Jorge Cuellar | SIEMENS - Academia.edu (original) (raw)

Papers by Jorge Cuellar

Computer Aided Verification, 1998

Page 1. Formal Methods in an Industrial Environment Jorge R. Cu611ar Siemens AG Corporate Technol... more Page 1. Formal Methods in an Industrial Environment Jorge R. Cu611ar Siemens AG Corporate Technology ZT SE 4 Otto-Hahn-Ring 6 D-81739 Munich, Germany Jorge. Cuellar~nchp. siemens, de Industrial applications of formal techniques may be divided roughly in two types: ...

Cuadernos De Estrategia, 2014

ro, los riesgos que conllevan, los requisitos de seguridad, las medidas necesarias para proporcio... more ro, los riesgos que conllevan, los requisitos de seguridad, las medidas necesarias para proporcionarlas y los grandes retos que habremos de afrontar. Concluimos que, aunque los esfuerzos necesarios son grandes, los riesgos son en principio manejables y son una llamada a la acción.

Informatik-Fachberichte, 1989

Lecture Notes in Computer Science, 2005

AVISPA is a pushbutton tool for the automated validation of Internet security-sensitive protocols... more AVISPA is a pushbutton tool for the automated validation of Internet security-sensitive protocols and applications. It provides a modular and expressive formal language for specifying protocols and their security properties, and integrates different back-ends that implement a variety of state-of-the-art automatic analysis techniques. To the best of our knowledge, no other tool exhibits the same level of scope and robustness while enjoying the same performance and scalability.

Lecture Notes in Computer Science, 1996

This paper presents the TLT specification of the steam-boiler control-program described in Chapte... more This paper presents the TLT specification of the steam-boiler control-program described in Chapter AS. The text of the TLT specification of the control program is short and easily understandable. Due to the chosen abstraction level, the proofs that it satisfies the specification of Chapter AS are very simple. TLT has the advantage that the algorithm may be directly described as

Lecture Notes in Computer Science, 2006

Geographic privacy services provide location information on roaming targets to location recipient... more Geographic privacy services provide location information on roaming targets to location recipients via location servers, in a way that protects the privacy of the individuals involved. In this paper we propose and discuss new protocols representing the core of Geopriv, with particular focus on the security requirements stated in the IETF's RFC 3693. Using the AVISPA tool, we check that these requirements, namely anonymity against the location server, as well as confidentiality, integrity, and authenticity of the location information, are actually met. In the design phase of such protocols, numerous variants are to be considered and evaluated. Here the use of model checkers turns out to be very helpful in exploring the security implications quickly and precisely.

Lecture Notes in Computer Science, 1996

Abstract. In this paper we present the Temporal Language of ~h~nsi-tions (TLT) solution to the RP... more Abstract. In this paper we present the Temporal Language of ~h~nsi-tions (TLT) solution to the RPC Memory Specification Problem posed by Lamport for a Dagstuhl seminar. TLT is a framework for the compo-sitional specification and verification of distributed systems. In our so- ...

Proceedings of the 6th ACM workshop on Formal methods in security engineering - FMSE '08, 2008

Single-Sign-On (SSO) protocols enable companies to establish a federated environment in which cli... more Single-Sign-On (SSO) protocols enable companies to establish a federated environment in which clients sign in the system once and yet are able to access to services offered by different companies. The OASIS Security Assertion Markup Language (SAML) 2.0 Web Browser SSO Profile is the emerging standard in this context. In this paper we provide formal models of the protocol corresponding to one of the most applied use case scenario (the SP-Initiated SSO with Redirect/POST Bindings) and of a variant of the protocol implemented by Google and currently in use by Google's customers (the SAML-based SSO for Google Applications). We have mechanically analysed these formal models with SATMC, a state-of-the-art model checker for security protocols. SATMC has revealed a severe security flaw in the protocol used by Google that allows a dishonest service provider to impersonate a user at another service provider. We have also reproduced this attack in an actual deployment of the SAML-based SSO for Google Applications. This security flaw of the SAML-based SSO for Google Applications was previously unknown.

Lecture Notes in Computer Science, 2014

Lecture Notes in Computer Science, 2014

Software & Systems Modeling, 2007

This section of “Software & Systems Modeling” contains three papers presenting current trends... more This section of “Software & Systems Modeling” contains three papers presenting current trends on the use of for-mal methods and software engineering for the develop-ment of complex distributed applications. These articles are based on presentations at SEFM 2004, the Second IEEE ...

