CoSMeDis: A Distributed Social Media Platform with Formally Verified Confidentiality Guarantees

BauereiB, Thomas; Gritti, Armando Pesenti; Popescu, Andrei; Raimondi, Franco

doi:10.1109/sp.2017.24

Cited by 17 publications

(13 citation statements)

References 52 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Δ 3 : Both the paper and its N'th review are registered and the phase is Reviewing; now the two states can diverge on the content of the review. Δ 4 : The phase is either Reviewing or higher (e.g., Discussion), both traces have exhausted their Reviewing-tagged secrets, meaning that the remaining to-be-produced secrets must be Discussion-tagged 6 and are required to be equal; now the states must be equal too.…”

Section: Verification Of the Concrete Instancesmentioning

confidence: 99%

CoCon: A Conference Management System with Formally Verified Document Confidentiality

2020

Self Cite

View full text Add to dashboard Cite

We present a case study in formally verified security for realistic systems: the information flow security verification of the functional kernel of a web application, the CoCon conference management system. We use the Isabelle theorem prover to specify and verify fine-grained confidentiality properties, as well as complementary safety and "traceback" properties. The challenges posed by this development in terms of expressiveness have led to bounded-deducibility security, a novel security model and verification method generally applicable to systems describable as input/output automata.

show abstract

Section: Verification Of the Concrete Instancesmentioning

confidence: 99%

CoCon: A Conference Management System with Formally Verified Document Confidentiality

2020

Self Cite

View full text Add to dashboard Cite

show abstract

“…For highlighting the issue of privacy leakage, an inference attack for leakage of data privacy is introduced. A new approach known as PbD (Privacy by Design) principles is introduced for OSNs in distributed computing environments [32], instead of any framework or technique, it pointed out the lack of proper PIA (Privacy Impact Assessment) [33]. Authentication and access control always remained the core area of research in every computing system development [34], [35].…”

Section: B Osns Modelsmentioning

confidence: 99%

Privacy Concerns in Online Social Networks: A Users’ Perspective

Ali¹,

Kamran²,

Ahmed³

et al. 2019

IJACSA

View full text Add to dashboard Cite

Social networking has elevated the human life to the heights of interaction, response and content sharing. It has been offering state of the art facilities to its users for a long time. Though, over the period of time, the systems have become quite matured yet alongside the benefits, multiple concerns of the user with regard to the privacy and information security also exist. Multidimensional threat spectrum to the Internet has also been posed to social networking tools. A lot of work is being done to understand privacy concerns in social networks. In this scenario, a survey of privacy concerns in online social networks is conducted. Risks, privacy issues, and threats have been highlighted that occurred in recent years, analyzing the targets of attackers, their methods of attack and measures taken to counter/manage these threats are the focus. A social network depends on the user, social network site/application and communication medium provider i.e. the Internet facility. Existing research contains domain specific research work regarding privacy issues in social networks; however, a comprehensive research work related to overall infrastructure of online social networks is missing. Development of a taxonomy of threats and categorization of frauds relevant to social networks is an important contribution of this survey. After completing a comprehensive research survey on privacy concerns in online social networks, a set of privacy guidelines is provided and open research challenges are highlighted.

show abstract

“…Formalizations in Isabelle of end-user-facing applications have been studied for distributed applications [8] and conference management systems [19]. However, only the respective core of the server is verified.…”

Section: Related Workmentioning

confidence: 99%

Developing GUI Applications in a Verified Setting

Adelsberger

Setzer

Walkingshaw

2018

Dependable Software Engineering. Theories, Tools, and Applications

View full text Add to dashboard Cite

Although there have been major achievements in verified software, work on verifying graphical user interfaces (GUI) applications is underdeveloped relative to their ubiquity and societal importance. In this paper, we present a library for the development of verified, statedependent GUI applications in the dependently typed programming language Agda. The library uses Agda's expressive type system to ensure that the GUI, its controller, and the underlying model are all consistent, significantly reducing the scope for GUI-related bugs. We provide a way to specify and prove correctness properties of GUI applications in terms of user interactions and state transitions. Critically, GUI applications and correctness properties are not restricted to finite state machines and may involve the execution of arbitrary interactive programs. Additionally, the library connects to a standard, imperative GUI framework, enabling the development of native GUI applications with expected features, such as concurrency. We present applications of our library to building GUI applications to manage healthcare processes. The correctness properties we consider are the following: (1) That a state can only be reached by passing through a particular intermediate state, for example, that a particular treatment can only be reached after having conducted an X-Ray. (2) That one eventually reaches a particular state, for example, that one eventually decides on a treatment. The specification of such properties is defined in terms of a GUI application simulator, which simulates all possible sequences of interactions carried out by the user.

show abstract

CoSMeDis: A Distributed Social Media Platform with Formally Verified Confidentiality Guarantees

Cited by 17 publications

References 52 publications

CoCon: A Conference Management System with Formally Verified Document Confidentiality

CoCon: A Conference Management System with Formally Verified Document Confidentiality

Privacy Concerns in Online Social Networks: A Users’ Perspective

Developing GUI Applications in a Verified Setting

Contact Info

Product

Resources

About