Theodoros Balopoulos - Academia.edu (original) (raw)
Papers by Theodoros Balopoulos
International Journal of Information Security, May 28, 2008
Formal methods are an important tool for designing secure cryptographic protocols. However, the e... more Formal methods are an important tool for designing secure cryptographic protocols. However, the existing work on formal methods does not cover privacypreserving protocols as much as other types of protocols. Furthermore, privacy-related properties, such as unlinkability, are not always easy or even possible to prove statically, but need to be checked dynamically during the protocol's execution. In this paper, we demonstrate how, starting from an informal description of a privacy-preserving protocol in natural language, one may use a modified and extended version of the Typed MSR language to create a formal specification of this protocol, typed in a linkability-oriented type system, and then use this specification to reach an implementation of this protocol in Jif, in such a way that privacy vulnerabilities can be detected with a mixture of static and runtime checks.
European Conference on Information Warfare and Security, 2005
Kluwer Academic Publishers eBooks, Sep 27, 2005
Esoteric protocols, such as electronic cash, electronic voting and selective disclosure protocols... more Esoteric protocols, such as electronic cash, electronic voting and selective disclosure protocols, use special message constructors that are not widely used in other types of protocols (for example, in authentication protocols). These message constructors include blind signatures, commitments and zero-knowledge proofs. Furthermore, a standard formalization of the Dolev-Yao intruder [6] does not take into account these message constructors, nor does it consider some types of attacks (such as privacy attacks, brute-force dictionary attacks and knownplaintext attacks) that esoteric as well as other types of protocols are designed to protect against. This paper aims to present an extension of typed MSR [3, 4] in order to formally specify the needed message constructors, as well as the capabilities of a Dolev-Yao intruder designed to attack esoteric protocols.
Page 1. Specifying Electronic Voting Protocols in Typed MSR [Extended Abstract] Theodoros Balopou... more Page 1. Specifying Electronic Voting Protocols in Typed MSR [Extended Abstract] Theodoros Balopoulos, Stefanos Gritzalis, Sokratis K. Katsikas Department of Information and Communication Systems Engineering University ...
Computer Standards & Interfaces, Jun 1, 2005
Privacy-preserving protocols, such as electronic cash, electronic voting and selective disclosure... more Privacy-preserving protocols, such as electronic cash, electronic voting and selective disclosure protocols, use special message constructors that are not widely used in other types of protocols (for example, in authentication protocols). These message constructors include blind signatures, commitments and zero-knowledge proofs. Furthermore, a standard formalization of the Dolev-Yao intruder does not take into account these message constructors, nor does it consider some types of attacks (such as privacy attacks, brute-force dictionary attacks and known-plaintext attacks) that privacy-preserving as well as other types of protocols are designed to protect against. This paper aims to present an extension of Typed MSR in order to formally specify the needed message constructors, as well as the capabilities of a Dolev-Yao intruder designed to attack such protocols.
Kluwer Academic Publishers eBooks, Jun 7, 2006
Incorporating security in the application development process is a fundamental requirement for bu... more Incorporating security in the application development process is a fundamental requirement for building secure applications, especially with regard to security sensitive domains, such as e-government. In this paper we follow a novel approach to demonstrate how the process of developing an e-poll application can be substantially facilitated by employing a specialized security ontology. To accomplish this, we describe the security ontology we have developed, and provide a set of indicative questions that developers might face, together with the solutions that ontology deployment provides.
Formal methods are an important tool for designing and implementing secure cryptographic protocol... more Formal methods are an important tool for designing and implementing secure cryptographic protocols. However, the existing work on formal methods does not cover privacy-preserving protocols as much as other types of protocols (for example, authentication protocols). Furthermore, privacy-related properties are not always easy or even possible to prove statically, but need to be checked dynamically during the protocol’s execution. This thesis: (i) proposes abstractions for some (relatively) complex cryptographic primitives used in privacy-preserving protocols, and uses these abstractions to develop suitable message constructors and a linkability-oriented type system for Typed MSR (a strongly typed specification language for security protocols), and (ii) demonstrates how these typed message constructors can be implemented in Jif (a security-oriented extension of a subset of the Java programming language dealing with information flow) in such a way that linkability vulnerabilities can be...
