This work was published at POST'12 .

Rémy Chrétien and Stéphanie Delaune propose a framework for analysing privacy-type properties for routing protocols. They use the notion of equivalence between traces to formalise three security properties related to privacy, namely indistinguishability, unlinkability, and anonymity. They study the relationship between these definitions and we illustrate them using two versions of the ANODR routing protocol. This work is currently under submission .

In the context of vehicular ad-hoc networks, to improve road safety, a vehicle-to-vehicle communication platform is currently being developed by consortia of car manufacturers and legislators. In , Morten Dahl, Stéphanie Delaune and Graham Steel propose a framework for formal analysis of privacy in location based services such as anonymous electronic toll collection. They give a formal definition of privacy, and apply it to the VPriv scheme for vehicular services. They analyse the resulting model using the ProVerif tool, concluding that the privacy property holds only if certain conditions are met by the implementation. Their analysis includes some novel features such as the formal modelling of privacy for a protocol that relies on interactive zero-knowledge proofs of knowledge and list permutations.

Formal methods have proved their usefulness for analysing the security of protocols. However, protocols are often analysed in isolation, and this is well-known to be not sufficient as soon as the protocols share some keys. Nowdays, several composition results exist for trace-based properties, but there is a lack of composition results for equivalence-based properties.

Myrto Arapinis, Vincent Cheval, and Stéphanie Delaune study the notion of trace equivalence and we show how to establish such an equivalence relation in a modular way. They show that composition works even when the processes share secrets provided that they satisfy some reasonable conditions. Their composition result allows one to prove various equivalence-based properties in a modular way, and works in a quite general setting. In particular, they consider arbitrary cryptographic primitives and processes that use non-trivial else branches. As an example, they consider the ICAO e-passport standard, and they show how the privacy guarantees of the whole application can be derived from the privacy guarantees of its sub-protocols. This work was published at CSF'12 .

DIM Digiteo project RedPill: Malware Detection on Virtualized Architectures, Oct. 2009-Sept. 2012. Sole partner: LSV. Funds Hedi Benzina's PhD Thesis.

DIM Digiteo project API: Automated Proofs of Indistinguishability, 2010-2013. Partners: EPI SECSI, EPI CASCADE. Oct. 2010-Sept. 2013. Funds Vincent Cheval's PhD Thesis.

ANR programme blanc CPP (“Confidence, Probability, and Proofs”), 2009-2012. Partners: LSV (scientific leader), CEA LIST (co-leader), Inria (Comète, Parsifal), Ecole Supérieure d'Electricité (L2S, SSE). External partners: Safran, Dassault Systèmes.

In the context of proofs of safety properties for critical
software, The CPP project proposes to study the joint use of
probabilistic and formal (deterministic) semantics and analysis
methods, in a way to improve the applicability and precision of
static analysis methods on numerical programs. See
http://

ANR SeSur (“Sécurité et Sûreté Informatique”) project AVOTÉ, 2008-2012. Partners: Inria (Cassis, leader), LSV, Verimag and, until September 2009 France Télécom R&D.

Electronic voting promises the possibility of a convenient,
efficient and secure facility for recording and tallying
votes. However, the convenience of electronic elections comes with
a risk of large-scale fraud and their security has seriously been
questioned. The AVOTÉ project aims at proposing formal methods
to analyze electronic voting protocols. See
http://

ANR VERSO program ProSe (“Proofs of Security”), 2010-2014. Partners: Inria (Cascade, leader; Cassis), LSV, Verimag.

The goal of the ProSe project is to increase the confidence in
security protocols, and in order to reach this goal, provide
security proofs at three levels: the *symbolic* level, in
which messages are terms; the *computational* level, in which
messages are bitstrings; and the *implementation* level: the
program itself. This project is a continuation of the FormaCrypt
project. See https://

ANR JCJC project VIP, 2012-2015. Awarded to Stéphanie Delaune.

