|![[Search]](/images/search.gif?1209136071)
|![[A-Z Index]](/images/az.gif?1209136071)
|![[Contact]](/images/contact.gif?1209136071)
||![[University of Birmingham]](/images/identifier2.gif?1243330508){kind=small} |
![[Talks@bham]](/images/talkslogosmall.gif?1243330508) |
University of Birmingham > Talks@bham > Computer Security Seminars > Formal Methods for the Security of the Internet of Services
Formal Methods for the Security of the Internet of ServicesAdd to your list(s) Download to your calendar using vCal
If you have a question about this talk, please contact Matthijs Melissen. In the Internet of Services (IoS), systems and applications are no longer the result of programming components in the traditional meaning but are built by composing services that are distributed over the network and reconfigured and consumed dynamically in a demand-driven, flexible way. However, composing services leads to new, subtle and dangerous, vulnerabilities due to interference between component services and policies, the shared communication layer, and application functionality. I will introduce the AVANTSSAR Platform and the SPaCIoS Tool, two integrated toolsets for the formal specification and automated validation of trust and security of applications in the IoS at design time and run time, respectively. (Both have been developed in the context of FP7 projects that I have been coordinating.) I will focus on two particular results that I have contributed to obtain. First, I will discuss a compositionality result that formalizes conditions for vertical composition of security protocols, i.e., when an application protocol (e.g., a banking service) runs over a channel established by another protocol (e.g., a secure channel provided by TLS ). This is interesting and useful as protocol composition can lead to attacks even when the individual protocols are all secure in isolation. Second, I will discuss how although computer security typically revolves around threats, attacks and defenses, the sub-field of security protocol analysis has so far focused almost exclusively on the notion of attack. I will motivate that there is room for a fruitful notion of defense for vulnerable protocols and that the conceptual bridge lies in the notion of multiple non-collaborating attackers and interference between simultaneous attack procedures. This talk is part of the Computer Security Seminars series. This talk is included in these lists:
Note that ex-directory lists are not shown. |
Other lists'Roles' Postgraduate Gender and Sexuality Network Discussion Human Computer Interaction seminars Postgraduate Seminars in the School of Computer ScienceOther talksHunt for an Earth-twin Quantum Sensing in Space The tragic destiny of Mileva Marić Einstein Ultrafast Spectroscopy and Microscopy as probes of Energy Materials TBA TBC |
Sunday 27 July 2014, 12:00-13:00