2004年春季印度大选之前,阿玛蒂亚·森访问一个偏远、贫穷的孟加拉村庄,一位目不识丁的农民对他说:“想让我们沉默不难,但那并不是因为我们不会说话。”这句话对森产生了强烈的震撼,他突然意识到:人们... more 2004年春季印度大选之前,阿玛蒂亚·森访问一个偏远、贫穷的孟加拉村庄,一位目不识丁的农民对他说:“想让我们沉默不难,但那并不是因为我们不会说话。”这句话对森产生了强烈的震撼,他突然意识到:人们对于观点的记录与保存往往偏向于有权势者或受过良好教育的人,而实际上许多有价值的观点与下层社会成员有关。那么如何让这些弱势者自由表达出来呢?
This paper introduces a knowledge-based approach for the security analysis and design of e- healt... more This paper introduces a knowledge-based approach for the security analysis and design of e- health applications. Following this approach, knowledge acquired through the process of developing secure e-health applications is represented in the form of security patterns; thus, it is made available to future developers. In this paper we present a set of security patterns that was developed based on
This paper introduces a knowledge-based approach for the security analysis and design of e- healt... more This paper introduces a knowledge-based approach for the security analysis and design of e- health applications. Following this approach, knowledge acquired through the process of developing secure e-health applications is represented in the form of security patterns; thus, it is made available to future developers. In this paper we present a set of security patterns that was developed based on
European Conference on Information Warfare and Security, 2005
Security requirements, such as authentication, confidentiality, authorization, availability, inte... more Security requirements, such as authentication, confidentiality, authorization, availability, integrity and privacy, are becoming extremely common in software development processes. However, in practical terms, it has been proved that only rarely the developed software fulfils the related security requirements. The reason for this is twofold. On one hand software developers are not security experts and thus they are not competent in selecting and applying the appropriate security countermeasures. On the other hand, many security requirements are intrinsically difficult to deal with. This paper aims to address both of the aforementioned issues and to introduce potential solutions. It starts by analysing the major security requirements, and goes on to explore how they can be mapped into concrete security solutions or/and mechanisms. Then, it examines how the fulfilment of security requirements influences the choice of development methodologies and paradigms (with the emphasis being on the design phase), so that the requirements are effectively satisfied. The discussion covers object-oriented and aspect-oriented programming, the Rational Unified Process, UML and UMLsec, as well as security patterns, with regard to the ways they can support the use of security solutions or/and mechanisms.
Proceedings of the …, 2006
... patterns in software development, by customizing the patterns' structure... more ... patterns in software development, by customizing the patterns' structure so as to include security specific properties, such as threats and vulnerabilities. ... 2.1 Software patterns Software patterns are a solution to recurring software development problems in a specific context. ...
Eciw, 2005
Security requirements, such as authentication, confidentiality, authorization, availability, inte... more Security requirements, such as authentication, confidentiality, authorization, availability, integrity and privacy, are becoming extremely common in software development processes. However, in practical terms, it has been proved that only rarely the developed software fulfils the related security requirements. The reason for this is twofold. On one hand software developers are not security experts and thus they are not competent in selecting and applying the appropriate security countermeasures. On the other hand, many security requirements are intrinsically difficult to deal with. This paper aims to address both of the aforementioned issues and to introduce potential solutions. It starts by analysing the major security requirements, and goes on to explore how they can be mapped into concrete security solutions or/and mechanisms. Then, it examines how the fulfilment of security requirements influences the choice of development methodologies and paradigms (with the emphasis being on the design phase), so that the requirements are effectively satisfied. The discussion covers object-oriented and aspect-oriented programming, the Rational Unified Process, UML and UMLsec, as well as security patterns, with regard to the ways they can support the use of security solutions or/and mechanisms.
Communications and Multimedia Security
Esoteric protocols, such as electronic cash, electronic voting and selective disclosure protocols... more Esoteric protocols, such as electronic cash, electronic voting and selective disclosure protocols, use special message constructors that are not widely used in other types of protocols (for example, in authentication protocols). These message constructors include blind signatures, commitments and zero-knowledge proofs. Furthermore, a standard formalization of the Dolev-Yao intruder [6] does not take into account these message constructors, nor does it consider some types of attacks (such as privacy attacks, brute-force dictionary attacks and knownplaintext attacks) that esoteric as well as other types of protocols are designed to protect against. This paper aims to present an extension of typed MSR [3, 4] in order to formally specify the needed message constructors, as well as the capabilities of a Dolev-Yao intruder designed to attack esoteric protocols.
