English
Related papers

Related papers: TulaFale: A Security Tool for Web Services

200 papers

Tool-Augmented Language Models (TALMs) leverage external APIs to answer user queries across various domains. However, existing benchmark datasets for TALM research often feature simplistic dialogues that do not reflect real-world scenarios,…

Computation and Language · Computer Science 2025-03-04 Jeonghoon Shim , Gyuhyeon Seo , Cheongsu Lim , Yohan Jo

We propose a type-based resource usage analysis for the π-calculus extended with resource creation/access primitives. The goal of the resource usage analysis is to statically check that a program accesses resources such as files and…

Programming Languages · Computer Science 2017-01-11 Naoki Kobayashi , Kohei Suenaga , Lucian Wischik

Users today expect more security from services that handle their data. In addition to traditional data privacy and integrity requirements, they expect transparency, i.e., that the service's processing of the data is verifiable by users and…

Cryptography and Security · Computer Science 2022-10-24 Daniel Reijsbergen , Aung Maw , Zheng Yang , Tien Tuan Anh Dinh , Jianying Zhou

Formal Methods (FMs) are currently essential for verifying the safety and reliability of software systems. However, the specification writing in formal methods tends to be complex and challenging to learn, requiring familiarity with various…

Software Engineering · Computer Science 2024-04-30 Jianyu Zhang , Long Zhang , Yixuan Wu , Feng Yang

Through the increasing interconnection between various systems, the need for confidential systems is increasing. Confidential systems share data only with authorized entities. However, estimating the confidentiality of a system is complex,…

Software Engineering · Computer Science 2023-08-04 Felix Schwickerath , Nicolas Boltz , Sebastian Hahner , Maximilian Walter , Christopher Gerking , Robert Heinrich

We investigate automated model-checking of the Ethereum specification, focusing on the Accountable Safety property of the 3SF consensus protocol. We select 3SF due to its relevance and the unique challenges it poses for formal verification.…

Logic in Computer Science · Computer Science 2025-01-17 Igor Konnov , Jure Kukovec , Thomas Pani , Roberto Saltini , Thanh Hai Tran

We propose a method for engineering security protocols that are aware of timing aspects. We study a simplified version of the well-known Needham Schroeder protocol and the complete Yahalom protocol, where timing information allows the study…

Cryptography and Security · Computer Science 2007-05-23 R. Corin , S. Etalle , P. H. Hartel , A. Mader

We present WPSE, a browser-side security monitor for web protocols designed to ensure compliance with the intended protocol flow, as well as confidentiality and integrity properties of messages. We formally prove that WPSE is expressive…

Cryptography and Security · Computer Science 2018-06-26 Stefano Calzavara , Riccardo Focardi , Matteo Maffei , Clara Schneidewind , Marco Squarcina , Mauro Tempesta

Mining specifications from execution traces presents an automated way of capturing characteristic system behaviors. However, existing approaches are largely restricted to Boolean abstractions of events, limiting their ability to express…

Logic in Computer Science · Computer Science 2026-03-10 Sam Nicholas Kouteili , William Fishell , Christian Scaff , Mark Santolucito , Ruzica Piskac

In recent years there has been a considerable effort in optimising formal methods for application to code. This has been driven by tools such as CPAChecker, DIVINE, and CBMC. At the same time tools such as Uppaal have been massively…

Software Engineering · Computer Science 2021-08-09 Mitja Kulczynski , Axel Legay , Dirk Nowotka , Danny Bøgsted Poulsen

We present a rigorous framework for the composition of Web Services within a higher order logic theorem prover. Our approach is based on the proofs-as-processes paradigm that enables inference rules of Classical Linear Logic (CLL) to be…

Logic in Computer Science · Computer Science 2011-08-12 Petros Papapanagiotou , Jacques D. Fleuriot

We consider the automatic verification of information flow security policies of web-based workflows, such as conference submission systems like EasyChair. Our workflow description language allows for loops, non-deterministic choice, and an…

Logic in Computer Science · Computer Science 2017-08-31 Bernd Finkbeiner , Christian Müller , Helmut Seidl , Eugen Zălinescu

Static analysis is a powerful tool for detecting security vulnerabilities and other programming problems. Global taint tracking, in particular, can spot vulnerabilities arising from complicated data flow across multiple functions. However,…

Software Engineering · Computer Science 2023-01-26 Yiu Wai Chow , Max Schäfer , Michael Pradel

We propose the Automata-based Multiparty Protocols framework (AMP) for top-down protocol development. The framework features a new very general formalism for global protocol specifications called Protocol State Machines (PSMs),…

Programming Languages · Computer Science 2025-01-29 Felix Stutz , Emanuele D'Osualdo

Security Enhanced Linux (SELinux) is a security architecture for Linux implementing mandatory access control. It has been used in numerous security-critical contexts ranging from servers to mobile devices. But this is challenging as SELinux…

Cryptography and Security · Computer Science 2022-06-01 Lorenzo Ceragioli , Letterio Galletta , Pierpaolo Degano , David Basin

Large language Models (LLMs) have shown remarkable proficiency in code generation tasks across various programming languages. However, their outputs often contain subtle but critical vulnerabilities, posing significant risks when deployed…

Computation and Language · Computer Science 2025-10-14 Alexander Sternfeld , Andrei Kucharavy , Ljiljana Dolamic

IT services provisioning is usually underpinned by service level agreements (SLAs), aimed at guaranteeing services quality. However, there is a gap between the customer perspective (business oriented) and that of the service provider…

Software Engineering · Computer Science 2011-10-03 Anacleto Correia , Fernando Brito e Abreu , Vasco Amaral

This paper proposes the use of model-checking software technology for the verification of workflows and business processes behaviour based on web services, namely the use of the SPIN model checker. Since the specification of a business…

Logic in Computer Science · Computer Science 2011-11-14 C. Vaz , C. Ferreira

The growing adoption of distributed data processing frameworks in a wide diversity of application domains challenges end-to-end integration of properties like security, in particular when considering deployments in the context of…

Distributed, Parallel, and Cluster Computing · Computer Science 2018-05-07 Aurélien Havet , Rafael Pires , Pascal Felber , Marcelo Pasin , Romain Rouvoy , Valerio Schiavoni

Messaging protocols for resource limited systems such as distributed IoT systems are often vulnerable to attacks due to security choices made to conserve resources such as time, memory, or bandwidth. For example, use of secure layers such…

Cryptography and Security · Computer Science 2024-10-17 Carolyn Talcott