Bibliography

Major publications by the team in recent years

• 1A. Azevedo de Amorim, M. Dénès, N. Giannarakis, C. Hritcu, B. C. Pierce, A. Spector-Zabusky, A. Tolmach.
  Micro-Policies: Formally Verified, Tag-Based Security Monitors, in: IEEE Symposium on Security and Privacy (Oakland), 2015, pp. 813–830.
• 2G. Bana, H. Comon-Lundh.
  A Computationally Complete Symbolic Attacker for Equivalence Properties, in: ACM Conference on Computer and Communications Security (CCS), 2014, pp. 609–620.
• 3R. Bardou, R. Focardi, Y. Kawamoto, L. Simionato, G. Steel, J.-K. Tsay.
  Efficient Padding Oracle Attacks on Cryptographic Hardware, in: CRYPTO, 2012, pp. 608–625.
• 4K. Bhargavan, A. Delignat-Lavaud, C. Fournet, A. Pironti, P.-Y. Strub.
  Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS, in: IEEE Symposium on Security and Privacy (Oakland), 2014, pp. 98–113.
• 5K. Bhargavan, A. Delignat-Lavaud, S. Maffeis.
  Language-Based Defenses Against Untrusted Browser Origins, in: USENIX Security Symposium, 2013.
• 6K. Bhargavan, C. Fournet, M. Kohlweiss, A. Pironti, P.-Y. Strub.
  Implementing TLS with Verified Cryptographic Security, in: IEEE Symposium on Security and Privacy (Oakland), 2013, pp. 445-462.
• 7B. Blanchet.
  A Computationally Sound Mechanized Prover for Security Protocols, in: IEEE Transactions on Dependable and Secure Computing, 2008, vol. 5, n^o 4, pp. 193–207, Special issue IEEE Symposium on Security and Privacy 2006.
• 8B. Blanchet.
  Automatic Verification of Correspondences for Security Protocols, in: Journal of Computer Security, 2009, vol. 17, n^o 4, pp. 363–434.
• 9D. Cadé, B. Blanchet.
  Proved Generation of Implementations from Computationally Secure Protocol Specifications, in: Journal of Computer Security, 2015, vol. 23, n^o 3, pp. 331–402.
• 10C. Hritcu, M. Greenberg, B. Karel, B. C. Pierce, G. Morrisett.
  All Your IFCException Are Belong to Us, in: IEEE Symposium on Security and Privacy (Oakland), 2013, pp. 3–17.

Publications of the year

Articles in International Peer-Reviewed Journals

• 11D. Cadé, B. Blanchet.
  Proved Generation of Implementations from Computationally Secure Protocol Specifications, in: Journal of Computer Security, 2015, vol. 23, n^o 3, pp. 331-402.
  https://hal.inria.fr/hal-01102382

International Conferences with Proceedings

• 12D. Adrian, K. Bhargavan, Z. Durumeric, P. Gaudry, M. Green, J. A. Halderman, N. Heninger, D. Springall, E. Thomé, L. Valenta, B. Vandersloot, E. Wustrow, S. Zanella-Béguelin, P. Zimmermann.
  Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice, in: ACM CCS 2015, Denver, Colorado, United States, 2015 ACM SIGSAC Conference on Computer and Communications Security, October 2015, 14 p. [ DOI : 10.1145/2810103.2813707 ]
  https://hal.inria.fr/hal-01184171
• 13A. Azevedo de Amorim, M. Dénès, N. Giannarakis, C. Hritcu, B. C. Pierce, A. Spector-Zabusky, A. Tolmach.
  Micro-Policies: Formally Verified, Tag-Based Security Monitors, in: 2015 IEEE Symposium on Security and Privacy, San Jose, United States, 2015 IEEE Symposium on Security and Privacy, May 2015, pp. 813 - 830. [ DOI : 10.1109/SP.2015.55 ]
  https://hal.inria.fr/hal-01265666
• 14B. Beurdouche, K. Bhargavan, A. Delignat-Lavaud, C. Fournet, M. Kohlweiss, A. Pironti, P.-Y. Strub, J. K. Zinzindohoue.
  A Messy State of the Union: Taming the Composite State Machines of TLS, in: IEEE Symposium on Security & Privacy 2015, San Jose, United States, IEEE, May 2015, To appear.
  https://hal.inria.fr/hal-01114250
• 15K. Bhargavan, A. Delignat-Lavaud, A. Pironti.
  Verified Contributive Channel Bindings for Compound Authentication, in: Network and Distributed System Security Symposium (NDSS'15), San Diego, United States, February 2015, To appear.
  https://hal.inria.fr/hal-01114248
• 16K. Bhargavan, G. Leurent.
  Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSH, in: Network and Distributed System Security Symposium – NDSS 2016, San Diego, United States, February 2016.
  https://hal.inria.fr/hal-01244855
• 17A. Delignat-Lavaud, K. Bhargavan.
  Network-based Origin Confusion Attacks against HTTPS Virtual Hosting, in: 24th International Conference on World Wide Web, Florence, Italy, ACM, May 2015, To appear.
  https://hal.inria.fr/hal-01114246
• 18U. Dhawan, C. Hritcu, R. Rubin, N. Vasilakis, S. Chiricescu, J. M. Smith, J. T. F. Knight, B. C. Pierce, A. DeHon.
  Architectural Support for Software-Defined Metadata Processing, in: 20th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2015), Istanbul, Turkey, ACM, March 2015, pp. 487-502. [ DOI : 10.1145/2694344.2694383 ]
  https://hal.inria.fr/hal-01102378
• 19Z. Paraskevopoulou, C. Hriţcu, M. Dénès, L. Lampropoulos, B. C. Pierce.
  Foundational Property-Based Testing, in: ITP 2015 - 6th conference on Interactive Theorem Proving, Nanjing, China, Lecture Notes in Computer Science, Springer, August 2015, vol. 9236. [ DOI : 10.1007/978-3-319-22102-1_22 ]
  https://hal.inria.fr/hal-01162898
• 20N. Swamy, C. Hriţcu, C. Keller, A. Rastogi, A. Delignat-Lavaud, S. Forest, K. Bhargavan, C. Fournet, P.-Y. Strub, M. Kohlweiss, J.-K. Zinzindohoue, S. Zanella-Béguelin.
  Dependent Types and Multi-Monadic Effects in F*, in: 43rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), St. Petersburg, Florida, United States, ACM, 2016, pp. 256-270.
  https://hal.archives-ouvertes.fr/hal-01265793

