EN FR
EN FR


Bibliography

Major publications by the team in recent years
  • 1M. Abadi, B. Blanchet.

    Analyzing Security Protocols with Secrecy Types and Logic Programs, in: Journal of the ACM, January 2005, vol. 52, no 1, pp. 102–146.
  • 2G. Bana, K. Hasebe, M. Okada.

    Computationally Complete Symbolic Attacker and Key Exchange, in: ACM Conference on Computer and Communications Security (CCS'13), Berlin, Germany, ACM, 2013, pp. 1231–1246.

    http://hal.inria.fr/hal-00918848
  • 3R. Bardou, R. Focardi, Y. Kawamoto, L. Simionato, G. Steel, J.-K. Tsay.

    Efficient Padding Oracle Attacks on Cryptographic Hardware, in: CRYPTO, 2012, pp. 608–625.
  • 4K. Bhargavan, A. Delignat-Lavaud, S. Maffeis.

    Language-Based Defenses Against Untrusted Browser Origins, in: Proceedings of the 22th USENIX Security Symposium, 2013.

    http://hal.inria.fr/hal-00863372
  • 5K. Bhargavan, C. Fournet, A. D. Gordon.

    Modular verification of security protocol code by typing, in: 37th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'10), 2010, pp. 445-456.
  • 6K. Bhargavan, C. Fournet, M. Kohlweiss, A. Pironti, P.-Y. Strub.

    Implementing TLS with Verified Cryptographic Security, in: IEEE Symposium on Security & Privacy (Oakland), San Francisco, United States, 2013, pp. 445-462.

    http://hal.inria.fr/hal-00863373
  • 7B. Blanchet, M. Paiola.

    Automatic Verification of Protocols with Lists of Unbounded Length, in: CCS'13 - ACM Conference on Computer and Communications Security, Berlin, Germany, ACM, 2013, pp. 573–584. [ DOI : 10.1145/2508859.2516679 ]

    http://hal.inria.fr/hal-00918849
  • 8B. Blanchet, D. Pointcheval.

    Automated Security Proofs with Sequences of Games, in: CRYPTO'06, Santa Barbara, CA, C. Dwork (editor), LNCS, Springer Verlag, August 2006, vol. 4117, pp. 537–554.
  • 9M. Bortolozzo, M. Centenaro, R. Focardi, G. Steel.

    Attacking and Fixing PKCS#11 Security Tokens, in: Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS'10), Chicago, Illinois, USA, ACM Press, October 2010, pp. 260-269. [ DOI : 10.1145/1866307.1866337 ]

    http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BCFS-ccs10.pdf
  • 10V. Cortier, G. Steel, C. Wiedling.

    Revoke and let live: a secure key revocation api for cryptographic devices, in: ACM Conference on Computer and Communications Security (CCS'12), 2012, pp. 918-928.
Publications of the year

Doctoral Dissertations and Habilitation Theses

  • 11R. Künnemann.

    Foundations for analyzing security APIs in the symbolic and computational model, École normale supérieure de Cachan - ENS Cachan, January 2014.

    http://hal.inria.fr/tel-00942459

Articles in International Peer-Reviewed Journals

  • 12M. Backes, C. Hritcu, M. Maffei.

    Union, Intersection, and Refinement Types and Reasoning About Type Disjointness for Secure Protocol Implementations, in: Special issue of the Journal of Computer Security (JCS) for TOSCA-SecCo, 2013, Accepted for publication.

    http://hal.inria.fr/hal-00918846
  • 13D. Cadé, B. Blanchet.

    From Computationally-Proved Protocol Specifications to Implementations and Application to SSH, in: Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), 2013, vol. 4, no 1, pp. 4–31, Special issue ARES'12.

    http://hal.inria.fr/hal-00863374
  • 14V. Cortier, B. Smyth.

    Attacking and fixing Helios: An analysis of ballot secrecy, in: Journal of Computer Security, 2013, vol. 21, no 1, pp. 89–148. [ DOI : 10.3233/JCS-2012-0458 ]

    http://hal.inria.fr/hal-00940324
  • 15V. Cortier, G. Steel.

    A Generic Security API for Symmetric Key Management on Cryptographic Devices, in: Information and Computation, 2013, To appear.

    http://hal.inria.fr/hal-00881072
  • 16M. Paiola, B. Blanchet.

    Verification of Security Protocols with Lists: from Length One to Unbounded Length, in: Journal of Computer Security, 2013, vol. 21, no 6, pp. 781–816, Special issue POST'12.

    http://hal.inria.fr/hal-00939187
  • 17N. Swamy, J. Chen, C. Fournet, P.-Y. Strub, K. Bhargavan, J. Yang.

