Stateful Protocol Composition in Isabelle/HOL

Usually, security protocols are not executed in isolation. Actually, manny different security protocols usually run in parallel. Still, while the security properties of many of these protocols, e.g., TLS, have been analyzed in great detail, much less research has been devoted to their parallel composition. And, it is far from self-evident that the parallel composition of secure protocols is still secure.

Thoughts on PGT and PGR Programmes

Universities in the UK (and the discussion in this post is based, and most likely limited to, the UK academic sector) accept students with a UG (BSc) degree into their PhD programs. Thus, students in the UK often wonder about the differences between doing a postgraduate taught degree and a postgraduate research degree. But also if you have already your MSc finished (or are close to finishing it) and are considering applying for a PhD programme, it will be useful to understand the differences in the application and selection process.

1 + 0 = 1 - often but not always

Numbers play an important role in our everyday life. And computers are known two work fast and efficiently with numbers, hence their name. Therefore, it might come as a surprise that numbers, as represented by modern computers, do not always behave as one expects.

Working with JSON-Formatted Data in Isabelle

JSON (JavaScript Object Notation) is common format for exchanging data. Thus, sometimes it would be handy to be able to “import” JSON-formatted data into Isabelle/HOL, e.g., as part of a datatype package (implemented in Isabelle/ML) for using the data as part of a system verification (in Isabelle/HOL).

Conformance Testing of Formal Semantics using Grammar-based Fuzzing

In our work “A Denotational Semantics of Solidity in Isabelle/HOL[1] we presented a formal semantics for Solidity, the most common language for implementing smart contracts. Such a formal semantics one of the corner stones of developing a formal verification approach that, mathematically, can prove the absence of certain types of bugs (e.g., such as the Parity Wallet bug that made USD 280mil worth of Ether inaccessible).

But, of course, any verification can only be as good as the underlying semantics. So, how do we ensure that our formal semantics actually captures the behavior of Solidity faithfully? This is the question we answer in our latest paper [2] that will be presented at the International Conference on Tests and Proofs.


Welcome to the blog of the Software Assurance & Security Research Team at the University of Exeter. We blog regularly news, tips & tricks, as well as fun facts about software assurance, reliability, security, testing, verification, hacking, and logic.

You can also follow us on Twitter: @logicalhacking.




academia ai android apidesign appsec bitcoin blockchain bpmn browser browserextensions browsersecurity bug certification chrome composition cordova dast devops devsecops dom dsbd efsm epsrc event extensions fixeffort floss formaldocument formalmethods funding hol-ocl hol-testgen humanfactor hybridapps iast industry internetofthings iot isabelle/hol isabelledof isadof latex logic maintance malicous mbst mobile mobile apps modelinference modeling monads monitoring msc ocl ontology opensource owasp patches pet phd phdlife phishing policy protocols publishing reliability research safelinks safety sap sast sdlc secdevops secureprogramming security securityengineering securitytesting semantics servicecomposition skills smartcontract smartthings softwareeinginering softwaresecurity softwaresupplychain solidity staff&positions statemachine studentproject tcb test&proof testing tips&tricks tools transport tuos uk uoe upgrade usability verification vulnerabilities vulnerableapplication webinar websecurity


blog whole site