Bibliography

Major publications by the team in recent years

• 1M. Abadi, B. Blanchet.
  
  Analyzing Security Protocols with Secrecy Types and Logic Programs, in: Journal of the ACM, January 2005, vol. 52, n^o 1, pp. 102–146.
• 2G. Bana, K. Hasebe, M. Okada.
  
  Computationally Complete Symbolic Attacker and Key Exchange, in: ACM Conference on Computer and Communications Security (CCS'13), Berlin, Germany, ACM, 2013, pp. 1231–1246.
  
  http://hal.inria.fr/hal-00918848
• 3R. Bardou, R. Focardi, Y. Kawamoto, L. Simionato, G. Steel, J.-K. Tsay.
  
  Efficient Padding Oracle Attacks on Cryptographic Hardware, in: CRYPTO, 2012, pp. 608–625.
• 4K. Bhargavan, A. Delignat-Lavaud, S. Maffeis.
  
  Language-Based Defenses Against Untrusted Browser Origins, in: Proceedings of the 22th USENIX Security Symposium, 2013.
  
  http://hal.inria.fr/hal-00863372
• 5K. Bhargavan, C. Fournet, A. D. Gordon.
  
  Modular verification of security protocol code by typing, in: 37th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'10), 2010, pp. 445-456.
• 6K. Bhargavan, C. Fournet, M. Kohlweiss, A. Pironti, P.-Y. Strub.
  
  Implementing TLS with Verified Cryptographic Security, in: IEEE Symposium on Security & Privacy (Oakland), San Francisco, United States, 2013, pp. 445-462.
  
  http://hal.inria.fr/hal-00863373
• 7B. Blanchet, M. Paiola.
  
  Automatic Verification of Protocols with Lists of Unbounded Length, in: CCS'13 - ACM Conference on Computer and Communications Security, Berlin, Germany, ACM, 2013, pp. 573–584. [ DOI : 10.1145/2508859.2516679 ]
  
  http://hal.inria.fr/hal-00918849
• 8B. Blanchet, D. Pointcheval.
  
  Automated Security Proofs with Sequences of Games, in: CRYPTO'06, Santa Barbara, CA, C. Dwork (editor), LNCS, Springer Verlag, August 2006, vol. 4117, pp. 537–554.
• 9M. Bortolozzo, M. Centenaro, R. Focardi, G. Steel.
  
  Attacking and Fixing PKCS#11 Security Tokens, in: Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS'10), Chicago, Illinois, USA, ACM Press, October 2010, pp. 260-269. [ DOI : 10.1145/1866307.1866337 ]
  
  http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/BCFS-ccs10.pdf
• 10V. Cortier, G. Steel, C. Wiedling.
  
  Revoke and let live: a secure key revocation api for cryptographic devices, in: ACM Conference on Computer and Communications Security (CCS'12), 2012, pp. 918-928.

Publications of the year

Doctoral Dissertations and Habilitation Theses

• 11R. Künnemann.
  
  Foundations for analyzing security APIs in the symbolic and computational model, École normale supérieure de Cachan - ENS Cachan, January 2014.
  
  http://hal.inria.fr/tel-00942459

Articles in International Peer-Reviewed Journals

• 12M. Backes, C. Hritcu, M. Maffei.
  
  Union, Intersection, and Refinement Types and Reasoning About Type Disjointness for Secure Protocol Implementations, in: Special issue of the Journal of Computer Security (JCS) for TOSCA-SecCo, 2013, Accepted for publication.
  
  http://hal.inria.fr/hal-00918846
• 13D. Cadé, B. Blanchet.
  
  From Computationally-Proved Protocol Specifications to Implementations and Application to SSH, in: Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), 2013, vol. 4, n^o 1, pp. 4–31, Special issue ARES'12.
  
  http://hal.inria.fr/hal-00863374
• 14V. Cortier, B. Smyth.
  
  Attacking and fixing Helios: An analysis of ballot secrecy, in: Journal of Computer Security, 2013, vol. 21, n^o 1, pp. 89–148. [ DOI : 10.3233/JCS-2012-0458 ]
  
  http://hal.inria.fr/hal-00940324
• 15V. Cortier, G. Steel.
  
  A Generic Security API for Symmetric Key Management on Cryptographic Devices, in: Information and Computation, 2013, To appear.
  
  http://hal.inria.fr/hal-00881072
• 16M. Paiola, B. Blanchet.
  
  Verification of Security Protocols with Lists: from Length One to Unbounded Length, in: Journal of Computer Security, 2013, vol. 21, n^o 6, pp. 781–816, Special issue POST'12.
  
  http://hal.inria.fr/hal-00939187
• 17N. Swamy, J. Chen, C. Fournet, P.-Y. Strub, K. Bhargavan, J. Yang.
  