    Secure distributed programming with value-dependent types, in: J. Funct. Program., 2013, vol. 23, no 4, pp. 402-451.

    http://hal.inria.fr/hal-00939188

International Conferences with Proceedings

  • 18A. A. Amorim, N. Collins, A. DeHon, D. Demange, C. Hritcu, D. Pichardie, B. C. Pierce, R. Pollack, A. Tolmach.

    A Verified Information-Flow Architecture, in: 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), San Diego, CA, United States, 2014, To appear. [ DOI : 10.1145/2535838.2535839 ]

    http://hal.inria.fr/hal-00918847
  • 19G. Bana, K. Hasebe, M. Okada.

    Computationally Complete Symbolic Attacker and Key Exchange, in: ACM Conference on Computer and Communications Security (CCS'13), Berlin, Germany, ACM, 2013, pp. 1231–1246.

    http://hal.inria.fr/hal-00918848
  • 20C. Bansal, K. Bhargavan, A. Delignat-Lavaud, S. Maffeis.

    Keys to the Cloud: Formal Analysis and Concrete Attacks on Encrypted Web Storage, in: 2nd Conference on Principles of Security and Trust (POST 2013), Rome, Italy, D. Basin, J. Mitchell (editors), lncs, spv, 2013, vol. 7796, pp. 126–146.

    http://hal.inria.fr/hal-00863375
  • 21K. Bhargavan, C. Fournet, M. Kohlweiss, A. Pironti, P.-Y. Strub.

    Implementing TLS with Verified Cryptographic Security, in: IEEE Symposium on Security & Privacy (Oakland), San Francisco, United States, 2013, pp. 445-462.

    http://hal.inria.fr/hal-00863373
  • 22B. Blanchet, M. Paiola.

    Automatic Verification of Protocols with Lists of Unbounded Length, in: CCS'13 - ACM Conference on Computer and Communications Security, Berlin, Germany, ACM, 2013, pp. 573–584. [ DOI : 10.1145/2508859.2516679 ]

    http://hal.inria.fr/hal-00918849
  • 23D. Cadé, B. Blanchet.

    Proved Generation of Implementations from Computationally-Secure Protocol Specifications, in: 2nd Conference on Principles of Security and Trust (POST 2013), Rome, Italy, D. Basin, J. Mitchell (editors), lncs, spv, 2013, vol. 7796, pp. 63–82.

    http://hal.inria.fr/hal-00863376
  • 24V. Cheval, B. Blanchet.

    Proving More Observational Equivalences with ProVerif, in: 2nd Conference on Principles of Security and Trust (POST 2013), Rome, Italy, D. Basin, J. Mitchell (editors), lncs, spv, 2013, vol. 7796, pp. 226–246.

    http://hal.inria.fr/hal-00863377
  • 25A. Delignat-Lavaud, K. Bhargavan, S. Maffeis.

    Language-Based Defenses Against Untrusted Browser Origins, in: Proceedings of the 22th USENIX Security Symposium, 2013.

    http://hal.inria.fr/hal-00863372
  • 26S. Kremer, R. Künnemann, G. Steel.

    Universally Composable Key-Management, in: 18th European Symposium on Research in Computer Security (ESORICS'13), Egham, United Kingdom, J. Crampton, S. Jajodia (editors), Lecture Notes in Computer Science, Springer, 2013, vol. 8134. [ DOI : 10.1007/978-3-642-40203-6_19 ]

    http://hal.inria.fr/hal-00878632
  • 27M. J. May, K. Bhargavan.

    Towards Unified Authorization for Android, in: 5th International Symposium on Engineering Secure Software and Systems (ESSoS 2013), llncs, spv, 2013, vol. 7781, pp. 42-57.

    http://hal.inria.fr/hal-00863384
  • 28B. Smyth, D. Bernhard.

    Ballot secrecy and ballot independence coincide, in: ESORICS'13: 18th European Symposium on Research in Computer Security, Egham, United Kingdom, LNCS, Springer, 2013, vol. 8134, pp. 463-480.

    http://hal.inria.fr/hal-00863370
  • 29B. Smyth, A. Pironti.

    Truncating TLS Connections to Violate Beliefs in Web Applications, in: WOOT'13: 7th USENIX Workshop on Offensive Technologies, Washington, United States, USENIX Association, 2013, First appeared at Black Hat USA 2013.

    http://hal.inria.fr/hal-00863371
  • 30N. Swamy, C. Fournet, A. Rastogi, K. Bhargavan, J. Chen, P.-Y. Strub, G. Bierman.