The aim of this project is to formally analyze modern applications in which privacy plays an important role. Many applications having an important societal impact are concerned by privacy, e.g. electronic voting, electronic auction protocols, RFID tags, safety critical application in vehicular ad hoc networks, routing protocols in mobile ad hoc networks, etc. Moreover, each application comes with its own specificities. E.g. e-voting protocols often rely on complex cryptographic primitives, some routing protocols rely on recursive tests, and so on. In mobile ad hoc networks, taking into account mobility issues is also an important challenge.

Because security protocols are notoriously difficult to design and analyse, formal verification techniques are extremely important. However, nearly all studies focus on trace-based security properties, and thus to not allow one to analyse privacy-type properties that play an important role in many modern applications. Moreover, the envisioned applications have some specificities that prevent them to be modelled in an accurate way with existing verification tools.

The goal of this project is to design verification algorithms to
analyse privacy-type properties on several applications having an
important societal impact. The project is accompanied by an
effort in case studies and application domains which will allow at
the end of the project an assessment of the pragmatic potential
both in terms of modelling and effective analysis. More details
are available on the web page of the
project: http://

Inria Project Lab CAPPRIS (Collaborative Action on the Protection of Privacy Rights in the Information Society). Member: Stéphanie Delaune.

The goal of CAPPRIS is to provide solutions to enhance the privacy protection in the Information Society. The tageted applications are Online Social Networks, Location Based Services, and Electronic Health Record Systems.

Myrto Arapinis, April 2012 (1 week) and in December 2012 (1 week).

Alwen Tiu, December 2012 (1 week).

Umang MATHUR (from May 2012 until Jul 2012)

Subject: Estimating the information leakage of a recursive probabilistic program

Institution: IIT Bombay (India)

Administrative charges:

Hubert Comon-Lundh is director of the Parisian Master of Research in Computer Science (MPRI).

Hubert Comon-Lundh is member of the “comité de pilotage”, labex Digicosme.

Hubert Comon-Lundh is member of the “commission formation”, labex Digicosme.

Hubert Comon-Lundh is member of the “Jury prix de these Gilles Kahn/SIF”.

Stéphanie Delaune is a member of the scientific committee of Inria Saclay since February 2012.

Stéphanie Delaune is “Déléguée aux thèses” at the École Doctorale Sciences Pratiques at ENS Cachan since September 2012.

Jean Goubault-Larrecq, in charge of computer science questions, common Ecole Polytechnique-ENS Paris, Lyon, Cachan-ESPCI entrance competitive exam, starting September 2012.

Editorial boards:

Hubert Comon-Lundh is associate editor of the ACM Transactions on Computational Logic.

Hubert Comon-Lundh is guest editor of the Journal of Automated Reasoning (special issue, security and rewriting, Feb 2012).

Participation to program committes of conferences:

16th International Conference on Foundations of Software Science and Computation Structures FoSSaCS'13, Rome, Italy, March 2013 (Jean Goubault-Larrecq).

27th Annual ACM/IEEE Symposium Logic in Computer Science, Dubrovnik, Croatia, 2012 (Hubert Comon-Lundh)

8th International Conference on Information Security Practice and Experience ISPEC'12, Hangzhou, China (Stéphanie Delaune).

24th *Journées Francophones des Langages Applicatifs*
JFLA'13, Aussois, France, February 2013 (David Baelde).

Selection committees:

Hubert Comon-Lundh was president of selection committee, MCF, ENS Cachan 2012.

Hubert Comon-Lundh was president of the selection committee for the mixed chair CNRS-Aix Marseille University, 2012.

Evaluation committees:

Hubert Comon-Lundh, member of the jury of “Prime d'Excellence Scientifique” (National committee, professors and maîtres de conférences), 2012.

