Section: Partnerships and Cooperations

National Initiatives

ANR

• ANR PROSE Protocoles de sécurité : modèle formel, modèle calculatoire, and implémentations — Security protocols : formal model, computational model, and implementations, duration: 4 years, started in December 2010. The goal of the project is to increase the confidence in security protocols, and in order to reach this goal, provide security proofs at three levels: (i) the symbolic level, in which messages are terms, (ii) the computational level, in which messages are bitstrings, and (iii) the implementation level: the program itself. Partners are EPI Prosecco and EPI Cascade Paris (leader), LSV Cachan, Cassis and Verimag Grenoble.

• ANR STREAMS Solution for Peer-to-peer Real-Time Social Web, duration: 3 years, starting in October 2010. This project proposes to design peer-to-peer solutions that offer underlying services required by real-time social web applications and that eliminate the disadvantages of centralised architectures. There exists a tension between sharing data with friends in a social network deployed in an open peer-to-peer network and ensuring privacy. One of the most challenging issues in social applications is how to balance collaboration with access control to shared objects. This project aims at providing theoretical solutions to these challenges as well as practical experimentations. Partners are: LORIA Score team (leader), Inria project-teams Regal, Asap, Cassis, and XWiki.

• ANR FREC Frontiers of recognizability, duration: 4 years, starting in October 2010. The goal of this project is to be a driving force behind the extension of the algebraic theory of regular languages made possible by recent advances. Four directions will be investigated: tree languages, $\lambda$-terms, automata with counters, algebraic and topological tools. Partners are LABRI (leader), LIAFA (University Paris 7). Pierre-Cyrille Héam is a member of this project, attached to Paris 7 for administrative facilities.

• ANR OSEP Online and offline model-based testing of SEcurity Properties, duration: 2 years, started in November 2011 and ended in November 2013. The goal of this project was to apply online and offline model-based testing approaches for security testing of cryptographic components and software radio case studies, used as a black boxes. This approach had to be compatible with our previous offline approaches to increase the number of artefacts that can be shared. So, we developed new algorithms to allow online testing, and a dedicated tool called MBeeTle. This project was an opportunity to reuse the results of the ANR TASCCC project, and to complete these approaches with security properties expressed in TOCL. This project involved the DGA and Smartesting.

Competitivity Clusters

• FUI SQUASH Software QUality ASsurance enHancement, duration: 2 years, starting in April 2011. This project aims to industrialize and to structure software testing activities. The project will provide a methodology and tools based on open source components.

• Project "Investissement d'Avenir - Développement de l'Econimie Numérique" DAST (Dynamic Application Security Testing), duration: 2 years, starting in September 2012. The goal of this project is to generate automatically the tests to prevent vulnerabilities. We have proposed an automated model-based vulnerability testing approach, that focuses on Criss-Site Scripting vulnerabilities in web applications. It relies on a behavioral model that describes the web application and a set of security test patterns formalizing ways to detect the vulnerabilities. This partnership includes NBSystem, Smartesting (coordinator), Thales, Trusted-Labs and Inria CASSIS.