The Workshop on AI and Theorem Provers in Mathematics (AITPM) will explore with leading experts some of the recent developments related to the use of AI and theorem provers in mathematics as well as the perspectives for such future use.

• Attendance is free.
• Venue: Online
• Date: 8. - 10. April 2026
• Registration: Online Form

Given consent by speakers, talks will be recorded and made public after the workshop. We do not plan to record the panel session, which are planned to be highly interactive.

Speakers §

• Kevin Buzzard (Imperial College)
• Yang-Hui He (London Institute for Mathematical Sciences)
• Paola Iannone (University of Edinburgh)
• Shinichi Mochizuki (Research Institute for Mathematical Sciences Kyoto)
• Leonardo De Moura (Amazon Web Services)
• Lawrence Paulson (University Cambridge)
• Chelsea Edmonds (University of Western Australia)
• Patrick Massot (University Paris Saclay)

Programme Schedule §

The preliminary schedule of the workshop is:

• April 8th 2026 
  • 08:00-09:00 Kevin Buzzard: What goes into Formalizing Fermat?
  • 09:15-10:15 Paola Iannone: Teaching with Lean for supporting the transition to university mathematics - current research and future trends
  • 10:45-11:45 Lawrence Paulson: AI and Isabelle: experiences and perspectives
  • 12:00-13:00 Discussion/panel session
• April 9th 2026
  • 08:00-09:00 Chelsea Edmond: A Proof Engineering Perspective on Formalising Combinatorics in Isabelle/HOL
  • 09:15-10:15 Yang Hui He
  • 10:45-11:45 Shinichi Mochizuki: On the Formalization of IUT: a preliminary progress report
  • 12:00-13:00 Discussion session
• April 10th 2026
  • 15:00-16:00 Patrick Massot: Teaching mathematics using Verbose Lean
  • 16:15-17:15 Leonardo De Moura
  • 17:45-18:45 Natarajan Shankar
  • 19:00-20:00 Discussion/panel session and closure

All times are BST (i.e., London, observing daylight saving time).

Organisers §

• Mohamed Saidi (Department of Mathematics and Statistics, University of Exeter)
• Barrie Cooper (Department of Mathematics and Statistics, University of Exeter)
• Gihan Marasingha (Department of Mathematics and Statistics, University of Exeter)
• Achim D. Brucker (Department of Computer Science, University of Exeter)
• Diego Marmsoler (Department of Computer Science, University of Exeter)

We have an open PhD position in Bridging the Gap Between Mathematical Numbers and Software Systems. To fill this position, we are seeking an enthusiastic PhD candidate with a strong background in computer science, software engineering, mathematics, or closely related fields. Expertise in formal methods such as program reasoning, programming language semantics, model checking, theorem proving, or computational logic is essential.

Mathematical models, e.g., describing physical systems or cryptographic algorithms, rely on ideal numbers. For instance, mathematical integers are infinite and mathematical reals continuous and infinite. Computers work with finite approximations that are bounded (i.e., there is a smallest and largest number) and discrete. This “digital gap” between mathematical models and actual systems is a challenge when implementing safety-critical or security-critical systems: for example, autonomous aircraft or self-driving cars require high-precision representations of their position to avoid collisions. Hence, not considering the approximation of the approximative representation of numbers in computers can result in crashes that can endanger the life of humans. Moreover, many security-critical systems, not limited to cryptographic algorithms, rely on the correct handling of over- and underflows in integer computations. Actually, underflow- and overflow bugs are a root cause for a large number vulnerabilities exploited by cyber security criminal, e.g., for stealing digital currencies worth several billion of dollars. While this is not a new problem (e.g., already in 1982, an float conversion error in a trading systems at the Vancouver Stock Exchange resulted in a loss of several millions of US dollars), an integrated development method preventing such bugs is still not available.

This PhD project will address this challenge by developing a rigour approach for developing systems relying on precise representations of numbers, using the interactive theorem prover Isabelle/HOL. The PhD project can focus on

1. the formalisation of concrete representations of machine numbers (e.g., IEEE754, POSIT, Decimal Floating Point, Fixed Point Arithmetic), their (algebraic) properties, and relationship to abstract mathematical numbers;
2. the formalisation and verification of numerical or cryptographic algorithms, establishing a reusable verified library, or
3. the development of an end-to-end refinement approach from mathematical models to machine representations.