Jean Goubault-Larrecq, AERES evaluation, LIAFA, Université Paris Diderot, December 27-28, 2012

Jean Goubault-Larrecq, CNRS PEPS program evaluation committee, March 22, 2012

Scientific boards:

Hubert Comon-Lundh, CNRS INSII, Oct. 2010-Oct 2014

Jean Goubault-Larrecq, external member of the selection committee of the Formal Methods and Security Inria-DGA seminar, Rennes

Invited talks:

Hubert Comon-Lundh *Towards unconditional
soundness*. Grenoble, Jan 13, 2012, Workshop on Computer-Aided
Security.

Jean Goubault-Larrecq, *Probability and Nondeterminism in
Domain Theory, Part II*, Logic and Interactions, week 4:
Quantitative approaches, Marseilles, France, February 20-24.

Invitation to seminars:

Stéphanie Delaune, Dagstuhl seminar on Analysis of security APIs, Wadern, Germany, November 25-28.

Stéphanie Delaune, *Analysing privacy-type properties
using formal methods*, CAPPRIS meeting, Paris, March 14

Jean Goubault-Larrecq, *An Isomorphism between Powercone
and Prevision Models*, McGill seminar, Bellairs Institute,
Holetown, Barbados, April 01-06.

Licence :

Rémy Chrétien, *Initiation à l'informatique*
(TP), 39h., L1, Université Paris 7, Paris, France

Hubert Comon-Lundh *Logic and Computability*, 42h., L3,
ENS Cachan, France

Jean Goubault-Larrecq, *Programming*, 42h., L3, ENS
Cachan, France

Jean Goubault-Larrecq, *Logic and Computer Science*
(a.k.a., the lambda-calculus), 36h., L3, ENS Cachan and ENS
Paris, France

Jean Goubault-Larrecq, Internship reviews, 4h., L3, ENS Cachan, France

David Baelde, *Logic and Computability*, 45h., L3, ENS
Cachan, France

David Baelde, Internship reviews, 3h., L3, ENS Cachan, France

Master :

Jean Goubault-Larrecq, *Cryptography, Cryptographic
Protocols and Quantum Cryptography*, Part 1/3, 4h., M1,
Séminaire Regards Croisés Mathématiques-Physique, ENS Cachan,
France

Stéphanie Delaune, *Cryptography, Cryptographic
Protocols and Quantum Cryptography*, Part 2/3, 4h., M1,
Séminaire Regards Croisés Mathématiques-Physique, ENS Cachan,
France

Jean Goubault-Larrecq, *Advanced Complexity*, 42h., M1,
MPRI course 1-17, France

Jean Goubault-Larrecq, Internship reviews, 4h., M1, ENS Cachan, France

Hubert Comon-Lundh, Internship reviews, 32h, M2 MPRI

Jean Goubault-Larrecq, Internship reviews, 16h., M2, MPRI, France

Hubert Comon-Lundh *Computational Soundness*, 12h., M2,
MPRI course 2-30, France, Jan-Feb 2012

Hubert Comon-Lundh *Formal proofs of security*, 24h,
M2, MPRI course 2-30, France Oct-Dec 2012 (48h)

Hubert Comon-Lundh *Preparation option info agreg:
logique*, 24h, préparation à l'agrégation de Mathématiques,
Jan-May 2012, ENS Cachan, France

Hubert Comon-Lundh, rehearsal of Computer Science Lessons, préparation à l'agrégation de Mathématiques, 18h., ENS Cachan, France

Jean Goubault-Larrecq, rehearsal of Computer Science Lessons, préparation à l'agrégation de Mathématiques, 18h., ENS Cachan, France

PhD :

Vincent Cheval, *Automatic verification of
cryptographic protocols: privacy-type properties*, ENS Cachan,
Dec. 03, 2012 , supervised by Stéphanie
Delaune and Hubert Comon-Lundh

Hedi Benzina, *Enforcing virtualized systems security*,
ENS Cachan, Dec. 17, 2012 , supervised by
Jean Goubault-Larrecq