Proceedings of the 2005 ACM workshop on Privacy in the electronic society - WPES '05, 2005
Page 1. Specifying Electronic Voting Protocols in Typed MSR [Extended Abstract] Theodoros Balopou... more Page 1. Specifying Electronic Voting Protocols in Typed MSR [Extended Abstract] Theodoros Balopoulos, Stefanos Gritzalis, Sokratis K. Katsikas Department of Information and Communication Systems Engineering University ...
14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings., 2003
ABSTRACT This paper presents a first approach towards a logic suited for protocols aiming to achi... more ABSTRACT This paper presents a first approach towards a logic suited for protocols aiming to achieve selective disclosure of credentials while preserving privacy. The analysis draws from the BAN and related logics by M. Burrows et al (1990) and P. Syverson and I. Cervesanto (2001) that are targeted to aid reasoning about authentication protocols, as well as from formal methods on PKIs by C. Liu et al (2000, 2001) . The families of protocols directly covered are built using selective disclosure certificates, blind signatures and one-way has functions as cryptographic primitives. The logic is able to prove that if the protocol's credentials are properly constructed and signed by trusted issuers, they should convince a verifier; furthermore, it provides a framework on which mechanized attacks against privacy may be attempted by an automatic theorem prover. The runner example is a protocol by J.E. Holt and K.E. Seamons (2002).
IFIP International Federation for Information Processing, 2005
Funding: European Union (75%) and the Greek Government (25%) 18/11/05 IFIP I3E 2005 Conference ... more Funding: European Union (75%) and the Greek Government (25%) 18/11/05 IFIP I3E 2005 Conference 3 Structure of the Presentation Introduction Ontology and Developing Secure Software Ontology Secure software development Security ontology Research Methodology Building a secure application ontology Methods and tools Case Study: The Secure e-Poll Paradigm Remote internet voting: The e-poll application environment The e-poll application Secure e-poll ontology nRQL queries and results Conclusions and Further Research 18/11/05 IFIP I3E 2005 Conference 4 Introduction Problem: Need for secure applications Proposed solution: Use of security ontologies during the software development process Implementation in: e-Government e-Voting Remote internet voting (security sensitive application environment) 18/11/05 IFIP I3E 2005 Conference 5 Structure of the Presentation Introduction Ontology and Developing Secure Software Ontology Secure software development Security ontology Research Methodology Building a secure application ontology Methods and tools Case Study: The Secure e-Poll Paradigm Remote internet voting: The e-poll application environment The e-poll application Secure e-poll ontology nRQL queries and results Conclusions and Further Research 18/11/05 IFIP I3E 2005 Conference 6 Ontology "an ontology is the attempt to express an exhaustive conceptual scheme within a given domain" In computer science: ontology is used as a means for modelling information 18/11/05 IFIP I3E 2005 Conference 7 Structure of the Presentation Introduction Ontology and Developing Secure Software Ontology Secure software development Security ontology Research Methodology Building a secure application ontology Methods and tools Case Study: The Secure e-Poll Paradigm Remote internet voting: The e-poll application environment The e-poll application Secure e-poll ontology nRQL queries and results Conclusions and Further Research 18/11/05 IFIP I3E 2005 Conference 8 Secure software development It is generally accepted that security should be "built-in" rather than "addedon" A number of methodologies exist that try to handle security issues in the design level but they make no reference as to how security requirements can be translated into system components do not provide a generic model of security and thus can be applied only in specific application environments are rather technical 18/11/05 IFIP I3E 2005 Conference 9 Structure of the Presentation Introduction Ontology and Developing Secure Software Ontology Secure software development Security ontology Research Methodology Building a secure application ontology Methods and tools Case Study: The Secure e-Poll Paradigm Remote internet voting: The e-poll application environment The e-poll application Secure e-poll ontology nRQL queries and results Conclusions and Further Research 18/11/05 IFIP I3E 2005 Conference 10 Security ontology A security ontology can facilitate secure applications development through the provision of a common vocabulary for application developers and security experts expression of security concepts and realization of their relationships and thus the provision of a generic security model being implementation agnostic To the best of our knowledge no such ontology