Search

Your search keyword '"Mauw, Sjouke"' showing total 763 results
Start Over Author "Mauw, Sjouke"

Refine your results

more »

more »

more »

more »
763 results on '"Mauw, Sjouke"'

1. Software-Based Memory Erasure with relaxed isolation requirements: Extended Version

Author

Bursuc, Sergiu, Gil-Pons, Reynaldo, Mauw, Sjouke, and Trujillo-Rasua, Rolando

Subjects
Computer Science - Cryptography and Security
Abstract

A Proof of Secure Erasure (PoSE) is a communication protocol where a verifier seeks evidence that a prover has erased its memory within the time frame of the protocol execution. Designers of PoSE protocols have long been aware that, if a prover can outsource the computation of the memory erasure proof to another device, then their protocols are trivially defeated. As a result, most software-based PoSE protocols in the literature assume that provers are isolated during the protocol execution, that is, provers cannot receive help from a network adversary. Our main contribution is to show that this assumption is not necessary. We introduce formal models for PoSE protocols playing against provers aided by external conspirators and develop three PoSE protocols that we prove secure in this context. We reduce the requirement of isolation to the more realistic requirement that the communication with the external conspirator is relatively slow. Software-based protocols with such relaxed isolation assumptions are especially pertinent for low-end devices, where it is too costly to deploy sophisticated protection methods.

Published
2024

2. Automated generation of attack trees with optimal shape and labelling

Author

Gadyatskaya, Olga, Mauw, Sjouke, Trujillo-Rasuac, Rolando, and Willemse, Tim A. C.

Subjects
Computer Science - Cryptography and Security, Computer Science - Formal Languages and Automata Theory
Abstract

This article addresses the problem of automatically generating attack trees that soundly and clearly describe the ways the system can be attacked. Soundness means that the attacks displayed by the attack tree are indeed attacks in the system; clarity means that the tree is efficient in communicating the attack scenario. To pursue clarity, we introduce an attack-tree generation algorithm that minimises the tree size and the information length of its labels without sacrificing correctness. We achieve this by i) introducing a system model that allows to reason about attacks and goals in an efficient manner, and ii) by establishing a connection between the problem of factorising algebraic expressions and the problem of minimising the tree size. To the best of our knowledge, we introduce the first attack-tree generation framework that optimises the labelling and shape of the generated trees, while guaranteeing their soundness with respect to a system specification.

Published
2023

3. Provably Unlinkable Smart Card-based Payments

Author

Bursuc, Sergiu, Horne, Ross, Mauw, Sjouke, and Yurkov, Semen

Subjects
Computer Science - Cryptography and Security
Abstract

The most prevalent smart card-based payment method, EMV, currently offers no privacy to its users. Transaction details and the card number are sent in cleartext, enabling the profiling and tracking of cardholders. Since public awareness of privacy issues is growing and legislation, such as GDPR, is emerging, we believe it is necessary to investigate the possibility of making payments anonymous and unlinkable without compromising essential security guarantees and functional properties of EMV. This paper draws attention to trade-offs between functional and privacy requirements in the design of such a protocol. We present the UTX protocol - an enhanced payment protocol satisfying such requirements, and we formally certify key security and privacy properties using techniques based on the applied pi-calculus.

Published
2023
Full Text
View/download PDF

4. Language Ideology Bias in Conversational Technology

Author

Höhn, Sviatlana, Migge, Bettina, Dippold, Doris, Schneider, Britta, Mauw, Sjouke, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Følstad, Asbjørn, editor, Araujo, Theo, editor, Papadopoulos, Symeon, editor, Law, Effie L.-C., editor, Luger, Ewa, editor, Goodwin, Morten, editor, Hobert, Sebastian, editor, and Brandtzaeg, Petter Bae, editor

