CoCon: A conference management system with formally verified document confidentiality

Article


Popescu, A., Lammich, P. and Hou, P. 2021. CoCon: A conference management system with formally verified document confidentiality. Journal of Automated Reasoning. 65 (2), pp. 321-356. https://doi.org/10.1007/s10817-020-09566-9
TypeArticle
TitleCoCon: A conference management system with formally verified document confidentiality
AuthorsPopescu, A., Lammich, P. and Hou, P.
Abstract

We present a case study in formally verified security for realistic systems: the information flow security verification of the functional kernel of a web application, the CoCon conference management system. We use the Isabelle theorem prover to specify and verify fine-grained confidentiality properties, as well as complementary safety and “traceback” properties. The challenges posed by this development in terms of expressiveness have led to bounded-deducibility security, a novel security model and verification method generally applicable to systems describable as input/output automata.

KeywordsArticle, Information-Flow Security, Confidentiality, Unwinding Proof Method, Theorem Proving, Isabelle/HOL, Conference Management System
PublisherSpringer
JournalJournal of Automated Reasoning
ISSN0168-7433
Electronic1573-0670
Publication dates
Online16 Jul 2020
Print28 Feb 2021
Publication process dates
Deposited04 Mar 2021
Accepted23 May 2020
Output statusPublished
Publisher's version
License
Copyright Statement

© The Author(s) 2020
Open Access: This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.

Digital Object Identifier (DOI)https://doi.org/10.1007/s10817-020-09566-9
LanguageEnglish
Permalink -

https://repository.mdx.ac.uk/item/8946x

  • 35
    total views
  • 12
    total downloads
  • 0
    views this month
  • 0
    downloads this month

Export as