exists* * See paper section 2.2 for related work details 18/11/05 IFIP I3E 2005 Conference 11 Structure of the Presentation Introduction Ontology and Developing Secure Software Ontology Secure software development Security ontology Research Methodology Building a secure application ontology Methods and tools Case Study: The Secure e-Poll Paradigm Remote internet voting: The e-poll application environment The e-poll application Secure e-poll ontology nRQL queries and results Conclusions and Further Research 18/11/05 IFIP I3E 2005 Conference 12 Building a secure application ontology No generally accepted, robust methodology exists for developing an ontology Our approach: Step one: Determining ontology domain and scope Found and used existing material other ontologies CRAMM database of countermeasures, etc. Step two (iterative): Determining competency questions Enumerating important domain terms Defining classes and class hierarchy Instantiating defined classes Querying the ontology 18/11/05 IFIP I3E 2005 Conference 13 Structure of the Presentation Introduction Ontology and Developing Secure Software Ontology Secure software development Security ontology Research Methodology Building a secure application ontology Methods and tools Case Study: The Secure e-Poll Paradigm Remote internet voting: The e-poll application environment The e-poll application Secure e-poll ontology nRQL queries and results Conclusions and Further Research 18/11/05 IFIP I3E 2005 Conference 14 Methods Competency questions are loosely structured questions that a knowledge base based on the ontology under production, should be able to answer Example Q: Are voters stakeholders of the system? A: Yes Approximately 100 terms were enumerated Some formed classes, others formed properties, some were not used at all Classes and relations between them, the class hierarchy, and class slots along with their domain and range were defined Instantiation was based on the CRAMM countermeasure database 18/11/05 IFIP I3E 2005 Conference 15 Tools We used Protégé to construct the ontology It is a software tool for constructing ontologies Used along with its OWL and RQL Tab plug-ins Racer to detect inconsistencies & submit queries It is an inference engine for query answering over RDF documents new Racer Query Language (nRQL) language used The RQL Tab plug-in allows the OWL plug-in to send queries to Racer and receive the answers (results) 18/11/05 IFIP I3E 2005 Conference 16 Structure of the Presentation Introduction Ontology and Developing Secure Software Ontology Secure software development Security ontology Research Methodology Building a secure application ontology Methods and tools Case Study: The Secure e-Poll Paradigm Remote internet voting: The e-poll application environment The e-poll application Secure e-poll ontology nRQL queries and results Conclusions and Further Research 18/11/05 IFIP I3E 2005 Conference 17 Remote internet voting: The e-poll application environment Domain characteristics Voter authentication is a mandatory requirement There is a specific list of authorized voters Voters are not allowed to vote more than once Voters can vote from any computer connected to the internet Voters are presented with a predefined set of choices and/or with alternative ways of expressing opinion 18/11/05 IFIP I3E 2005 Conference 18 Structure of the Presentation Introduction Ontology and Developing Secure Software Ontology Secure software development Security ontology Research Methodology Building a secure application ontology Methods and tools Case Study: The Secure e-Poll Paradigm Remote internet voting: The e-poll application environment The e-poll application Secure e-poll ontology nRQL queries and results Conclusions and Further Research 18/11/05
Lecture Notes in Computer Science, 2006
This paper presents a framework that employs security ontologies and security patterns to provide... more This paper presents a framework that employs security ontologies and security patterns to provide application developers with a way to utilize security expertise. Through the development of a security ontology, developers locate the major security-related concepts relevant to their application context. Security patterns are then integrated with these concepts to provide tested solutions for accommodating security requirements.
This paper addresses the issue of accommodating security requirements in application development.... more This paper addresses the issue of accommodating security requirements in application development. It proposes the use of ontologies for capturing and depicting the security experts' knowledge. In this way developers can exploit security expertise in order to make design choices that will help them fulfill security requirements more effectively. We have developed a security ontology for two different application scenarios to illustrate its use. To validate the ontology we have used queries.