PhD in progress :

Rémy Chrétien, *Trace equivalence for an unbounded
number of sessions*, Started Oct. 2012, supervised by
Stéphanie Delaune

Robert Künnemann, *Secure APIs and Simulation-Based
Security*, Started Oct. 2010, supervised by Steve Kremer and
Graham Steel; Graham and Robert are now at EPI Prosecco

Gavin Keighren, *A Type System for Security APIs*,
since 2007 (to submit March 2013), advisors Graham Steel and
David Aspinall (University of Edinburgh). Graham is now at EPI
Prosecco.

Guillaume Scerri, *Preuves abstraites de protocoles
cryptographiques concrets*, Started Oct. 2011, supervised by
Hubert Comon-Lundh

Masters:

Rémy Chrétien, *Trace equivalence of protocols for an
unbounded number of sessions*, 2012, advisors Stéphanie
Delaune and Véronique Cortier

Apoorvaa Deshpande, *Automated verification of
equivalence properties modulo AC*, 2012, advisors Stéphanie
Delaune and Steve Kremer

PhD:

Hubert Comon-Lundh, president of the jury: Jeremy Planul,
*Typage, compilation, et cryptographie pour la
programmation répartie securisée*, Ecole Polytechnique, Feb
08, 2012.

Hubert Comon-Lundh, member of the jury: Vincent Cheval,
*Preuves automatiques d'indistinguabilité*, ENS Cachan, Dec
03, 2012.

Jean Goubault-Larrecq, member of the jury: Gabriel Kerneis,
*Continuation-Passing C: Program Transformations for
Compiling Concurrency in an Imperative Language*, Université
Paris Diderot, November 09, 2012.

Jean Goubault-Larrecq, member of the jury: Hedi Benzina,
*Enforcing virtualized systems security*, ENS Cachan,
December 17, 2012

HdR:

Hubert Comon-Lundh, reviewer of the habilitation and member
of the jury: Karthikeyan Bhargavan, *Towards the Automated
Verification of Cryptographic Protocol Implementations*, Ecole
Normale Supérieure, May 04, 2012.

Hubert Comon-Lundh, reviewer of the habilitation and member
of the jury: Pascal Lafourcade *Cryptographic Primitives,
Voting protocols, and Wireless Sensor Networks*, Université
Joseph Fourier, Grenoble, Nov. 06, 2012.

Hubert Comon-Lundh, president of the jury: Jérôme Leroux,
*Machines à compteur et arithmétique de Presburger*,
Université Bordeaux I, Bordeaux, Dec 06, 2012.

Jean Goubault-Larrecq, member of the jury: Laurent Doyen,
*Games and Automata: From Boolean to Quantitative
Verification*, ENS Cachan, March 13, 2012

Hubert Comon-Lundh , *Le vote électronique*, Institut
des Hautes études en Sciences et Technologies (IHEST), Jan 20,
2012

Stéphanie Delaune, member of the scientific mediation committee at Inria Saclay. (“Mediation” is the new name for popularization.)

Jean Goubault-Larrecq, *Sécurité informatique*, talk and
discussion with the public at the “débat citoyen” organized by
Inria, Alan Turing building, Inria Saclay, November 19, 2012

Jean Goubault-Larrecq, breakfast with the press, organized by CNRS, on computer security, November 29, 2012

Stéphanie Delaune gave two popularization talks, *Ces
protocoles qui nous protègent*, at *Journée Régionale de
l'APMEP - Haute-Normandie*, Rouen, April 18, and at
*Journée de rentrée de l'ENS Cachan*, Cachan, September 7.

Stéphanie Delaune was interviewed by a journalist in charge of a special issue on cryptography for the magazine “Cahiers Sciences et Vie”.

Rémy Chrétien, *Le vote électronique*, article for
the ANAJ-IHEDN Cybersecurity newsletter, to be published.