Internal Reports

• 21M. Paiola, B. Blanchet.
  From the Applied Pi Calculus to Horn Clauses for Protocols with Lists, Inria, December 2015, n^o RR-8823, 45 p.
  https://hal.inria.fr/hal-01239290

References in notes

• 22M. Abadi, B. Blanchet.
  Analyzing Security Protocols with Secrecy Types and Logic Programs, in: Journal of the ACM, January 2005, vol. 52, n^o 1, pp. 102–146.
• 23M. Abadi, B. Blanchet, C. Fournet.
  Just Fast Keying in the Pi Calculus, in: ACM Transactions on Information and System Security (TISSEC), July 2007, vol. 10, n^o 3, pp. 1–59.
• 24M. Abadi, C. Fournet.
  Mobile Values, New Names, and Secure Communication, in: 28th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'01), London, United Kingdom, ACM Press, January 2001, pp. 104–115.
• 25A. Azevedo de Amorim, N. Collins, A. DeHon, D. Demange, C. Hritcu, D. Pichardie, B. C. Pierce, R. Pollack, A. Tolmach.
  A Verified Information-Flow Architecture, September 2015, arXiv:1509.06503; Submitted to special issue of the Journal of Computer Security (JCS) on Verified Information Flow Security.
• 26A. Azevedo de Amorim, M. Dénès, N. Giannarakis, C. Hritcu, B. C. Pierce, A. Spector-Zabusky, A. Tolmach.
  Micro-Policies: Formally Verified, Tag-Based Security Monitors, in: 36th IEEE Symposium on Security and Privacy (Oakland S&P), IEEE Computer Society, May 2015, pp. 813–830.
• 27G. Bana, H. Comon-Lundh.
  A Computationally Complete Symbolic Attacker for Equivalence Properties, in: 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, United States, ACM, November 2014, pp. 609-620.
• 28G. Bana, K. Hasebe, M. Okada.
  Computationally Complete Symbolic Attacker and Key Exchange, in: ACM Conference on Computer and Communications Security (CCS'13), Berlin, Germany, ACM, 2013, pp. 1231–1246.
• 29J. Bengtson, K. Bhargavan, C. Fournet, A. D. Gordon, S. Maffeis.
  Refinement types for secure implementations, in: ACM Trans. Program. Lang. Syst., 2011, vol. 33, n^o 2, 8 p.
• 30K. Bhargavan, A. Delignat-Lavaud, S. Maffeis.
  Language-Based Defenses Against Untrusted Browser Origins, in: Proceedings of the 22th USENIX Security Symposium, 2013.
• 31K. Bhargavan, C. Fournet, R. Corin, E. Zalinescu.
  Verified Cryptographic Implementations for TLS, in: ACM Transactions Inf. Syst. Secur., March 2012, vol. 15, n^o 1, 3:1 p.
• 32K. Bhargavan, C. Fournet, A. D. Gordon.
  Modular Verification of Security Protocol Code by Typing, in: ACM Symposium on Principles of Programming Languages (POPL'10), 2010, pp. 445–456.
• 33K. Bhargavan, C. Fournet, A. D. Gordon, N. Swamy.
  Verified Implementations of the Information Card Federated Identity-Management Protocol, in: Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS'08), ACM Press, 2008, pp. 123–135.
• 34B. Blanchet, M. Abadi, C. Fournet.
  Automated Verification of Selected Equivalences for Security Protocols, in: Journal of Logic and Algebraic Programming, February–March 2008, vol. 75, n^o 1, pp. 3–51.
• 35B. Blanchet.
  An Efficient Cryptographic Protocol Verifier Based on Prolog Rules, in: 14th IEEE Computer Security Foundations Workshop (CSFW'01), 2001, pp. 82–96.
• 36B. Blanchet.
  Automatic Verification of Correspondences for Security Protocols, in: Journal of Computer Security, July 2009, vol. 17, n^o 4, pp. 363–434.
