EN FR
EN FR


Bibliography

Major publications by the team in recent years
  • 1M. Abadi, B. Blanchet.

    Analyzing Security Protocols with Secrecy Types and Logic Programs, in: Journal of the ACM, January 2005, vol. 52, no 1, pp. 102–146.
  • 2M. Abadi, B. Blanchet.

    Computer-Assisted Verification of a Protocol for Certified Email, in: Science of Computer Programming, October 2005, vol. 58, no 1–2, pp. 3–27, Special issue SAS'03.
  • 3M. Abadi, B. Blanchet, H. Comon-Lundh.

    Models and Proofs of Protocol Security: A Progress Report, in: 21st International Conference on Computer Aided Verification (CAV'09), Grenoble, France, A. Bouajjani, O. Maler (editors), Lecture Notes on Computer Science, Springer Verlag, June 2009, vol. 5643, pp. 35–49.
  • 4M. Abadi, B. Blanchet, C. Fournet.

    Just Fast Keying in the Pi Calculus, in: Programming Languages and Systems: Proceedings of the 13th European Symposium on Programming (ESOP'04), Barcelona, Spain, D. Schmidt (editor), Lecture Notes on Computer Science, Springer Verlag, March 2004, vol. 2986, pp. 340–354.
  • 5M. Abadi, B. Blanchet, C. Fournet.

    Just Fast Keying in the Pi Calculus, in: ACM Transactions on Information and System Security (TISSEC), July 2007, vol. 10, no 3, pp. 1–59.
  • 6X. Allamigeon, B. Blanchet.

    Reconstruction of Attacks against Cryptographic Protocols, in: 18th IEEE Computer Security Foundations Workshop (CSFW-18), Aix-en-Provence, France, IEEE Computer Society, June 2005, pp. 140–154.
  • 7G. Bana, K. Hasebe, M. Okada.

    Computationally Complete Symbolic Attacker and Key Exchange, in: ACM Conference on Computer and Communications Security (CCS'13), Berlin, Germany, ACM, 2013, pp. 1231–1246.

    http://hal.inria.fr/hal-00918848
  • 8C. Bansal, K. Bhargavan, S. Maffeis.

    Discovering Concrete Attacks on Website Authorization by Formal Analysis, in: 25th IEEE Computer Security Foundations Symposium (CSF'12), Cambridge, MA, USA, IEEE, June 2012, pp. 247–262.

    http://moscova.inria.fr/~karthik/pubs/discovering_concrete_attacks_csf12.pdf
  • 9R. Bardou, R. Focardi, Y. Kawamoto, L. Simionato, G. Steel, J.-K. Tsay.

    Efficient Padding Oracle Attacks on Cryptographic Hardware, in: CRYPTO, 2012, pp. 608–625.
  • 10J. Bengtson, K. Bhargavan, C. Fournet, A. D. Gordon, S. Maffeis.

    Refinement types for secure implementations, in: 21st IEEE Computer Security Foundations Symposium (CSF'08), 2008, pp. 17–32.
  • 11J. Bengtson, K. Bhargavan, C. Fournet, A. D. Gordon, S. Maffeis.

    Refinement types for secure implementations, in: ACM Trans. Program. Lang. Syst., 2011, vol. 33, no 2, 8 p.
  • 12K. Bhargavan, A. Delignat-Lavaud, S. Maffeis.

    Language-Based Defenses Against Untrusted Browser Origins, in: Proceedings of the 22th USENIX Security Symposium, 2013.

    http://hal.inria.fr/hal-00863372
  • 13K. Bhargavan, C. Fournet, R. Corin, E. Zalinescu.

    Cryptographically verified implementations for TLS, in: ACM Conference on Computer and Communications Security, 2008, pp. 459-468.
  • 14K. Bhargavan, C. Fournet, R. Corin, E. Zalinescu.

    Verified Cryptographic Implementations for TLS, in: ACM Transactions Inf. Syst. Secur., March 2012, vol. 15, no 1, pp. 3:1–3:32.

    http://doi.acm.org/10.1145/2133375.2133378
  • 15K. Bhargavan, C. Fournet, A. D. Gordon.