  Secure distributed programming with value-dependent types, in: J. Funct. Program., 2013, vol. 23, n^o 4, pp. 402-451.
  
  http://hal.inria.fr/hal-00939188

International Conferences with Proceedings

• 18A. A. Amorim, N. Collins, A. DeHon, D. Demange, C. Hritcu, D. Pichardie, B. C. Pierce, R. Pollack, A. Tolmach.
  
  A Verified Information-Flow Architecture, in: 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), San Diego, CA, United States, 2014, To appear. [ DOI : 10.1145/2535838.2535839 ]
  
  http://hal.inria.fr/hal-00918847
• 19G. Bana, K. Hasebe, M. Okada.
  
  Computationally Complete Symbolic Attacker and Key Exchange, in: ACM Conference on Computer and Communications Security (CCS'13), Berlin, Germany, ACM, 2013, pp. 1231–1246.
  
  http://hal.inria.fr/hal-00918848
• 20C. Bansal, K. Bhargavan, A. Delignat-Lavaud, S. Maffeis.
  
  Keys to the Cloud: Formal Analysis and Concrete Attacks on Encrypted Web Storage, in: 2nd Conference on Principles of Security and Trust (POST 2013), Rome, Italy, D. Basin, J. Mitchell (editors), lncs, spv, 2013, vol. 7796, pp. 126–146.
  
  http://hal.inria.fr/hal-00863375
• 21K. Bhargavan, C. Fournet, M. Kohlweiss, A. Pironti, P.-Y. Strub.
  
  Implementing TLS with Verified Cryptographic Security, in: IEEE Symposium on Security & Privacy (Oakland), San Francisco, United States, 2013, pp. 445-462.
  
  http://hal.inria.fr/hal-00863373
• 22B. Blanchet, M. Paiola.
  
  Automatic Verification of Protocols with Lists of Unbounded Length, in: CCS'13 - ACM Conference on Computer and Communications Security, Berlin, Germany, ACM, 2013, pp. 573–584. [ DOI : 10.1145/2508859.2516679 ]
  
  http://hal.inria.fr/hal-00918849
• 23D. Cadé, B. Blanchet.
  
  Proved Generation of Implementations from Computationally-Secure Protocol Specifications, in: 2nd Conference on Principles of Security and Trust (POST 2013), Rome, Italy, D. Basin, J. Mitchell (editors), lncs, spv, 2013, vol. 7796, pp. 63–82.
  
  http://hal.inria.fr/hal-00863376
• 24V. Cheval, B. Blanchet.
  
  Proving More Observational Equivalences with ProVerif, in: 2nd Conference on Principles of Security and Trust (POST 2013), Rome, Italy, D. Basin, J. Mitchell (editors), lncs, spv, 2013, vol. 7796, pp. 226–246.
  
  http://hal.inria.fr/hal-00863377
• 25A. Delignat-Lavaud, K. Bhargavan, S. Maffeis.
  
  Language-Based Defenses Against Untrusted Browser Origins, in: Proceedings of the 22th USENIX Security Symposium, 2013.
  
  http://hal.inria.fr/hal-00863372
• 26S. Kremer, R. Künnemann, G. Steel.
  
  Universally Composable Key-Management, in: 18th European Symposium on Research in Computer Security (ESORICS'13), Egham, United Kingdom, J. Crampton, S. Jajodia (editors), Lecture Notes in Computer Science, Springer, 2013, vol. 8134. [ DOI : 10.1007/978-3-642-40203-6_19 ]
  
  http://hal.inria.fr/hal-00878632
• 27M. J. May, K. Bhargavan.
  
  Towards Unified Authorization for Android, in: 5th International Symposium on Engineering Secure Software and Systems (ESSoS 2013), llncs, spv, 2013, vol. 7781, pp. 42-57.
  
  http://hal.inria.fr/hal-00863384
• 28B. Smyth, D. Bernhard.
  
  Ballot secrecy and ballot independence coincide, in: ESORICS'13: 18th European Symposium on Research in Computer Security, Egham, United Kingdom, LNCS, Springer, 2013, vol. 8134, pp. 463-480.
  
  http://hal.inria.fr/hal-00863370
• 29B. Smyth, A. Pironti.
  
  Truncating TLS Connections to Violate Beliefs in Web Applications, in: WOOT'13: 7th USENIX Workshop on Offensive Technologies, Washington, United States, USENIX Association, 2013, First appeared at Black Hat USA 2013.
  
  http://hal.inria.fr/hal-00863371
• 30N. Swamy, C. Fournet, A. Rastogi, K. Bhargavan, J. Chen, P.-Y. Strub, G. Bierman.
  