Published
2024
Full Text
View/download PDF

5. Modelling Agent-Skipping Attacks in Message Forwarding Protocols

Author

Smith, Zach, Jonker, Hugo, Mauw, Sjouke, and Lee, Hyunwoo

Subjects
Computer Science - Cryptography and Security
Abstract

Message forwarding protocols are protocols in which a chain of agents handles transmission of a message. Each agent forwards the received message to the next agent in the chain. For example, TLS middleboxes act as intermediary agents in TLS, adding functionality such as filtering or compressing data. In such protocols, an attacker may attempt to bypass one or more intermediary agents. Such an agent-skipping attack can the violate security requirements of the protocol. Using the multiset rewriting model in the symbolic setting, we construct a comprehensive framework of such path protocols. In particular, we introduce a set of security goals related to path integrity: the notion that a message faithfully travels through participants in the order intended by the initiating agent. We perform a security analysis of several such protocols, highlighting key attacks on modern protocols.

Published
2022

7. Unlinkability of an Improved Key Agreement Protocol for EMV 2nd Gen Payments

Author

Horne, Ross, Mauw, Sjouke, and Yurkov, Semen

Subjects
Computer Science - Cryptography and Security
Abstract

To address known privacy problems with the EMV standard, EMVCo have proposed a Blinded Diffie-Hellman key establishment protocol, which is intended to be part of a future 2nd Gen EMV protocol. We point out that active attackers were not previously accounted for in the privacy requirements of this proposal protocol, and demonstrate that an active attacker can compromise unlinkability within a distance of 100cm. Here, we adopt a strong definition of unlinkability that does account for active attackers and propose an enhancement of the protocol proposed by EMVCo. We prove that our protocol does satisfy strong unlinkability, while preserving authentication.

Published
2021

8. Preventing active re-identification attacks on social graphs via sybil subgraph obfuscation

Author

Mauw, Sjouke, Ramírez-Cruz, Yunior, and Trujillo-Rasua, Rolando

Subjects
Computer Science - Social and Information Networks
Abstract

This paper addresses active re-identification attacks in the context of privacy-preserving social graph publication. Active attacks are those where the adversary can leverage fake accounts, a.k.a. sybil nodes, to enforce structural patterns that can be used to re-identify their victims on anonymised graphs. In this paper we present a new probabilistic interpretation of this type of attacks. Unlike previous privacy properties, which model the protection from active adversaries as the task of making victim nodes indistinguishable in terms of their fingerprints with respect to all potential attackers, our new formulation introduces a more complete view, where the attack is countered by jointly preventing the attacker from retrieving the set of sybil nodes, and from using these sybil nodes for re-identifying the victims. Under the new formulation, we show that the privacy property $k$-symmetry, introduced in the context of passive attacks, provides a sufficient condition for the protection against active re-identification attacks leveraging an arbitrary number of sybil nodes. Moreover, we show that the algorithm K-Match, originally devised for efficiently enforcing the related notion of $k$-automorphism, also guarantees $k$-symmetry. Empirical results on several collections of synthetic graphs corroborate that our approach allows, for the first time, to publish anonymised social graphs (with formal privacy guarantees) that effectively resist the strongest active re-identification attack reported in the literature, even when it leverages a large number of sybil nodes.

Published
2020

9. {\AE}GIS: Shielding Vulnerable Smart Contracts Against Attacks

Author

Torres, Christof Ferreira, Baden, Mathis, Norvill, Robert, Pontiveros, Beltran Borja Fiz, Jonker, Hugo, and Mauw, Sjouke

Subjects
Computer Science - Cryptography and Security
Abstract

In recent years, smart contracts have suffered major exploits, costing millions of dollars. Unlike traditional programs, smart contracts are deployed on a blockchain. As such, they cannot be modified once deployed. Though various tools have been proposed to detect vulnerable smart contracts, the majority fails to protect vulnerable contracts that have already been deployed on the blockchain. Only very few solutions have been proposed so far to tackle the issue of post-deployment. However, these solutions suffer from low precision and are not generic enough to prevent any type of attack. In this work, we introduce {\AE}GIS, a dynamic analysis tool that protects smart contracts from being exploited during runtime. Its capability of detecting new vulnerabilities can easily be extended through so-called attack patterns. These patterns are written in a domain-specific language that is tailored to the execution model of Ethereum smart contracts. The language enables the description of malicious control and data flows. In addition, we propose a novel mechanism to streamline and speed up the process of managing attack patterns. Patterns are voted upon and stored via a smart contract, thus leveraging the benefits of tamper-resistance and transparency provided by the blockchain. We compare {\AE}GIS to current state-of-the-art tools and demonstrate that our solution achieves higher precision in detecting attacks. Finally, we perform a large-scale analysis on the first 4.5 million blocks of the Ethereum blockchain, thereby confirming the occurrences of well reported and yet unreported attacks in the wild.