International Journal of Information Security, May 28, 2008
Formal methods are an important tool for designing secure cryptographic protocols. However, the e... more Formal methods are an important tool for designing secure cryptographic protocols. However, the existing work on formal methods does not cover privacypreserving protocols as much as other types of protocols. Furthermore, privacy-related properties, such as unlinkability, are not always easy or even possible to prove statically, but need to be checked dynamically during the protocol's execution. In this paper, we demonstrate how, starting from an informal description of a privacy-preserving protocol in natural language, one may use a modified and extended version of the Typed MSR language to create a formal specification of this protocol, typed in a linkability-oriented type system, and then use this specification to reach an implementation of this protocol in Jif, in such a way that privacy vulnerabilities can be detected with a mixture of static and runtime checks.
European Conference on Information Warfare and Security, 2005
Kluwer Academic Publishers eBooks, Sep 27, 2005
Esoteric protocols, such as electronic cash, electronic voting and selective disclosure protocols... more Esoteric protocols, such as electronic cash, electronic voting and selective disclosure protocols, use special message constructors that are not widely used in other types of protocols (for example, in authentication protocols). These message constructors include blind signatures, commitments and zero-knowledge proofs. Furthermore, a standard formalization of the Dolev-Yao intruder [6] does not take into account these message constructors, nor does it consider some types of attacks (such as privacy attacks, brute-force dictionary attacks and knownplaintext attacks) that esoteric as well as other types of protocols are designed to protect against. This paper aims to present an extension of typed MSR [3, 4] in order to formally specify the needed message constructors, as well as the capabilities of a Dolev-Yao intruder designed to attack esoteric protocols.
Page 1. Specifying Electronic Voting Protocols in Typed MSR [Extended Abstract] Theodoros Balopou... more Page 1. Specifying Electronic Voting Protocols in Typed MSR [Extended Abstract] Theodoros Balopoulos, Stefanos Gritzalis, Sokratis K. Katsikas Department of Information and Communication Systems Engineering University ...
Computer Standards & Interfaces, Jun 1, 2005
Privacy-preserving protocols, such as electronic cash, electronic voting and selective disclosure... more Privacy-preserving protocols, such as electronic cash, electronic voting and selective disclosure protocols, use special message constructors that are not widely used in other types of protocols (for example, in authentication protocols). These message constructors include blind signatures, commitments and zero-knowledge proofs. Furthermore, a standard formalization of the Dolev-Yao intruder does not take into account these message constructors, nor does it consider some types of attacks (such as privacy attacks, brute-force dictionary attacks and known-plaintext attacks) that privacy-preserving as well as other types of protocols are designed to protect against. This paper aims to present an extension of Typed MSR in order to formally specify the needed message constructors, as well as the capabilities of a Dolev-Yao intruder designed to attack such protocols.
Kluwer Academic Publishers eBooks, Jun 7, 2006
Incorporating security in the application development process is a fundamental requirement for bu... more Incorporating security in the application development process is a fundamental requirement for building secure applications, especially with regard to security sensitive domains, such as e-government. In this paper we follow a novel approach to demonstrate how the process of developing an e-poll application can be substantially facilitated by employing a specialized security ontology. To accomplish this, we describe the security ontology we have developed, and provide a set of indicative questions that developers might face, together with the solutions that ontology deployment provides.
Formal methods are an important tool for designing and implementing secure cryptographic protocol... more Formal methods are an important tool for designing and implementing secure cryptographic protocols. However, the existing work on formal methods does not cover privacy-preserving protocols as much as other types of protocols (for example, authentication protocols). Furthermore, privacy-related properties are not always easy or even possible to prove statically, but need to be checked dynamically during the protocol’s execution. This thesis: (i) proposes abstractions for some (relatively) complex cryptographic primitives used in privacy-preserving protocols, and uses these abstractions to develop suitable message constructors and a linkability-oriented type system for Typed MSR (a strongly typed specification language for security protocols), and (ii) demonstrates how these typed message constructors can be implemented in Jif (a security-oriented extension of a subset of the Java programming language dealing with information flow) in such a way that linkability vulnerabilities can be...