• 37B. Blanchet, M. Paiola.
  Automatic Verification of Protocols with Lists of Unbounded Length, in: ACM conference on Computer and communications security (CCS'13), Berlin, Germany, ACM, November 2013, pp. 573–584.
• 38B. Blanchet, A. Podelski.
  Verification of Cryptographic Protocols: Tagging Enforces Termination, in: Theoretical Computer Science, March 2005, vol. 333, n^o 1-2, pp. 67–90, Special issue FoSSaCS'03.
• 39T. Chothia, B. Smyth, C. Staite.
  Automatically Checking Commitment Protocols in ProVerif without False Attacks, in: POST'15: 4th Conference on Principles of Security and Trust, LNCS, Springer, 2015, vol. 9036.
• 40J. Clulow.
  On the Security of PKCS#11, in: CHES, 2003, pp. 411-425.
• 41S. Delaune, S. Kremer, G. Steel.
  Formal Analysis of PKCS#11 and Proprietary Extensions, in: Journal of Computer Security, November 2010, vol. 18, n^o 6, pp. 1211-1245.
• 42S. Delaune, M. D. Ryan, B. Smyth.
  Automatic verification of privacy properties in the applied pi-calculus, in: IFIPTM'08: 2nd Joint iTrust and PST Conferences on Privacy, Trust Management and Security, International Federation for Information Processing (IFIP), Springer, 2008, vol. 263, pp. 263–278.
• 43D. Dolev, A. Yao.
  On the security of public key protocols, in: IEEE Transactions on Information Theory, 1983, vol. IT–29, n^o 2, pp. 198–208.
• 44C. Fournet, M. Kohlweiss, P.-Y. Strub.
  Modular Code-Based Cryptographic Verification, in: ACM Conference on Computer and Communications Security, 2011.
• 45Y. Juglaret, C. Hritcu, A. Azevedo de Amorim, B. C. Pierce, A. Spector-Zabusky, A. Tolmach.
  Towards a Fully Abstract Compiler Using Micro-Policies: Secure Compilation for Mutually Distrustful Components, October 2015, Technical Report, arXiv:1510.00697.
• 46L. Lampropoulos, B. C. Pierce, C. Hritcu, J. Hughes, Z. Paraskevopoulou, Li-yao. Xia.
  Making Our Own Luck: A Language For Random Generators, July 2015, Draft.
• 47R. Needham, M. Schroeder.
  Using encryption for authentication in large networks of computers, in: Communications of the ACM, 1978, vol. 21, n^o 12, pp. 993–999.
• 48E. A. Quaglia, B. Smyth.
  Constructing secret, verifiable auction schemes from election schemes, 2015.
• 49B. Smyth, S. Frink, M. R. Clarkson.
  Election Verifiability: Cryptographic Definitions and an Analysis of Helios and JCJ, 2015.
• 50B. Smyth, M. D. Ryan, L. Chen.
  Formal analysis of privacy in Direct Anonymous Attestation schemes, in: Science of Computer Programming, 2015, vol. 111, n^o 2.
• 51B. Smyth.
  Secrecy and independence for election schemes, 2015.
• 52N. Swamy, J. Chen, C. Fournet, P.-Y. Strub, K. Bhargavan, J. Yang.
  Secure distributed programming with value-dependent types, in: 16th ACM SIGPLAN international conference on Functional Programming, 2011, pp. 266-278.
• 53N. Swamy, J. Chen, C. Fournet, P.-Y. Strub, K. Bhargavan, J. Yang.
  Secure distributed programming with value-dependent types, in: J. Funct. Program., 2013, vol. 23, n^o 4, pp. 402-451.
• 54N. Swamy, C. Fournet, A. Rastogi, K. Bhargavan, J. Chen, P.-Y. Strub, G. M. Bierman.
  Gradual typing embedded securely in JavaScript, in: 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), 2014, pp. 425-438.