    Gradual Typing Embedded Securely in JavaScript, in: POPL 2014 - 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, San Diego, CA, United States, ACM, 2014, pp. 425-437. [ DOI : 10.1145/2535838.2535889 ]

    http://hal.inria.fr/hal-00940836

Internal Reports

  • 31C. Bansal, K. Bhargavan, A. Delignat-Lavaud, S. Maffeis.

    Discovering Concrete Attacks on Website Authorization by Formal Analysis, Inria, April 2013, no RR-8287, 46 p.

    http://hal.inria.fr/hal-00815834
  • 32M. Daubignard, D. Lubicz, G. Steel.

    A Secure Key Management Interface with Asymmetric Cryptography, Inria, 2013, no RR-8274.

    http://hal.inria.fr/hal-00805987
  • 33A. Delignat-Lavaud, K. Bhargavan, S. Maffeis.

    Embedding of Security Components in Untrusted Third-Party Websites, Inria, April 2013, no RR-8285, 32 p.

    http://hal.inria.fr/hal-00815800
References in notes
  • 34M. Abadi, B. Blanchet.

    Analyzing Security Protocols with Secrecy Types and Logic Programs, in: Journal of the ACM, January 2005, vol. 52, no 1, pp. 102–146.
  • 35M. Abadi, B. Blanchet, C. Fournet.

    Just Fast Keying in the Pi Calculus, in: ACM Transactions on Information and System Security (TISSEC), July 2007, vol. 10, no 3, pp. 1–59.
  • 36J. Bengtson, K. Bhargavan, C. Fournet, A. D. Gordon, S. Maffeis.

    Refinement types for secure implementations, in: ACM Trans. Program. Lang. Syst., 2011, vol. 33, no 2, 8 p.
  • 37K. Bhargavan, C. Fournet, R. Corin, E. Zalinescu.

    Verified Cryptographic Implementations for TLS, in: ACM Transactions Inf. Syst. Secur., March 2012, vol. 15, no 1, 3:1 p.
  • 38K. Bhargavan, C. Fournet, A. D. Gordon.

    Modular Verification of Security Protocol Code by Typing, in: ACM Symposium on Principles of Programming Languages (POPL'10), 2010, pp. 445–456.
  • 39K. Bhargavan, C. Fournet, A. D. Gordon, N. Swamy.

    Verified Implementations of the Information Card Federated Identity-Management Protocol, in: Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS'08), ACM Press, 2008, pp. 123–135.
  • 40B. Blanchet, M. Abadi, C. Fournet.

    Automated Verification of Selected Equivalences for Security Protocols, in: Journal of Logic and Algebraic Programming, February–March 2008, vol. 75, no 1, pp. 3–51.
  • 41B. Blanchet.

    An Efficient Cryptographic Protocol Verifier Based on Prolog Rules, in: 14th IEEE Computer Security Foundations Workshop (CSFW'01), 2001, pp. 82–96.
  • 42B. Blanchet.

    Automatic Verification of Correspondences for Security Protocols, in: Journal of Computer Security, July 2009, vol. 17, no 4, pp. 363–434.
  • 43B. Blanchet, A. Podelski.

    Verification of Cryptographic Protocols: Tagging Enforces Termination, in: Theoretical Computer Science, March 2005, vol. 333, no 1-2, pp. 67–90, Special issue FoSSaCS'03.
  • 44D. Cadé.

    Proved Implementations of Cryptographic Protocols in the Computational Model, Université Paris VII, December 2013.
  • 45J. Clulow.

    On the Security of PKCS#11, in: CHES, 2003, pp. 411-425.
  • 46S. Delaune, S. Kremer, G. Steel.

    Formal Analysis of PKCS#11 and Proprietary Extensions, in: Journal of Computer Security, November 2010, vol. 18, no 6, pp. 1211-1245.
  • 47D. Dolev, A. Yao.

    On the security of public key protocols, in: IEEE Transactions on Information Theory, 1983, vol. IT–29, no 2, pp. 198–208.
  • 48C. Fournet, M. Kohlweiss, P.-Y. Strub.

    Modular Code-Based Cryptographic Verification, in: ACM Conference on Computer and Communications Security, 2011.
  • 49R. Needham, M. Schroeder.

    Using encryption for authentication in large networks of computers, in: Communications of the ACM, 1978, vol. 21, no 12, pp. 993–999.
  • 50M. Paiola, B. Blanchet.

    Verification of Security Protocols with Lists: from Length One to Unbounded Length, in: Journal of Computer Security, December 2013, vol. 21, no 6, pp. 781–816, Special issue POST'12.
  • 51N. Swamy, J. Chen, C. Fournet, P.-Y. Strub, K. Bhargavan, J. Yang.

    Secure distributed programming with value-dependent types, in: 16th ACM SIGPLAN international conference on Functional Programming, 2011, pp. 266-278.