    Modular Verification of Security Protocol Code by Typing, in: ACM Symposium on Principles of Programming Languages (POPL'10), 2010, pp. 445–456.
  • 16K. Bhargavan, C. Fournet, A. D. Gordon, N. Swamy.

    Verified Implementations of the Information Card Federated Identity-Management Protocol, in: Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS'08), ACM Press, 2008, pp. 123–135.
  • 17K. Bhargavan, C. Fournet, M. Kohlweiss, A. Pironti, P.-Y. Strub.

    Implementing TLS with Verified Cryptographic Security, in: IEEE Symposium on Security & Privacy (Oakland), San Francisco, United States, 2013, pp. 445-462.

    http://hal.inria.fr/hal-00863373
  • 18B. Blanchet, M. Abadi, C. Fournet.

    Automated Verification of Selected Equivalences for Security Protocols, in: 20th IEEE Symposium on Logic in Computer Science (LICS 2005), Chicago, IL, IEEE Computer Society, June 2005, pp. 331–340.
  • 19B. Blanchet, M. Abadi, C. Fournet.

    Automated Verification of Selected Equivalences for Security Protocols, in: Journal of Logic and Algebraic Programming, February–March 2008, vol. 75, no 1, pp. 3–51.
  • 20B. Blanchet.

    Automatic Proof of Strong Secrecy for Security Protocols, in: IEEE Symposium on Security and Privacy, Oakland, California, May 2004, pp. 86–100.
  • 21B. Blanchet.

    An Automatic Security Protocol Verifier based on Resolution Theorem Proving (invited tutorial), in: 20th International Conference on Automated Deduction (CADE-20), Tallinn, Estonia, July 2005.
  • 22B. Blanchet.

    Security Protocols: From Linear to Classical Logic by Abstract Interpretation, in: Information Processing Letters, September 2005, vol. 95, no 5, pp. 473–479.
  • 23B. Blanchet.

    A Computationally Sound Mechanized Prover for Security Protocols, in: IEEE Symposium on Security and Privacy, Oakland, California, May 2006, pp. 140-154.
  • 24B. Blanchet.

    Computationally Sound Mechanized Proofs of Correspondence Assertions, in: 20th IEEE Computer Security Foundations Symposium (CSF'07), Venice, Italy, IEEE, July 2007, pp. 97–111.
  • 25B. Blanchet.

    A Computationally Sound Mechanized Prover for Security Protocols, in: IEEE Transactions on Dependable and Secure Computing, October–December 2008, vol. 5, no 4, pp. 193–207.
  • 26B. Blanchet.

    Vérification automatique de protocoles cryptographiques : modèle formel et modèle calculatoire. Automatic verification of security protocols: formal model and computational model, Université Paris-Dauphine, November 2008, Mémoire d'habilitation à diriger des recherches.
  • 27B. Blanchet.

    Automatic Verification of Correspondences for Security Protocols, in: Journal of Computer Security, July 2009, vol. 17, no 4, pp. 363–434.
  • 28B. Blanchet.

    Using Horn Clauses for Analyzing Security Protocols, in: Formal Models and Techniques for Analyzing Security Protocols, V. Cortier, S. Kremer (editors), Cryptology and Information Security Series, IOS Press, March 2011, vol. 5, pp. 86–111.
  • 29B. Blanchet.

    Automatically Verified Mechanized Proof of One-Encryption Key Exchange, in: 25th IEEE Computer Security Foundations Symposium (CSF'12), Cambridge, MA, USA, IEEE, June 2012, pp. 325–339.

    http://prosecco.gforge.inria.fr/personal/bblanche/publications/BlanchetCSF12.pdf
  • 30B. Blanchet, A. Chaudhuri.

    Automated Formal Analysis of a Protocol for Secure File Sharing on Untrusted Storage, in: IEEE Symposium on Security and Privacy, Oakland, CA, IEEE, May 2008, pp. 417–431.
  • 31B. Blanchet, A. D. Jaggard, A. Scedrov, J.-K. Tsay.

    Computationally Sound Mechanized Proofs for Basic and Public-key Kerberos, in: ACM Symposium on Information, Computer and Communications Security (ASIACCS'08), Tokyo, Japan, ACM, March 2008, pp. 87–99.
  • 32B. Blanchet, M. Paiola.