  Gradual Typing Embedded Securely in JavaScript, in: POPL 2014 - 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, San Diego, CA, United States, ACM, 2014, pp. 425-437. [ DOI : 10.1145/2535838.2535889 ]
  
  http://hal.inria.fr/hal-00940836

Internal Reports

• 31C. Bansal, K. Bhargavan, A. Delignat-Lavaud, S. Maffeis.
  
  Discovering Concrete Attacks on Website Authorization by Formal Analysis, Inria, April 2013, n^o RR-8287, 46 p.
  
  http://hal.inria.fr/hal-00815834
• 32M. Daubignard, D. Lubicz, G. Steel.
  
  A Secure Key Management Interface with Asymmetric Cryptography, Inria, 2013, n^o RR-8274.
  
  http://hal.inria.fr/hal-00805987
• 33A. Delignat-Lavaud, K. Bhargavan, S. Maffeis.
  
  Embedding of Security Components in Untrusted Third-Party Websites, Inria, April 2013, n^o RR-8285, 32 p.
  
  http://hal.inria.fr/hal-00815800

References in notes

• 34M. Abadi, B. Blanchet.
  
  Analyzing Security Protocols with Secrecy Types and Logic Programs, in: Journal of the ACM, January 2005, vol. 52, n^o 1, pp. 102–146.
• 35M. Abadi, B. Blanchet, C. Fournet.
  
  Just Fast Keying in the Pi Calculus, in: ACM Transactions on Information and System Security (TISSEC), July 2007, vol. 10, n^o 3, pp. 1–59.
• 36J. Bengtson, K. Bhargavan, C. Fournet, A. D. Gordon, S. Maffeis.
  
  Refinement types for secure implementations, in: ACM Trans. Program. Lang. Syst., 2011, vol. 33, n^o 2, 8 p.
• 37K. Bhargavan, C. Fournet, R. Corin, E. Zalinescu.
  
  Verified Cryptographic Implementations for TLS, in: ACM Transactions Inf. Syst. Secur., March 2012, vol. 15, n^o 1, 3:1 p.
• 38K. Bhargavan, C. Fournet, A. D. Gordon.
  
  Modular Verification of Security Protocol Code by Typing, in: ACM Symposium on Principles of Programming Languages (POPL'10), 2010, pp. 445–456.
• 39K. Bhargavan, C. Fournet, A. D. Gordon, N. Swamy.
  
  Verified Implementations of the Information Card Federated Identity-Management Protocol, in: Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS'08), ACM Press, 2008, pp. 123–135.
• 40B. Blanchet, M. Abadi, C. Fournet.
  
  Automated Verification of Selected Equivalences for Security Protocols, in: Journal of Logic and Algebraic Programming, February–March 2008, vol. 75, n^o 1, pp. 3–51.
• 41B. Blanchet.
  
  An Efficient Cryptographic Protocol Verifier Based on Prolog Rules, in: 14th IEEE Computer Security Foundations Workshop (CSFW'01), 2001, pp. 82–96.
• 42B. Blanchet.
  
  Automatic Verification of Correspondences for Security Protocols, in: Journal of Computer Security, July 2009, vol. 17, n^o 4, pp. 363–434.
• 43B. Blanchet, A. Podelski.
  
  Verification of Cryptographic Protocols: Tagging Enforces Termination, in: Theoretical Computer Science, March 2005, vol. 333, n^o 1-2, pp. 67–90, Special issue FoSSaCS'03.
• 44D. Cadé.
  
  Proved Implementations of Cryptographic Protocols in the Computational Model, Université Paris VII, December 2013.
• 45J. Clulow.
  
  On the Security of PKCS#11, in: CHES, 2003, pp. 411-425.
• 46S. Delaune, S. Kremer, G. Steel.
  
  Formal Analysis of PKCS#11 and Proprietary Extensions, in: Journal of Computer Security, November 2010, vol. 18, n^o 6, pp. 1211-1245.
• 47D. Dolev, A. Yao.
  
  On the security of public key protocols, in: IEEE Transactions on Information Theory, 1983, vol. IT–29, n^o 2, pp. 198–208.
• 48C. Fournet, M. Kohlweiss, P.-Y. Strub.
  
  Modular Code-Based Cryptographic Verification, in: ACM Conference on Computer and Communications Security, 2011.
• 49R. Needham, M. Schroeder.
  
  Using encryption for authentication in large networks of computers, in: Communications of the ACM, 1978, vol. 21, n^o 12, pp. 993–999.
• 50M. Paiola, B. Blanchet.
  
  Verification of Security Protocols with Lists: from Length One to Unbounded Length, in: Journal of Computer Security, December 2013, vol. 21, n^o 6, pp. 781–816, Special issue POST'12.
• 51N. Swamy, J. Chen, C. Fournet, P.-Y. Strub, K. Bhargavan, J. Yang.
  
  Secure distributed programming with value-dependent types, in: 16th ACM SIGPLAN international conference on Functional Programming, 2011, pp. 266-278.