Published
2020

10. Discovering ePassport Vulnerabilities using Bisimilarity

Author

Horne, Ross and Mauw, Sjouke

Subjects
Computer Science - Cryptography and Security, Computer Science - Logic in Computer Science
Abstract

We uncover privacy vulnerabilities in the ICAO 9303 standard implemented by ePassports worldwide. These vulnerabilities, confirmed by ICAO, enable an ePassport holder who recently passed through a checkpoint to be reidentified without opening their ePassport. This paper explains how bisimilarity was used to discover these vulnerabilities, which exploit the BAC protocol - the original ICAO 9303 standard ePassport authentication protocol - and remains valid for the PACE protocol, which improves on the security of BAC in the latest ICAO 9303 standards. In order to tackle such bisimilarity problems, we develop here a chain of methods for the applied $\pi$-calculus including a symbolic under-approximation of bisimilarity, called open bisimilarity, and a modal logic, called classical FM, for describing and certifying attacks. Evidence is provided to argue for a new scheme for specifying such unlinkability problems that more accurately reflects the capabilities of an attacker.

Published
2020
Full Text
View/download PDF

12. Active Re-identification Attacks on Periodically Released Dynamic Social Graphs

Author

Chen, Xihui, Këpuska, Ema, Mauw, Sjouke, and Ramírez-Cruz, Yunior

Subjects
Computer Science - Social and Information Networks
Abstract

Active re-identification attacks pose a serious threat to privacy-preserving social graph publication. Active attackers create fake accounts to build structural patterns in social graphs which can be used to re-identify legitimate users on published anonymised graphs, even without additional background knowledge. So far, this type of attacks has only been studied in the scenario where the inherently dynamic social graph is published once. In this paper, we present the first active re-identification attack in the more realistic scenario where a dynamic social graph is periodically published. The new attack leverages tempo-structural patterns for strengthening the adversary. Through a comprehensive set of experiments on real-life and synthetic dynamic social graphs, we show that our new attack substantially outperforms the most effective static active attack in the literature by increasing the success probability of re-identification by more than two times and efficiency by almost 10 times. Moreover, unlike the static attack, our new attack is able to remain at the same level of effectiveness and efficiency as the publication process advances. We conduct a study on the factors that may thwart our new attack, which can help design graph anonymising methods with a better balance between privacy and utility.

Published
2019
Full Text
View/download PDF

13. Publishing Community-Preserving Attributed Social Graphs with a Differential Privacy Guarantee

Author

Chen, Xihui, Mauw, Sjouke, and Ramírez-Cruz, Yunior

Subjects
Computer Science - Social and Information Networks, Computer Science - Cryptography and Security, Physics - Physics and Society
Abstract

We present a novel method for publishing differentially private synthetic attributed graphs. Unlike preceding approaches, our method is able to preserve the community structure of the original graph without sacrificing the ability to capture global structural properties. Our proposal relies on C-AGM, a new community-preserving generative model for attributed graphs. We equip C-AGM with efficient methods for attributed graph sampling and parameter estimation. For the latter, we introduce differentially private computation methods, which allow us to release community-preserving synthetic attributed social graphs with a strong formal privacy guarantee. Through comprehensive experiments, we show that our new model outperforms its most relevant counterparts in synthesising differentially private attributed social graphs that preserve the community structure of the original graph, as well as degree sequences and clustering coefficients.