    Automatic Verification of Protocols with Lists of Unbounded Length, in: CCS'13 - ACM Conference on Computer and Communications Security, Berlin, Germany, ACM, 2013, pp. 573–584. [ DOI : 10.1145/2508859.2516679 ]

    http://hal.inria.fr/hal-00918849
  • 33B. Blanchet, A. Podelski.

    Verification of Cryptographic Protocols: Tagging Enforces Termination, in: Theoretical Computer Science, March 2005, vol. 333, no 1-2, pp. 67–90, Special issue FoSSaCS'03.
  • 34B. Blanchet, D. Pointcheval.

    Automated Security Proofs with Sequences of Games, in: CRYPTO'06, Santa Barbara, CA, C. Dwork (editor), Lecture Notes on Computer Science, Springer Verlag, August 2006, vol. 4117, pp. 537–554.
  • 35M. Bortolozzo, M. Centenaro, R. Focardi, G. Steel.

    Attacking and Fixing PKCS#11 Security Tokens, in: Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS'10), Chicago, Illinois, USA, ACM Press, October 2010, pp. 260-269.
  • 36D. Cadé.

    Proved Implementations of Cryptographic Protocols in the Computational Model, Université Paris VII, December 2013.
  • 37V. Cortier, B. Smyth.

    Attacking and fixing Helios: An analysis of ballot secrecy, in: Journal of Computer Security, 2013, vol. 21, no 1, pp. 89–148.
  • 38V. Cortier, G. Steel, C. Wiedling.

    Revoke and let live: a secure key revocation api for cryptographic devices, in: ACM Conference on Computer and Communications Security (CCS'12), 2012, pp. 918-928.
  • 39S. Delaune, S. Kremer, G. Steel.

    Formal Analysis of PKCS#11 and Proprietary Extensions, in: Journal of Computer Security, November 2010, vol. 18, no 6, pp. 1211-1245.
  • 40S. Kremer, R. Künnemann, G. Steel.

    Universally Composable Key-Management, in: Proceedings of the 18th European Symposium on Research in Computer Security (ESORICS'13), Egham, U.K., J. Crampton, S. Jajodia, K. Mayes (editors), Lecture Notes in Computer Science, Springer, September 2013, vol. 8134, pp. 327-344.
  • 41A. Pironti, R. Sisto.

    Provably Correct Java Implementations of Spi Calculus Security Protocols Specifications, in: Computers & Security, 2010, vol. 29, pp. 302 - 314.
  • 42B. Smyth, D. Bernhard.

    Ballot secrecy and ballot independence coincide, in: ESORICS'13: 18th European Symposium on Research in Computer Security, LNCS, Springer, 2013, vol. 8134, pp. 463-480.

    http://www.bensmyth.com/publications/2013-ballot-independence-for-election-schemes/
  • 43N. Swamy, J. Chen, C. Fournet, P.-Y. Strub, K. Bhargavan, J. Yang.

    Secure distributed programming with value-dependent types, in: 16th ACM SIGPLAN international conference on Functional Programming, 2011, pp. 266-278.
  • 44N. Swamy, J. Chen, C. Fournet, P.-Y. Strub, K. Bhargavan, J. Yang.

    Secure distributed programming with value-dependent types, in: J. Funct. Program., 2013, vol. 23, no 4, pp. 402-451.
Publications of the year

Doctoral Dissertations and Habilitation Theses

  • 45M. Paiola.

    Verification of cryptographic protocols with lists of unbounded lengths, Université Paris-Diderot (Paris 7), May 2014.

    https://hal.inria.fr/tel-01103104

Articles in International Peer-Reviewed Journals

  • 46M. Backes, C. Hriţcu, M. Maffei.

    Union, Intersection, and Refinement Types and Reasoning About Type Disjointness for Secure Protocol Implementations, in: Journal of Computer Security, 2014, vol. 22, no 2, pp. 301-353. [ DOI : 10.3233/JCS-130493 ]

    https://hal.inria.fr/hal-01102192
  • 47C. Bansal, K. Bhargavan, A. Delignat-Lavaud, S. Maffeis.