2004年春季印度大选之前,阿玛蒂亚·森访问一个偏远、贫穷的孟加拉村庄,一位目不识丁的农民对他说:“想让我们沉默不难,但那并不是因为我们不会说话。”这句话对森产生了强烈的震撼,他突然意识到:人们... more 2004年春季印度大选之前,阿玛蒂亚·森访问一个偏远、贫穷的孟加拉村庄,一位目不识丁的农民对他说:“想让我们沉默不难,但那并不是因为我们不会说话。”这句话对森产生了强烈的震撼,他突然意识到:人们对于观点的记录与保存往往偏向于有权势者或受过良好教育的人,而实际上许多有价值的观点与下层社会成员有关。那么如何让这些弱势者自由表达出来呢?
This paper introduces a knowledge-based approach for the security analysis and design of e- healt... more This paper introduces a knowledge-based approach for the security analysis and design of e- health applications. Following this approach, knowledge acquired through the process of developing secure e-health applications is represented in the form of security patterns; thus, it is made available to future developers. In this paper we present a set of security patterns that was developed based on
This paper introduces a knowledge-based approach for the security analysis and design of e- healt... more This paper introduces a knowledge-based approach for the security analysis and design of e- health applications. Following this approach, knowledge acquired through the process of developing secure e-health applications is represented in the form of security patterns; thus, it is made available to future developers. In this paper we present a set of security patterns that was developed based on
European Conference on Information Warfare and Security, 2005
Security requirements, such as authentication, confidentiality, authorization, availability, inte... more Security requirements, such as authentication, confidentiality, authorization, availability, integrity and privacy, are becoming extremely common in software development processes. However, in practical terms, it has been proved that only rarely the developed software fulfils the related security requirements. The reason for this is twofold. On one hand software developers are not security experts and thus they are not competent in selecting and applying the appropriate security countermeasures. On the other hand, many security requirements are intrinsically difficult to deal with. This paper aims to address both of the aforementioned issues and to introduce potential solutions. It starts by analysing the major security requirements, and goes on to explore how they can be mapped into concrete security solutions or/and mechanisms. Then, it examines how the fulfilment of security requirements influences the choice of development methodologies and paradigms (with the emphasis being on the design phase), so that the requirements are effectively satisfied. The discussion covers object-oriented and aspect-oriented programming, the Rational Unified Process, UML and UMLsec, as well as security patterns, with regard to the ways they can support the use of security solutions or/and mechanisms.
Proceedings of the …, 2006
... patterns in software development, by customizing the patterns' structure... more ... patterns in software development, by customizing the patterns' structure so as to include security specific properties, such as threats and vulnerabilities. ... 2.1 Software patterns Software patterns are a solution to recurring software development problems in a specific context. ...
Eciw, 2005
Security requirements, such as authentication, confidentiality, authorization, availability, inte... more Security requirements, such as authentication, confidentiality, authorization, availability, integrity and privacy, are becoming extremely common in software development processes. However, in practical terms, it has been proved that only rarely the developed software fulfils the related security requirements. The reason for this is twofold. On one hand software developers are not security experts and thus they are not competent in selecting and applying the appropriate security countermeasures. On the other hand, many security requirements are intrinsically difficult to deal with. This paper aims to address both of the aforementioned issues and to introduce potential solutions. It starts by analysing the major security requirements, and goes on to explore how they can be mapped into concrete security solutions or/and mechanisms. Then, it examines how the fulfilment of security requirements influences the choice of development methodologies and paradigms (with the emphasis being on the design phase), so that the requirements are effectively satisfied. The discussion covers object-oriented and aspect-oriented programming, the Rational Unified Process, UML and UMLsec, as well as security patterns, with regard to the ways they can support the use of security solutions or/and mechanisms.
Communications and Multimedia Security
Esoteric protocols, such as electronic cash, electronic voting and selective disclosure protocols... more Esoteric protocols, such as electronic cash, electronic voting and selective disclosure protocols, use special message constructors that are not widely used in other types of protocols (for example, in authentication protocols). These message constructors include blind signatures, commitments and zero-knowledge proofs. Furthermore, a standard formalization of the Dolev-Yao intruder [6] does not take into account these message constructors, nor does it consider some types of attacks (such as privacy attacks, brute-force dictionary attacks and knownplaintext attacks) that esoteric as well as other types of protocols are designed to protect against. This paper aims to present an extension of typed MSR [3, 4] in order to formally specify the needed message constructors, as well as the capabilities of a Dolev-Yao intruder designed to attack esoteric protocols.