Published
2019
Full Text
View/download PDF

15. Attribute Evaluation on Attack Trees with Incomplete Information

Author

Buldas, Ahto, Gadyatskaya, Olga, Lenin, Aleksandr, Mauw, Sjouke, and Trujillo-Rasua, Rolando

Subjects
Computer Science - Cryptography and Security
Abstract

Attack trees are considered a useful tool for security modelling because they support qualitative as well as quantitative analysis. The quantitative approach is based on values associated to each node in the tree, expressing, for instance, the minimal cost or probability of an attack. Current quantitative methods for attack trees allow the analyst to, based on an initial assignment of values to the leaf nodes, derive the values of the higher nodes in the tree. In practice, however, it shows to be very difficult to obtain reliable values for all leaf nodes. The main reasons are that data is only available for some of the nodes, that data is available for intermediate nodes rather than for the leaf nodes, or even that the available data is inconsistent. We address these problems by developing a generalisation of the standard bottom-up calculation method in three ways. First, we allow initial attributions of non-leaf nodes. Second, we admit additional relations between attack steps beyond those provided by the underlying attack tree semantics. Third, we support the calculation of an approximative solution in case of inconsistencies. We illustrate our method, which is based on constraint programming, by a comprehensive case study.

Published
2018

16. Robust active attacks on social graphs

Author

Mauw, Sjouke, Ramírez-Cruz, Yunior, and Trujillo-Rasua, Rolando

Subjects
Computer Science - Social and Information Networks
Abstract

In order to prevent the disclosure of privacy-sensitive data, such as names and relations between users, social network graphs have to be anonymised before publication. Naive anonymisation of social network graphs often consists in deleting all identifying information of the users, while maintaining the original graph structure. Various types of attacks on naively anonymised graphs have been developed. Active attacks form a special type of such privacy attacks, in which the adversary enrols a number of fake users, often called sybils, to the social network, allowing the adversary to create unique structural patterns later used to re-identify the sybil nodes and other users after anonymisation. Several studies have shown that adding a small amount of noise to the published graph already suffices to mitigate such active attacks. Consequently, active attacks have been dubbed a negligible threat to privacy-preserving social graph publication. In this paper, we argue that these studies unveil shortcomings of specific attacks, rather than inherent problems of active attacks as a general strategy. In order to support this claim, we develop the notion of a robust active attack, which is an active attack that is resilient to small perturbations of the social network graph. We formulate the design of robust active attacks as an optimisation problem and we give definitions of robustness for different stages of the active attack strategy. Moreover, we introduce various heuristics to achieve these notions of robustness and experimentally show that the new robust attacks are considerably more resilient than the original ones, while remaining at the same level of feasibility.

Published
2018
Full Text
View/download PDF

17. Rethinking $(k,\ell)$-anonymity in social graphs: $(k,\ell)$-adjacency anonymity and $(k,\ell)$-(adjacency) anonymous transformations

Author

Mauw, Sjouke, Ramírez-Cruz, Yunior, and Trujillo-Rasua, Rolando

Subjects
Computer Science - Social and Information Networks
Abstract

This paper treats the privacy-preserving publication of social graphs in the presence of active adversaries, that is, adversaries with the ability to introduce sybil nodes in the graph prior to publication and leverage them to create unique fingerprints for a set of victim nodes and re-identify them after publication. Stemming from the notion of $(k,\ell)$-anonymity, we introduce $(k,\ell)$-anonymous transformations, characterising graph perturbation methods that ensure protection from active adversaries levaraging up to $\ell$ sybil nodes. Additionally, we introduce a new privacy property: $(k,\ell)$-adjacency anonymity, which relaxes the assumption made by $(k,\ell)$-anonymity that adversaries can control all distances between sybil nodes and the rest of the nodes in the graph. The new privacy property is in turn the basis for a new type of graph perturbation: $(k,\ell)$-adjacency anonymous transformations. We propose algorithms for obtaining $(k,1)$-adjacency anonymous transformations for arbitrary values of $k$, as well as $(2,\ell)$-adjacency anonymous transformations for small values of $\ell$.

