PROSECCO - 2012 - Annual activity report

PROSECCO

PROSECCO - 2012

Project-Team Prosecco

Members

Overall Objectives

Programming securely with cryptography
Highlights of the Year

Scientific Foundations

Symbolic verification of cryptographic applications
Computational verification of cryptographic applications
Provably secure web applications

Application Domains

Cryptographic protocol implementations
Hardware-based security APIs
Web application security

Software

ProVerif
CryptoVerif
Tookan
miTLS
WebSpi
Defensive JavaScript

New Results

Verification of Security Protocols in the Symbolic Model
Verification of Security Protocols in the Computational Model
New Attacks on RSA PKCS#1 v1.5
Security Proofs for Revocation
Discovering Concrete Attacks on Web Applications by Formal Analysis
Attacks and Proofs for TLS Implementations

Bilateral Contracts and Grants with Industry

Technology Transfer Grant

Partnerships and Cooperations

National Initiatives
European Initiatives
International Initiatives
International Research Visitors

Dissemination

Editorial Boards
Organizers
Program Committees
Vulnerability Reports
Teaching
Ph.D in progress
Ph.D/Habilitation Committees
Invited Talks
Participation to Workshops and Conferences

Bibliography

Major publications
Publications of the year
References in notes

Previous |

Home | Next next

Section: Application Domains

Web application security

Web applications use a variety of cryptographic techniques to securely store and exchange sensitive data for their users. For example, a website may authenticate authorize users using a single sign-on protocol such as OAuth, a cloud storage service may encrypt user files on the server-side using XML encryption, and a password manager may encrypt passwords in the browser using a JavaScript cryptographic library. We build verification tools that can analyze such usages in commercial web applicaitons and evaluate their security against sophisticated web-based attacks.

Previous |

Home | Next next