Computer Aided Verification, 1998

Page 1. Formal Methods in an Industrial Environment Jorge R. Cu611ar Siemens AG Corporate Technol... more Page 1. Formal Methods in an Industrial Environment Jorge R. Cu611ar Siemens AG Corporate Technology ZT SE 4 Otto-Hahn-Ring 6 D-81739 Munich, Germany Jorge. Cuellar~nchp. siemens, de Industrial applications of formal techniques may be divided roughly in two types: ...

Cuadernos De Estrategia, 2014

ro, los riesgos que conllevan, los requisitos de seguridad, las medidas necesarias para proporcio... more ro, los riesgos que conllevan, los requisitos de seguridad, las medidas necesarias para proporcionarlas y los grandes retos que habremos de afrontar. Concluimos que, aunque los esfuerzos necesarios son grandes, los riesgos son en principio manejables y son una llamada a la acción.

Informatik-Fachberichte, 1989

Lecture Notes in Computer Science, 2005

AVISPA is a pushbutton tool for the automated validation of Internet security-sensitive protocols... more AVISPA is a pushbutton tool for the automated validation of Internet security-sensitive protocols and applications. It provides a modular and expressive formal language for specifying protocols and their security properties, and integrates different back-ends that implement a variety of state-of-the-art automatic analysis techniques. To the best of our knowledge, no other tool exhibits the same level of scope and robustness while enjoying the same performance and scalability.

Lecture Notes in Computer Science, 1996

This paper presents the TLT specification of the steam-boiler control-program described in Chapte... more This paper presents the TLT specification of the steam-boiler control-program described in Chapter AS. The text of the TLT specification of the control program is short and easily understandable. Due to the chosen abstraction level, the proofs that it satisfies the specification of Chapter AS are very simple. TLT has the advantage that the algorithm may be directly described as

Lecture Notes in Computer Science, 2006

Geographic privacy services provide location information on roaming targets to location recipient... more Geographic privacy services provide location information on roaming targets to location recipients via location servers, in a way that protects the privacy of the individuals involved. In this paper we propose and discuss new protocols representing the core of Geopriv, with particular focus on the security requirements stated in the IETF's RFC 3693. Using the AVISPA tool, we check that these requirements, namely anonymity against the location server, as well as confidentiality, integrity, and authenticity of the location information, are actually met. In the design phase of such protocols, numerous variants are to be considered and evaluated. Here the use of model checkers turns out to be very helpful in exploring the security implications quickly and precisely.

Lecture Notes in Computer Science, 1996

Abstract. In this paper we present the Temporal Language of ~h~nsi-tions (TLT) solution to the RP... more Abstract. In this paper we present the Temporal Language of ~h~nsi-tions (TLT) solution to the RPC Memory Specification Problem posed by Lamport for a Dagstuhl seminar. TLT is a framework for the compo-sitional specification and verification of distributed systems. In our so- ...

Proceedings of the 6th ACM workshop on Formal methods in security engineering - FMSE '08, 2008

Single-Sign-On (SSO) protocols enable companies to establish a federated environment in which cli... more Single-Sign-On (SSO) protocols enable companies to establish a federated environment in which clients sign in the system once and yet are able to access to services offered by different companies. The OASIS Security Assertion Markup Language (SAML) 2.0 Web Browser SSO Profile is the emerging standard in this context. In this paper we provide formal models of the protocol corresponding to one of the most applied use case scenario (the SP-Initiated SSO with Redirect/POST Bindings) and of a variant of the protocol implemented by Google and currently in use by Google's customers (the SAML-based SSO for Google Applications). We have mechanically analysed these formal models with SATMC, a state-of-the-art model checker for security protocols. SATMC has revealed a severe security flaw in the protocol used by Google that allows a dishonest service provider to impersonate a user at another service provider. We have also reproduced this attack in an actual deployment of the SAML-based SSO for Google Applications. This security flaw of the SAML-based SSO for Google Applications was previously unknown.

Lecture Notes in Computer Science, 2014

Lecture Notes in Computer Science, 2014

Software & Systems Modeling, 2007

This section of “Software & Systems Modeling” contains three papers presenting current trends... more This section of “Software & Systems Modeling” contains three papers presenting current trends on the use of for-mal methods and software engineering for the develop-ment of complex distributed applications. These articles are based on presentations at SEFM 2004, the Second IEEE ...