Published
2017
Full Text
View/download PDF

19. Provably Improving Election Verifiability in Belenios

Author

Baloglu, Sevdenur, Bursuc, Sergiu, Mauw, Sjouke, Pang, Jun, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Krimmer, Robert, editor, Volkamer, Melanie, editor, Duenas-Cid, David, editor, Kulyk, Oksana, editor, Rønne, Peter, editor, Solvak, Mihkel, editor, and Germann, Micha, editor

Published
2021
Full Text
View/download PDF

20. Examining Linguistic Biases in Telegram with a Game Theoretic Analysis

Author

Höhn, Sviatlana, Asher, Nicholas, Mauw, Sjouke, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Bright, Jonathan, editor, Giachanou, Anastasia, editor, Spaiser, Viktoria, editor, Spezzano, Francesca, editor, George, Anna, editor, and Pavliuc, Alexandra, editor

Published
2021
Full Text
View/download PDF

21. Compositional Analysis of Protocol Equivalence in the Applied -Calculus Using Quasi-open Bisimilarity

Author

Horne, Ross, Mauw, Sjouke, Yurkov, Semen, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Cerone, Antonio, editor, and Ölveczky, Peter Csaba, editor

Published
2021
Full Text
View/download PDF

22. Proceedings 4th International Workshop on Engineering Safety and Security Systems

Author

Pang, Jun, Liu, Yang, and Mauw, Sjouke

Subjects
Computer Science - Software Engineering
Abstract

The present volume contains the proceedings of the Fourth International Workshop on Engineering Safety and Security Systems (ESSS'15). The workshop was held in Oslo, Norway, on June 22nd, 2015, as a satellite event of the 20th International Symposium on Formal Methods (FM'15).

Published
2015
Full Text
View/download PDF

23. Comparing Distance Bounding Protocols: a Critical Mission Supported by Decision Theory

Author

Avoine, Gildas, Mauw, Sjouke, and Trujillo-Rasua, Rolando

Subjects
Computer Science - Cryptography and Security
Abstract

Distance bounding protocols are security countermeasures designed to thwart relay attacks. Such attacks consist in relaying messages exchanged between two parties, making them believe they communicate directly with each other. Although distance bounding protocols have existed since the early nineties, this research topic resurrected with the deployment of contactless systems, against which relay attacks are particularly impactful. Given the impressive number of distance bounding protocols that are designed every year, it becomes urgent to provide researchers and engineers with a methodology to fairly compare the protocols in spite of their various properties. This paper introduces such a methodology based on concepts from the decision making field. The methodology allows for a multi-criteria comparison of distance bounding protocols, thereby identifying the most appropriate protocols once the context is provided. As a side effect, this paper clearly identifies the protocols that should no longer be considered, regardless of the considered scenario.

Published
2015

24. Attack Trees with Sequential Conjunction

Author

Jhawar, Ravi, Kordy, Barbara, Mauw, Sjouke, Radomirovic, Sasa, and Trujillo-Rasua, Rolando

Subjects
Computer Science - Cryptography and Security
Abstract

We provide the first formal foundation of SAND attack trees which are a popular extension of the well-known attack trees. The SAND attack tree formalism increases the expressivity of attack trees by introducing the sequential conjunctive operator SAND. This operator enables the modeling of ordered events. We give a semantics to SAND attack trees by interpreting them as sets of series-parallel graphs and propose a complete axiomatization of this semantics. We define normal forms for SAND attack trees and a term rewriting system which allows identification of semantically equivalent trees. Finally, we formalize how to quantitatively analyze SAND attack trees using attributes., Comment: This is an extended version of the work published at IFIP SEC 2015

Published
2015

25. Attack-Defence Frameworks: Argumentation-Based Semantics for Attack-Defence Trees

Author

Gabbay, Dov M., Horne, Ross, Mauw, Sjouke, van der Torre, Leendert, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Eades III, Harley, editor, and Gadyatskaya, Olga, editor

