Section: Partnerships and Cooperations

National Initiatives

ANR

• ANR PROSE Security protocols : formal model, computational model, and implementations, duration: 4 years, started in December 2010. The goal of the project is to increase the confidence in security protocols, and in order to reach this goal, provide security proofs at three levels: (i) the symbolic level, in which messages are terms, (ii) the computational level, in which messages are bitstrings, and (iii) the implementation level: the program itself. Partners are EPI Prosecco and EPI Cascade Paris (leader), LSV Cachan, Cassis and Verimag Grenoble.

• ANR FREC Frontiers of recognizability, duration: 4 years, starting in October 2010. The goal of this project is to be a driving force behind the extension of the algebraic theory of regular languages made possible by recent advances. Four directions will be investigated: tree languages, $\lambda$-terms, automata with counters, algebraic and topological tools. Partners are LABRI (leader), LIAFA (University Paris 7). Pierre-Cyrille Héam is a member of this project, attached to Paris 7 for administrative facilities.

• ANR SEQUOIA Security properties, process equivalences and automated verification, duration: 4 years, starting in October 2014. Most protocol analysis tools are restricted to analyzing reachability properties while many security properties need to be expressed in terms of some process equivalence. The increasing use of observational equivalence as a modeling tool shows the need for new tools and techniques that are able to analyze such equivalence properties. The aims of this project are (i) to investigate which process equivalences-among the plethora of existing ones-are appropriate for a given security property, system assumptions and attacker capabilities; (ii) to advance the state-of-the-art of automated verification for process equivalences, allowing for instance support for more cryptographic primitives, relevant for case studies; (iii) to study protocols that use low-entropy secrets expressed using process equivalences; (iv) to apply these results to case studies from electronic voting.

Fondation MAIF

Project Protection de l'information personnelle sur les réseaux sociaux, duration: 3 years, started in October 2014. The goal of the project is to lay the foundation for a risk verification environment on privacy in social networks. Given social relations, this environment will rely on the study of metrics to characterize the security level for a user. Next, by combining symbolic and statistical techniques, it is a question to synthesize a model of risk behavior as a rule base. Finally, a verifier à la model-checking will be developed to assess the security level of user. Partners are Cassis (leader), Orpailleur and Fondation Maif.

Competitivity Clusters

• Project "Investissement d'Avenir - Développement de l'Economie Numérique" DAST (Dynamic Application Security Testing), duration: 2 years, starting in September 2012. The goal of this project is to generate automatically the tests to prevent vulnerabilities. We have proposed an automated model-based vulnerability testing approach, that focuses on Criss-Site Scripting vulnerabilities in web applications. It relies on a behavioral model that describes the web application and a set of security test patterns formalizing ways to detect the vulnerabilities. This partnership includes NBSystem, Smartesting (coordinator), Thales, Trusted-Labs and Inria Cassis.