The PhD will be jointly supervised by Prof. Dr. Achim Brucker and Prof. Dr. Burkhart Wolff, leading to a joint degree from the University of Exeter and the University of Paris-Saclay.

Information about the programme can be found at

• https://www.exeter.ac.uk/study/pg-research/funding/phdfunding/paris-saclay/
• https://adum.fr/as/ed/voirproposition.pl?langue=en&matricule_prop=71068&site=PSaclay

All applications have to be made via the ADUM system: https://adum.fr/as/ed/voirproposition.pl?langue=en&matricule_prop=71068&site=PSaclay, latest on the 22nd of March 2026.

Once again, we are co-organizing BSides Exeter: it is set to return for its third run in April, with doors opening on main event, at The Forum, on 25th April 2026, and on 24th April 2026 a pre-event free, professional training day for those willing to contribute to charitable causes.

The 2026 event is focused on the theme “curiosity built the cyber pro”, helping to showcase the innumerable paths into cyber that makes the sector the vibrant, accepting space that it is today. Hosted on site at The Forum in the University of Exeter for a third year, with support from the University of Exeter’s Department for Computer Science, the community-driven cyber security event has a growing attendance and this year aims to attract 400 attendees, following last year’s successful bringing together of over 350 cyber security experts, students, enthusiasts and newcomers. Exeter Cyber Security Society members have been key supporters of BSides Exeter since the society was founded in 2024.

General admission tickets for 2026 are on sale now.

Call for papers open until 3rd March 2026

Along with looking for talks from experienced veterans of the field, the current call for papers also offers an opportunity for first time speakers, students and new cyber professionals, and career-changers to talk as part of rookie sessions, which returns for a second year.

Rookie sessions are 20-minute long talks, where regular talk slots are looking for submissions of around 35-40 minutes in length. BSides Exeter connects rookie speakers with a mentor who can help guide them with their talk creation and help them understand ahead of time what to expect.

Outside of rookie sessions, the conference tracks for BSides Exeter 2026 are:

• Blue Track – Defence
• Red Track – Attack
• Purple Track – Mixed

Talks will be recorded and uploaded to BSides Exeter’s YouTube channel after the event. (Those not wanting to have their talk shared this way, are able to opt out.)

Got a story to tell? You can submit to the call for papers. The deadline for submissions is 3rd March 2026.

Paying it forward

The day before the main BSides Exeter event, on Friday 24th April, will see a series of professional training workshops provided by sponsors, with participants encouraged to donate to Children’s Hospice South West as part of attendance. This pre-event will offer learning opportunities for individuals at all levels of experience.

Why “curiosity built the cyber pro”?

In its exploration of curiosity built the cyber professional, BSides Exeter which will look at how every cyber security and digital forensics professional started the same way—curious, determined, and probably told to “get off that computer!” or “you’ve been online too long!”

Dear Fellow Researchers!

Our dear colleague and friend David Basin is turning 65 in December 2026 and this has to be celebrated! We therefore organize a Festschrift and a Fest to celebrate his birthday and his extensive research contributions!

The Fest/celebration itself will be held as a one-day event on the 15th of January 2027 at ETH Zürich. We have already checked that David is available. You do not have to keep it a secret - on the contrary, it is great if you share this message with anybody who might like to contribute!

We hereby cordially invite you to contribute an article to the Festschrift and present it at the Fest. We welcome contributions in all areas close to David’s research and interests, including but not limited to security, privacy, formal methods, logic, automated reasoning, model checking, theorem proving, software engineering, bridge, juggling, biking and more. The articles will be lightly reviewed by the Festschrift committee, and the proceedings will be published by Springer Heidelberg in the LNCS series. David will of course love to receive a research article from you, but also short personal articles that celebrate the history and friendship with David will be very much appreciated.