Published
2020
Full Text
View/download PDF

26. Generalizing Multi-party Contract Signing

Author

Mauw, Sjouke and Radomirovic, Sasa

Subjects
Computer Science - Cryptography and Security
Abstract

Multi-party contract signing (MPCS) protocols allow a group of signers to exchange signatures on a predefined contract. Previous approaches considered either completely linear protocols or fully parallel broadcasting protocols. We introduce the new class of DAG MPCS protocols which combines parallel and linear execution and allows for parallelism even within a signer role. This generalization is useful in practical applications where the set of signers has a hierarchical structure, such as chaining of service level agreements and subcontracting. Our novel DAG MPCS protocols are represented by directed acyclic graphs and equipped with a labeled transition system semantics. We define the notion of abort-chaining sequences and prove that a DAG MPCS protocol satisfies fairness if and only if it does not have an abort-chaining sequence. We exhibit several examples of optimistic fair DAG MPCS protocols. The fairness of these protocols follows from our theory and has additionally been verified with our automated tool. We define two complexity measures for DAG MPCS protocols, related to execution time and total number of messages exchanged. We prove lower bounds for fair DAG MPCS protocols in terms of these measures., Comment: Extended version of POST 2015 paper

Published
2015

28. Proceedings First International Workshop on Graphical Models for Security

Author

Kordy, Barbara, Mauw, Sjouke, and Pieters, Wolter

Subjects
Computer Science - Cryptography and Security
Abstract

The present volume contains the proceedings of the First International Workshop on Graphical Models for Security (GraMSec'14). The workshop was held in Grenoble, France, on April 12, 2014, as one of the satellite events of the European Joint Conferences on Theory and Practice of Software 2014 (ETAPS'14). Graphical security models provide an intuitive but systematic methodology to analyze security weaknesses of systems and to evaluate potential protection measures. Such models have been subject of academic research and they have also been widely accepted by the industrial sector, as a means to support and facilitate threat analysis and risk management processes. The objective of GraMSec is to contribute to the development of well-founded graphical security models, efficient algorithms for their analysis, as well as methodologies for their practical usage. The workshop brings together academic researchers and industry practitioners designing and employing visual models for security in order to provide a platform for discussion, knowledge exchange and collaborations.

Published
2014
Full Text
View/download PDF

30. Attack-Tree Series: A Case for Dynamic Attack Tree Analysis

Author

Gadyatskaya, Olga, Mauw, Sjouke, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Albanese, Massimiliano, editor, Horne, Ross, editor, and Probst, Christian W., editor

Published
2019
Full Text
View/download PDF

31. Breaking Unlinkability of the ICAO 9303 Standard for e-Passports Using Bisimilarity

Author

Filimonov, Ihor, Horne, Ross, Mauw, Sjouke, Smith, Zach, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Sako, Kazue, editor, Schneider, Steve, editor, and Ryan, Peter Y. A., editor

Published
2019
Full Text
View/download PDF

32. The Attacker Does not Always Hold the Initiative: Attack Trees with External Refinement

Author

Horne, Ross, Mauw, Sjouke, Tiu, Alwen, Hutchison, David, Editorial Board Member, Kanade, Takeo, Editorial Board Member, Kittler, Josef, Editorial Board Member, Kleinberg, Jon M., Editorial Board Member, Mattern, Friedemann, Editorial Board Member, Mitchell, John C., Editorial Board Member, Naor, Moni, Editorial Board Member, Pandu Rangan, C., Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Terzopoulos, Demetri, Editorial Board Member, Tygar, Doug, Editorial Board Member, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Cybenko, George, editor, Pym, David, editor, and Fila, Barbara, editor

Published
2019
Full Text
View/download PDF

33. ADTool: Security Analysis with Attack-Defense Trees (Extended Version)

Author

Kordy, Barbara, Kordy, Piotr, Mauw, Sjouke, and Schweitzer, Patrick

Subjects
Computer Science - Cryptography and Security, Computer Science - Computer Science and Game Theory
Abstract