Proceedings of the 2005 ACM workshop on Privacy in the electronic society - WPES '05, 2005
Page 1. Specifying Electronic Voting Protocols in Typed MSR [Extended Abstract] Theodoros Balopou... more Page 1. Specifying Electronic Voting Protocols in Typed MSR [Extended Abstract] Theodoros Balopoulos, Stefanos Gritzalis, Sokratis K. Katsikas Department of Information and Communication Systems Engineering University ...
14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings., 2003
ABSTRACT This paper presents a first approach towards a logic suited for protocols aiming to achi... more ABSTRACT This paper presents a first approach towards a logic suited for protocols aiming to achieve selective disclosure of credentials while preserving privacy. The analysis draws from the BAN and related logics by M. Burrows et al (1990) and P. Syverson and I. Cervesanto (2001) that are targeted to aid reasoning about authentication protocols, as well as from formal methods on PKIs by C. Liu et al (2000, 2001) . The families of protocols directly covered are built using selective disclosure certificates, blind signatures and one-way has functions as cryptographic primitives. The logic is able to prove that if the protocol's credentials are properly constructed and signed by trusted issuers, they should convince a verifier; furthermore, it provides a framework on which mechanized attacks against privacy may be attempted by an automatic theorem prover. The runner example is a protocol by J.E. Holt and K.E. Seamons (2002).
IFIP International Federation for Information Processing, 2005
Funding: European Union (75%) and the Greek Government (25%) 18/11/05 IFIP I3E 2005 Conference ... more Funding: European Union (75%) and the Greek Government (25%) 18/11/05 IFIP I3E 2005 Conference 3 Structure of the Presentation Introduction Ontology and Developing Secure Software Ontology Secure software development Security ontology Research Methodology Building a secure application ontology Methods and tools Case Study: The Secure e-Poll Paradigm Remote internet voting: The e-poll application environment The e-poll application Secure e-poll ontology nRQL queries and results Conclusions and Further Research 18/11/05 IFIP I3E 2005 Conference 4 Introduction Problem: Need for secure applications Proposed solution: Use of security ontologies during the software development process Implementation in: e-Government e-Voting Remote internet voting (security sensitive application environment) 18/11/05 IFIP I3E 2005 Conference 5 Structure of the Presentation Introduction Ontology and Developing Secure Software Ontology Secure software development Security ontology Research Methodology Building a secure application ontology Methods and tools Case Study: The Secure e-Poll Paradigm Remote internet voting: The e-poll application environment The e-poll application Secure e-poll ontology nRQL queries and results Conclusions and Further Research 18/11/05 IFIP I3E 2005 Conference 6 Ontology "an ontology is the attempt to express an exhaustive conceptual scheme within a given domain" In computer science: ontology is used as a means for modelling information 18/11/05 IFIP I3E 2005 Conference 7 Structure of the Presentation Introduction Ontology and Developing Secure Software Ontology Secure software development Security ontology Research Methodology Building a secure application ontology Methods and tools Case Study: The Secure e-Poll Paradigm Remote internet voting: The e-poll application environment The e-poll application Secure e-poll ontology nRQL queries and results Conclusions and Further Research 18/11/05 IFIP I3E 2005 Conference 8 Secure software development It is generally accepted that security should be "built-in" rather than "addedon" A number of methodologies exist that try to handle security issues in the design level but they make no reference as to how security requirements can be translated into system components do not provide a generic model of security and thus can be applied only in specific application environments are rather technical 18/11/05 IFIP I3E 2005 Conference 9 Structure of the Presentation Introduction Ontology and Developing Secure Software Ontology Secure software development Security ontology Research Methodology Building a secure application ontology Methods and tools Case Study: The Secure e-Poll Paradigm Remote internet voting: The e-poll application environment The e-poll application Secure e-poll ontology nRQL queries and results Conclusions and Further Research 18/11/05 IFIP I3E 2005 Conference 10 Security ontology A security ontology can facilitate secure applications development through the provision of a common vocabulary for application developers and security experts expression of security concepts and realization of their relationships and thus the provision of a generic security model being implementation agnostic To the best of our knowledge no such ontology