14:45 | |
Begrüßung und Moderation
|
|
Zoltán Mann
University of Amsterdam
Michael Nüsken
b-it, Universität Bonn
|
|
14:55 | |
Christiane Kuhn
NEC Laboratories Europe GmbH
|
Formal Foundations for Anonymous Communication
Anonymous communication networks offer technological solutions to provide privacy protection in online communications. As I will detail in my talk, a key enabler for the improvement of anonymous communication networks are strong formal foundations. Formal privacy definitions and proof strategies not only make solutions comparable, but also strengthen them by uncovering and provably fixing security flaws. Additionally, formal foundations allow us to fundamentally understand the technologies and their limits. |
15:15 | |
Sven Peldszus
Ruhr-Universität Bochum
|
Security Compliance in Model-driven Development of Software Systems in Presence of Long-Term Evolution and Variants
To ensure the security of a software system, it is vital to keep up with changing security precautions, attacks, and mitigations. Although model-based development enables addressing security already at design-time, design models are often inconsistent with the implementation or among themselves, hindering the effective realization and verification of secure software systems. In addition, variants of software systems are another burden to developing secure systems. To ensure security, in the thesis, we present GRaViTY, an approach that allows security experts to specify security requirements on the most suitable system representation based on continuous automated change propagation. To preserve security, GRaViTY automatically checks all system representations against these requirements and provides security-preserving refactorings. For both, we show the application to variant-rich software systems. To support legacy systems, GRaViTY allows to automatically reverse-engineer variability-aware UML models and semi-automatically map existing design models to the implementation. Besides evaluations of the individual contributions, we demonstrate the approach in two real-world case studies, the iTrust electronics health records system and the Eclipse Secure Storage. |
15:35 | |
Patrick Struck
Universität Regensburg
|
Security of Cryptographic Primitives in Advanced Security Notions
The provable security paradigm is an important tool to show security of cryptographic primitives. Here, security follows from showing that an adversary cannot break a scheme with respect to some security notion. Standard security notions, however, often do not cover scenarios that might happen in practice. Examples are side-channel leakage as well as usage of keys and random coins that are somehow related. Another setting that often is not considered is security with respect to adversaries that have quantum computing power. In this thesis we study security of schemes in advanced security notions; these notions model more sophisticated attacks which can happen when using such schemes. We develop new advanced security notions, analyse existing primitives with respect to these, and construct primitives that achieve such advanced security notions. The talk will focus on two results of the thesis. In the first, we present a generic blueprint for a leakage-resilient authenticated encryption scheme from leakage-resilient functions. We then describe an instantiation entirely built from sponges. In the second, we develop a quantum security notion for public key encryption schemes which allows for a quantum challenge phase; we provide both positive and negative results with respect to this security notion. |
15:55 | |
Publikum
|
Diskussion und Abstimmung
|
11. Mai 2023 | |
15:00 | Preisverleihung |
Wenn Sie noch Fragen haben, wenden Sie sich bitte an:
Andreas Heinemann
CAST e.V. / Hochschule Darmstadt / ATHENE
E-Mail: andreas.heinemann@cast-forum.de
Michael Nüsken
Gesellschaft für Informatik GI
E-Mail: nuesken@bit.uni-bonn.de
Simone Zimmermann
CAST e.V.
Tel.: +49 6151 869-230
E-Mail: simone.zimmermanncast-forum.de
ID:SMART Workshop 2025 | 19.-20.02.2025 |
Recht und IT-Sicherheit | 06.03.2025 |
hot topic "Kryptoagilität" | 15.05.2025 |
MedCAST 25 - Sicheres digitales Gesundheitswesen | 22.05.2025 |
24th International Conference of the Biometrics Special Interest Group (BIOSIG 2025) | 25.-26.09.2025 |
Quantentechnologie und Quantencomputer-resistente Sicherheit | 23.10.2025 |