    Discovering concrete attacks on website authorization by formal analysis, in: Journal of Computer Security, 2014, vol. 22, no 4, pp. 601-657. [ DOI : 10.3233/JCS-140503 ]

    https://hal.inria.fr/hal-01102202
  • 48D. Cadé, B. Blanchet.

    Proved Generation of Implementations from Computationally Secure Protocol Specifications, in: Journal of Computer Security, 2015, 135 p, forthcoming.

    https://hal.inria.fr/hal-01102382
  • 49V. Cortier, G. Steel.

    A Generic Security API for Symmetric Key Management on Cryptographic Devices, in: Information and Computation, 2014, vol. 238, 25 p.

    https://hal.inria.fr/hal-00881072

International Conferences with Proceedings

  • 50G. Bana, H. Comon-Lundh.

    A Computationally Complete Symbolic Attacker for Equivalence Properties, in: 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, United States, ACM, November 2014, pp. 609-620. [ DOI : 10.1145/2660267.2660276 ]

    https://hal.inria.fr/hal-01102216
  • 51E.-I. Bartzia, P.-Y. Strub.

    A Formal Library for Elliptic Curves in the Coq Proof Assistant, in: Interactive Theorem Proving, Vienna, Austria, G. Klein, R. Gamboa (editors), Lecture Notes in Computer Science, Springer, July 2014, vol. 8558, pp. 77-92. [ DOI : 10.1007/978-3-319-08970-6_6 ]

    https://hal.inria.fr/hal-01102288
  • 52B. Beurdouche, K. Bhargavan, A. Delignat-Lavaud, C. Fournet, M. Kohlweiss, A. Pironti, P.-Y. Strub, J. K. Zinzindohoue.

    A Messy State of the Union: Taming the Composite State Machines of TLS, in: IEEE Symposium on Security & Privacy 2015, San Jose, United States, IEEE, May 2015, forthcoming.

    https://hal.inria.fr/hal-01114250
  • 53K. Bhargavan, A. Delignat-Lavaud, C. Fournet, A. Pironti, P.-Y. Strub.

    Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS, in: IEEE Symposium on Security & Privacy, San Jose, United States, IEEE, April 2014. [ DOI : 10.1109/SP.2014.14 ]

    https://hal.inria.fr/hal-01102259
  • 54K. Bhargavan, A. Delignat-Lavaud, A. Pironti.

    Verified Contributive Channel Bindings for Compound Authentication, in: Network and Distributed System Security Symposium (NDSS'15), San Diego, United States, February 2015, forthcoming.

    https://hal.inria.fr/hal-01114248
  • 55K. Bhargavan, C. Fournet, M. Kohlweiss, A. Pironti, P.-Y. Strub, S. Zanella-Béguelin.

    Proving the TLS Handshake Secure (As It Is), in: CRYPTO 2014, Santa Barbara, United States, J. A. Garay, R. Gennaro (editors), Lecture Notes in Computer Science, Springer, August 2014, vol. 8617, pp. 235-255. [ DOI : 10.1007/978-3-662-44381-1_14 ]

    https://hal.inria.fr/hal-01102229
  • 56A. Delignat-Lavaud, M. Abadi, M. Birrell, I. Mironov, T. Wobber, Y. Xie.

    Web PKI: Closing the Gap between Guidelines and Practices, in: Network and Distributed System Security Symposium, San Diego, United States, Internet Society, February 2014. [ DOI : 10.14722/ndss.2014.23305 ]

    https://hal.inria.fr/hal-01102254
  • 57A. Delignat-Lavaud, K. Bhargavan.

    Network-based Origin Confusion Attacks against HTTPS Virtual Hosting, in: 24th International Conference on World Wide Web, Florence, Italy, ACM, May 2015, forthcoming.

    https://hal.inria.fr/hal-01114246
  • 58U. Dhawan, C. Hritcu, R. Rubin, N. Vasilakis, S. Chiricescu, J. M. Smith, J. T. F. Knight, B. C. Pierce, A. DeHon.

    Architectural Support for Software-Defined Metadata Processing, in: 20th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2015), Istanbul, Turkey, ACM, March 2015, forthcoming.

    https://hal.inria.fr/hal-01102378
  • 59T. Gauthier, C. Kaliszyk, C. Keller, M. Norrish.

