Formal Aspects in Security and Trust

The present volume contains the proceedings of the 5th International Workshop on Formal Aspects in Security and Trust (FAST 2008), held in Malaga, Spain, October 9-10, 2008. FAST is an event a?liated with the 13th European Sym- sium on Research in Computer Security (ESORICS 2008). FAST 2008 was held under the auspices of the IFIP WG 1.7 on Foundations of Security Analysis and Design. The 5th International Workshop on Formal Aspects in Security and Trust (FAST 2008) aimed at continuing the successful e?ort of the previous three FAST workshop editions for fostering the cooperation among researchers in the areas of security and trust. As computing and network infrastructures become increasingly pervasive, and as they carry increasing economic activity, society needs well-matched security and trust mechanisms. These interactions incre- ingly span several enterprises and involve loosely structured communities of - dividuals. Participants in these activities must control interactions with their partners based on trust policies and business logic. Trust-based decisions - fectively determine the security goals for shared information and for access to sensitive or valuable resources. FAST sought for original papers focusing on formal aspects in: security and trust policy models; security protocol design and analysis; formal models of trustand reputation;logicsfor security andtrust;distributed trust management systems;trust-basedreasoning;digitalassetsprotection;dataprotection;privacy and ID issues; information ?ow analysis; language-based security; security and trust aspects in ubiquitous computing; validation/analysis tools; Web service security/trust/privacy; GRID security; security risk assessment; case studies.

Klappentext

This book constitutes the thoroughly refereed post-workshop proceedings of the 5th International Workshop on Formal Aspects in Security and Trust, FAST 2008, held under the auspices of IFIP WG 1.7 in Malaga, Spain, in October 2008 as a satellite event of 13th European Symposium on Research in Computer Security.

The 20 revised papers presented were carefully reviewed and selected from 59 submissions. The papers focus of formal aspects in security, trust and reputation, security protocol design and analysis, logics for security and trust, trust-based reasoning, distributed trust management systems, digital asset protection, data protection, privacy and id management issues, information flow analysis, language-based security, security and trust aspects in ubiquitous computing, validation/analysis tools, Web/grid services security/trust/privacy, security and risk assessment, resource and access control, as well as case studies.

Inhalt
Formal Certification of ElGamal Encryption.- Secure Information Flow as a Safety Property.- Who Can Declassify?.- Non-Interference for Deterministic Interactive Programs.- Information-Theoretic Modeling and Analysis of Interrupt-Related Covert Channels.- Causality and Accountability.- Dynamics, Robustness and Fragility of Trust.- Trust within the Context of Organizations: A Formal Approach.- Know What You Trust.- Privacy-Friendly Electronic Traffic Pricing via Commits.- A Formal Privacy Management Framework.- Parameterised Anonymity.- Automatic Methods for Analyzing Non-repudiation Protocols with an Active Intruder.- Petri Net Security Checker: Structural Non-interference at Work.- Verifying Multi-party Authentication Using Rank Functions and PVS.- The Append-Only Web Bulletin Board.- Secure Broadcast Ambients.- Extending Anticipation Games with Location, Penalty and Timeline.- Do You Really Mean What You Actually Enforced?.- Delegating Privileges over Finite Resources: A Quota Based Delegation Approach.- Access Control and Information Flow in Transactional Memory.