The ADTool is free, open source software assisting graphical modeling and quantitative analysis of security, using attack-defense trees. The main features of the ADTool are easy creation, efficient editing, and automated bottom-up evaluation of security-relevant measures. The tool also supports the usage of attack trees, protection trees and defense trees, which are all particular instances of attack-defense trees., Comment: This is an extended version of the tool demonstration paper accepted for publication at the 10th International Conference on Quantitative Evaluation of SysTems (QEST 2013)

Published
2013

34. Quantitative Questions on Attack-Defense Trees

Author

Kordy, Barbara, Mauw, Sjouke, and Schweitzer, Patrick

Subjects
Computer Science - Cryptography and Security
Abstract

Attack-defense trees are a novel methodology for graphical security modeling and assessment. The methodology includes visual, intuitive tree models whose analysis is supported by a rigorous mathematical formalism. Both, the intuitive and the formal components of the approach can be used for quantitative analysis of attack-defense scenarios. In practice, we use intuitive questions to ask about aspects of scenarios we are interested in. Formally, a computational procedure, defined with the help of attribute domains and a bottom-up algorithm, is applied to derive the corresponding numerical values. This paper bridges the gap between the intuitive and the formal way of quantitatively assessing attack-defense scenarios. We discuss how to properly specify a question, so that it can be answered unambiguously. Given a well specified question, we then show how to derive an appropriate attribute domain which constitutes the corresponding formal model. Since any attack tree is in particular an attack-defense tree, our analysis is also an advancement of the attack tree methodology., Comment: technical report including formal pruning and additional figures

Published
2012

35. A Study of the PDGF Signaling Pathway with PRISM

Author

Yuan, Qixia, Pang, Jun, Mauw, Sjouke, Trairatphisan, Panuwat, Wiesinger, Monique, and Sauter, Thomas

Subjects
Computer Science - Computational Engineering, Finance, and Science, Computer Science - Logic in Computer Science, Quantitative Biology - Quantitative Methods
Abstract

In this paper, we apply the probabilistic model checker PRISM to the analysis of a biological system -- the Platelet-Derived Growth Factor (PDGF) signaling pathway, demonstrating in detail how this pathway can be analyzed in PRISM. We show that quantitative verification can yield a better understanding of the PDGF signaling pathway., Comment: In Proceedings CompMod 2011, arXiv:1109.1044

Published
2011
Full Text
View/download PDF

36. A Group Signature Based Electronic Toll Pricing System

Author

Chen, Xihui, Lenzini, Gabriele, Mauw, Sjouke, and Pang, Jun

Subjects
Computer Science - Cryptography and Security, Computer Science - Computers and Society
Abstract

With the prevalence and development of GNSS technologies, location-based vehicle services (LBVS) have experienced a rapid growth in recent years. However, location is a sensitive and private piece of information, so the design and development of such services just take the clients' privacy concerns into account. In this paper, we propose a new electronic toll pricing system based on group signatures, which provides a strong guarantee for the clients' anonymity within groups. Our system achieves a balance between privacy and the communication overhead imposed upon the users.

Published
2011

37. Attack--Defense Trees and Two-Player Binary Zero-Sum Extensive Form Games Are Equivalent - Technical Report with Proofs

Author

Kordy, Barbara, Mauw, Sjouke, Melissen, Matthijs, and Schweitzer, Patrick

Subjects
Computer Science - Cryptography and Security, Computer Science - Computer Science and Game Theory
Abstract

Attack--defense trees are used to describe security weaknesses of a system and possible countermeasures. In this paper, the connection between attack--defense trees and game theory is made explicit. We show that attack--defense trees and binary zero-sum two-player extensive form games have equivalent expressive power when considering satisfiability, in the sense that they can be converted into each other while preserving their outcome and their internal structure., Comment: Added link to springerlink; Proceedings of GameSec 2010

Published
2010
Full Text
View/download PDF

41. Automated Identification of Desynchronisation Attacks on Shared Secrets

Author

Mauw, Sjouke, Smith, Zach, Toro-Pozo, Jorge, Trujillo-Rasua, Rolando, Hutchison, David, Series Editor, Kanade, Takeo, Series Editor, Kittler, Josef, Series Editor, Kleinberg, Jon M., Series Editor, Mattern, Friedemann, Series Editor, Mitchell, John C., Series Editor, Naor, Moni, Series Editor, Pandu Rangan, C., Series Editor, Steffen, Bernhard, Series Editor, Terzopoulos, Demetri, Series Editor, Tygar, Doug, Series Editor, Weikum, Gerhard, Series Editor, Lopez, Javier, editor, Zhou, Jianying, editor, and Soriano, Miguel, editor