    Beagle as a HOL4 external ATP method, in: PAAR - Fourth Workshop on Practical Aspects of Automated Reasoning, Vienne, Austria, July 2014.

    https://hal.inria.fr/hal-01089316
  • 60S. Kremer, R. Künnemann.

    Automated Analysis of Security Protocols with Global State, in: 35th IEEE Symposium on Security and Privacy (S&P'14), San Jose, United States, I. C. Society (editor), 2014, pp. 163–178. [ DOI : 10.1109/SP.2014.18 ]

    https://hal.inria.fr/hal-01091241
  • 61A. McCarthy, B. Smyth, E. A. Quaglia.

    Hawk and Aucitas: e-Auction Schemes from the Helios and Civitas e-Voting Schemes, in: FC 2014 - Financial Cryptography and Data Security, Christ Church, Barbados, N. Christin, R. Safavi-Naini (editors), LNCS - Lecture Notes in Computer Science, Springer, March 2014, vol. 8437, pp. 51-63. [ DOI : 10.1007/978-3-662-45472-5_4 ]

    https://hal.inria.fr/hal-01102159
  • 62N. Swamy, C. Fournet, A. Rastogi, K. Bhargavan, J. Chen, P.-Y. Strub, G. Bierman.

    Gradual Typing Embedded Securely in JavaScript, in: POPL 2014 - 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, San Diego, CA, United States, ACM, January 2014, pp. 425-437. [ DOI : 10.1145/2535838.2535889 ]

    https://hal.inria.fr/hal-00940836
  • 63A. A. de Amorim, N. Collins, A. DeHon, D. Demange, C. Hritcu, D. Pichardie, B. C. Pierce, R. Pollack, A. Tolmach.

    A Verified Information-Flow Architecture, in: 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), San Diego, CA, United States, 2014. [ DOI : 10.1145/2535838.2535839 ]

    https://hal.inria.fr/hal-00918847

National Conferences with Proceedings

  • 64G. Bana, K. Hasebe, M. Okada.

    Computationally Complete Symbolic Adversary and Key Exchange, in: 31st Symposium on Cryptography and Information Security, Kagoshima, Japan, 2014.

    https://hal.inria.fr/hal-01102293

Scientific Books (or Scientific Book chapters)

  • 65K. Bhargavan, A. Delignat-Lavaud, S. Maffeis.

    Defensive JavaScript, in: Foundations of Security Analysis and Design VII, A. Aldini, J. Lopez, F. Martinelli (editors), Lecture Notes in Computer Science, Springer, 2014, vol. 8604, pp. 88-123. [ DOI : 10.1007/978-3-319-10082-1_4 ]

    https://hal.inria.fr/hal-01102144
  • 66B. Blanchet.

    Automatic Verification of Security Protocols in the Symbolic Model: The Verifier ProVerif, in: Foundations of Security Analysis and Design VII, A. Aldini, J. Lopez, F. Martinelli (editors), Lecture Notes in Computer Science, Springer, 2014, vol. 8604, pp. 54-87. [ DOI : 10.1007/978-3-319-10082-1_3 ]

    https://hal.inria.fr/hal-01102136

Internal Reports

  • 67K. Bhargavan, C. Fournet, M. Kohlweiss, A. Pironti, P.-Y. Strub, S. Zanella-Béguelin.

    Proving the TLS Handshake Secure (as it is), Cryptology ePrint Archive, March 2014, no 2014/182, 48 p.

    https://hal.inria.fr/hal-01102231
  • 68C. Hritcu, L. Lampropoulos, A. Spector-Zabusky, A. A. de Amorim, M. Dénès, J. Hughes, B. C. Pierce, D. Vytiniotis.

    Testing Noninterference, Quickly, arXiv, September 2014, no arXiv:1409.0393, 50 p.

    https://hal.inria.fr/hal-01102224
  • 69B. Smyth, D. Bernhard.

    Ballot secrecy with malicious bulletin boards, Cryptology ePrint Archive, October 2014, no 2014/822, 7 p.

    https://hal.inria.fr/hal-01102306
  • 70B. Smyth, A. Pironti.