exists* * See paper section 2.2 for related work details 18/11/05 IFIP I3E 2005 Conference 11 Structure of the Presentation Introduction Ontology and Developing Secure Software Ontology Secure software development Security ontology Research Methodology Building a secure application ontology Methods and tools Case Study: The Secure e-Poll Paradigm Remote internet voting: The e-poll application environment The e-poll application Secure e-poll ontology nRQL queries and results Conclusions and Further Research 18/11/05 IFIP I3E 2005 Conference 12 Building a secure application ontology No generally accepted, robust methodology exists for developing an ontology Our approach: Step one: Determining ontology domain and scope Found and used existing material other ontologies CRAMM database of countermeasures, etc. Step two (iterative): Determining competency questions Enumerating important domain terms Defining classes and class hierarchy Instantiating defined classes Querying the ontology 18/11/05 IFIP I3E 2005 Conference 13 Structure of the Presentation Introduction Ontology and Developing Secure Software Ontology Secure software development Security ontology Research Methodology Building a secure application ontology Methods and tools Case Study: The Secure e-Poll Paradigm Remote internet voting: The e-poll application environment The e-poll application Secure e-poll ontology nRQL queries and results Conclusions and Further Research 18/11/05 IFIP I3E 2005 Conference 14 Methods Competency questions are loosely structured questions that a knowledge base based on the ontology under production, should be able to answer Example Q: Are voters stakeholders of the system? A: Yes Approximately 100 terms were enumerated Some formed classes, others formed properties, some were not used at all Classes and relations between them, the class hierarchy, and class slots along with their domain and range were defined Instantiation was based on the CRAMM countermeasure database 18/11/05 IFIP I3E 2005 Conference 15 Tools We used Protégé to construct the ontology It is a software tool for constructing ontologies Used along with its OWL and RQL Tab plug-ins Racer to detect inconsistencies & submit queries It is an inference engine for query answering over RDF documents new Racer Query Language (nRQL) language used The RQL Tab plug-in allows the OWL plug-in to send queries to Racer and receive the answers (results) 18/11/05 IFIP I3E 2005 Conference 16 Structure of the Presentation Introduction Ontology and Developing Secure Software Ontology Secure software development Security ontology Research Methodology Building a secure application ontology Methods and tools Case Study: The Secure e-Poll Paradigm Remote internet voting: The e-poll application environment The e-poll application Secure e-poll ontology nRQL queries and results Conclusions and Further Research 18/11/05 IFIP I3E 2005 Conference 17 Remote internet voting: The e-poll application environment Domain characteristics Voter authentication is a mandatory requirement There is a specific list of authorized voters Voters are not allowed to vote more than once Voters can vote from any computer connected to the internet Voters are presented with a predefined set of choices and/or with alternative ways of expressing opinion 18/11/05 IFIP I3E 2005 Conference 18 Structure of the Presentation Introduction Ontology and Developing Secure Software Ontology Secure software development Security ontology Research Methodology Building a secure application ontology Methods and tools Case Study: The Secure e-Poll Paradigm Remote internet voting: The e-poll application environment The e-poll application Secure e-poll ontology nRQL queries and results Conclusions and Further Research 18/11/05
Lecture Notes in Computer Science, 2006
This paper presents a framework that employs security ontologies and security patterns to provide... more This paper presents a framework that employs security ontologies and security patterns to provide application developers with a way to utilize security expertise. Through the development of a security ontology, developers locate the major security-related concepts relevant to their application context. Security patterns are then integrated with these concepts to provide tested solutions for accommodating security requirements.
This paper addresses the issue of accommodating security requirements in application development.... more This paper addresses the issue of accommodating security requirements in application development. It proposes the use of ontologies for capturing and depicting the security experts' knowledge. In this way developers can exploit security expertise in order to make design choices that will help them fulfill security requirements more effectively. We have developed a security ontology for two different application scenarios to illustrate its use. To validate the ontology we have used queries.