Published
2018
Full Text
View/download PDF

42. Semi-automatically Augmenting Attack Trees Using an Annotated Attack Tree Library

Author

Jhawar, Ravi, Lounis, Karim, Mauw, Sjouke, Ramírez-Cruz, Yunior, Hutchison, David, Series Editor, Kanade, Takeo, Series Editor, Kittler, Josef, Series Editor, Kleinberg, Jon M., Series Editor, Mattern, Friedemann, Series Editor, Mitchell, John C., Series Editor, Naor, Moni, Series Editor, Pandu Rangan, C., Series Editor, Steffen, Bernhard, Series Editor, Terzopoulos, Demetri, Series Editor, Tygar, Doug, Series Editor, Weikum, Gerhard, Series Editor, Katsikas, Sokratis K., editor, and Alcaraz, Cristina, editor

Published
2018
Full Text
View/download PDF

43. A framework for compositional verification of security protocols

Author

Andova, Suzana, Cremers, Cas, Gjosteen, Kristian, Mauw, Sjouke, Mjolsnes, Stig F., and Radomirovic, Sasa

Subjects
Computer Science - Cryptography and Security
Abstract

Automatic security protocol analysis is currently feasible only for small protocols. Since larger protocols quite often are composed of many small protocols, compositional analysis is an attractive, but non-trivial approach. We have developed a framework for compositional analysis of a large class of security protocols. The framework is intended to facilitate automatic as well as manual verification of large structured security protocols. Our approach is to verify properties of component protocols in a multi-protocol environment, then deduce properties about the composed protocol. To reduce the complexity of multi-protocol verification, we introduce a notion of protocol independence and prove a number of theorems that enable analysis of independent component protocols in isolation. To illustrate the applicability of our framework to real-world protocols, we study a key establishment sequence in WiMax consisting of three subprotocols. Except for a small amount of trivial reasoning, the analysis is done using automatic tools.

Published
2006

44. A Security Perspective on Publication Metrics

Author

Jonker, Hugo, Mauw, Sjouke, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Stajano, Frank, editor, Anderson, Jonathan, editor, Christianson, Bruce, editor, and Matyáš, Vashek, editor

Published
2017
Full Text
View/download PDF

45. Reverse Bayesian Poisoning: How to Use Spam Filters to Manipulate Online Elections

Author

Jonker, Hugo, Mauw, Sjouke, Schmitz, Tom, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Krimmer, Robert, editor, Volkamer, Melanie, editor, Braun Binder, Nadja, editor, Kersting, Norbert, editor, Pereira, Olivier, editor, and Schürmann, Carsten, editor

Published
2017
Full Text
View/download PDF

46. Refinement-Aware Generation of Attack Trees

Author

Gadyatskaya, Olga, Jhawar, Ravi, Mauw, Sjouke, Trujillo-Rasua, Rolando, Willemse, Tim A. C., Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Livraga, Giovanni, editor, and Mitchell, Chris, editor

Published
2017
Full Text
View/download PDF

47. Man-in-the-Middle Attacks Evolved... but Our Security Models Didn’t

Author

Jonker, Hugo, Mauw, Sjouke, Trujillo-Rasua, Rolando, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Anderson, Jonathan, editor, Matyáš, Vashek, editor, Christianson, Bruce, editor, and Stajano, Frank, editor

Published
2017
Full Text
View/download PDF

48. Optimality Results on the Security of Lookup-Based Protocols

Author

Mauw, Sjouke, Toro-Pozo, Jorge, Trujillo-Rasua, Rolando, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Hancke, Gerhard P., editor, and Markantonakis, Konstantinos, editor

Published
2017
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results