    Truncating TLS Connections to Violate Beliefs in Web Applications, Inria Paris, October 2014, This document extends https://hal.inria.fr/hal-00863371v1.

    https://hal.inria.fr/hal-01102013
References in notes
  • 71M. Abadi, B. Blanchet.

    Analyzing Security Protocols with Secrecy Types and Logic Programs, in: Journal of the ACM, January 2005, vol. 52, no 1, pp. 102–146.
  • 72M. Abadi, B. Blanchet, C. Fournet.

    Just Fast Keying in the Pi Calculus, in: ACM Transactions on Information and System Security (TISSEC), July 2007, vol. 10, no 3, pp. 1–59.
  • 73J. Bengtson, K. Bhargavan, C. Fournet, A. D. Gordon, S. Maffeis.

    Refinement types for secure implementations, in: ACM Trans. Program. Lang. Syst., 2011, vol. 33, no 2, 8 p.
  • 74K. Bhargavan, A. Delignat-Lavaud, S. Maffeis.

    Language-Based Defenses Against Untrusted Browser Origins, in: Proceedings of the 22th USENIX Security Symposium, 2013.
  • 75K. Bhargavan, C. Fournet, R. Corin, E. Zalinescu.

    Verified Cryptographic Implementations for TLS, in: ACM Transactions Inf. Syst. Secur., March 2012, vol. 15, no 1, 3:1 p.
  • 76K. Bhargavan, C. Fournet, A. D. Gordon.

    Modular Verification of Security Protocol Code by Typing, in: ACM Symposium on Principles of Programming Languages (POPL'10), 2010, pp. 445–456.
  • 77K. Bhargavan, C. Fournet, A. D. Gordon, N. Swamy.

    Verified Implementations of the Information Card Federated Identity-Management Protocol, in: Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS'08), ACM Press, 2008, pp. 123–135.
  • 78B. Blanchet, M. Abadi, C. Fournet.

    Automated Verification of Selected Equivalences for Security Protocols, in: Journal of Logic and Algebraic Programming, February–March 2008, vol. 75, no 1, pp. 3–51.
  • 79B. Blanchet.

    An Efficient Cryptographic Protocol Verifier Based on Prolog Rules, in: 14th IEEE Computer Security Foundations Workshop (CSFW'01), 2001, pp. 82–96.
  • 80B. Blanchet.

    Automatic Verification of Correspondences for Security Protocols, in: Journal of Computer Security, July 2009, vol. 17, no 4, pp. 363–434.
  • 81B. Blanchet, A. Podelski.

    Verification of Cryptographic Protocols: Tagging Enforces Termination, in: Theoretical Computer Science, March 2005, vol. 333, no 1-2, pp. 67–90, Special issue FoSSaCS'03.
  • 82J. Clulow.

    On the Security of PKCS#11, in: CHES, 2003, pp. 411-425.
  • 83S. Delaune, S. Kremer, G. Steel.

    Formal Analysis of PKCS#11 and Proprietary Extensions, in: Journal of Computer Security, November 2010, vol. 18, no 6, pp. 1211-1245.
  • 84D. Dolev, A. Yao.

    On the security of public key protocols, in: IEEE Transactions on Information Theory, 1983, vol. IT–29, no 2, pp. 198–208.
  • 85C. Fournet, M. Kohlweiss, P.-Y. Strub.

    Modular Code-Based Cryptographic Verification, in: ACM Conference on Computer and Communications Security, 2011.
  • 86R. Needham, M. Schroeder.

    Using encryption for authentication in large networks of computers, in: Communications of the ACM, 1978, vol. 21, no 12, pp. 993–999.
  • 87N. Swamy, J. Chen, C. Fournet, P.-Y. Strub, K. Bhargavan, J. Yang.

    Secure distributed programming with value-dependent types, in: 16th ACM SIGPLAN international conference on Functional Programming, 2011, pp. 266-278.
  • 88N. Swamy, J. Chen, C. Fournet, P.-Y. Strub, K. Bhargavan, J. Yang.

    Secure distributed programming with value-dependent types, in: J. Funct. Program., 2013, vol. 23, no 4, pp. 402-451.