Foundations and Applications of Security Analysis

This book constitutes the thoroughly refereed post-conference
proceedings of the Joint Workshop on Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security, ARSPA-WITS 2009, held in York, UK, in March 2009, in association with ETAPS 2009.

The 12 revised full papers presented together with 2 invited talks were
carefully reviewed and selected from 27 submissions. The papers feature

topics including formal specification, analysis and design of security protocols and their applications, the formal definition of various aspects of security such as access control mechanisms, mobile code security and denial-of-service attacks, the modeling of information flow and its application to confidentiality policies, system composition and covert channel analysis.

Klappentext

This book constitutes the thoroughly refereed post-conference
proceedings of the Joint Workshop on Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security, ARSPA-WITS 2009, held in York, UK, in March 2009, in association with ETAPS 2009.

The 12 revised full papers presented together with 2 invited talks were
carefully reviewed and selected from 27 submissions. The papers feature

topics including formal specification, analysis and design of security protocols and their applications, the formal definition of various aspects of security such as access control mechanisms, mobile code security and denial-of-service attacks, the modeling of information flow and its application to confidentiality policies, system composition and covert channel analysis.

Inhalt
A Policy Model for Secure Information Flow.- A General Framework for Nondeterministic, Probabilistic, and Stochastic Noninterference.- Validating Security Protocols under the General Attacker.- Usage Automata.- Static Detection of Logic Flaws in Service-Oriented Applications.- Improving the Semantics of Imperfect Security.- Analysing PKCS#11 Key Management APIs with Unbounded Fresh Data.- Transformations between Cryptographic Protocols.- Formal Validation of OFEPSP+ with AVISPA.- On the Automated Correction of Protocols with Improper Message Encoding.- Finite Models in FOL-Based Crypto-Protocol Verification.- Towards a Type System for Security APIs.- Separating Trace Mapping and Reactive Simulatability Soundness: The Case of Adaptive Corruption.- How Many Election Officials Does It Take to Change an Election?.