We would like to set a deadline for submissions at the 21st of May 2026 via our submission site https://easychair.org/conferences/?conf=feschi2027. Articles should be formatted in Springer’s LNCS style and not exceed 5 pages for personal articles and 16 pages for scientific articles. If you have a work that you would like to contribute that does not fit into this page limit, it might be possible, but please reach out to us first.

There will be no participation fee for the Fest and coffee breaks, lunch, and dinner will be included. Travel and accommodation costs are at the expense of the participants. We are happy to provide hotel suggestions for Zürich.

Submission Information: §

• Format: 16 pages in LNCS format, templates available at: https://www.springer.com/gp/computer-science/lncs/conference-proceedings-guidelines
• Submission: https://easychair.org/conferences/?conf=feschi2027
• Timeline:
  • Submission: 21 May 2026
  • Notification: end of June 2026 (to be confirmed)
  • Camera Ready Copy: early September 2026 (to be confirmed)

Please let us know if you have any questions!

Best wishes,

• Achim D. Brucker (University of Exeter)
• Sebastian Mödersheim (Danmarks Tekniske Universitet)
• Christoph Sprenger (ETH Zürich)
• Luca Viganò (King’s College London)

Many congratulations to Amy Stell who passed her PhD viva with minor corrections!

Amy’s PhD thesis [1] entitled “Trustworthy Machine Learning for High-Assurance Systems” presents an approach for modelling and formally verifying neural networks in Isabelle/HOL. This is an important step to enabeling the use of neural networks in safety-critical or security-critical applications. During his PhD, Amy published several conference publications and entries of the Archive of Formal Proofs [5].

Well done Amy!

Amy will stay in our group, working on formal methods for enterprise systems; and, of course, she will also continue to work on formal methods for AI.

References §

Over the last few decades, deep neural networks (DNNs) have exhibited remarkable success in natural language processing (NLP). However, despite their impressive performance, DNNs have been shown to be highly vulnerable to adversarial examples, which are carefully crafted inputs with small, often imperceptible perturbations that cause models to make incorrect predictions. This vulnerability poses growing threats to security and privacy in online and safety-critical environments.

The issue becomes even more serious with the widespread use of large language models (LLMs) such as GPT and LLaMA, which exhibit strong generalization and zero-shot learning abilities. Although these models revolutionize NLP tasks, they are not immune to adversarial manipulations. In particular, prompt-injection and jailbreak attacks can subvert safety alignment mechanisms, revealing a similar underlying weakness: subtle textual perturbations can drastically alter model behaviour. Understanding and mitigating such vulnerabilities has therefore become a central research topic in Safe AI.

Compared to adversarial attacks in computer vision (CV), generating imperceptible adversarial examples for text presents key challenges. Images reside in continuous pixel spaces, where tiny numeric changes can easily be masked from human perception. Text, however, is inherently discrete, and even a single character or word change can significantly affect readability, grammar, or meaning. Thus, designing textual perturbations that remain semantically faithful and grammatically correct, while still deceiving the model, is substantially more difficult. Character-level or sentence-level manipulations often yield unnatural text that can be detected by spell-checkers or simple rule-based defences. Conversely, word-level synonym substitution can produce more fluent and semantically consistent adversarial samples.

To address this problem, we developed SCALA (Synonym-based desCending And repLace-back Ascending), a score-based black-box adversarial attack that achieves an effective balance between imperceptibility, efficiency, and practicality. By leveraging a novel descending–ascending synonym ranking mechanism with parallelized computation, SCALA generates visually and semantically natural adversarial texts with minimal perturbations. Extensive experiments on both conventional NLP models and fine-tuned LLMs demonstrate the generality and scalability of our method. SCALA consistently achieves the lowest perturbation and grammatical error rates while maintaining high semantic similarity, outperforming representative baselines. The results highlight that fine-tuned LLMs, despite their scale and contextual capacity, remain vulnerable to word-level perturbations, emphasizing the need for robust defense strategies. Future work will explore extending SCALA to multilingual and multimodal domains and investigating defense-aware training to enhance robustness in real-world applications.

Want to learn more? Read out latest paper [1] that has been published in the IEEE Transactions on Information Forensics and Security.

References §

There are at least three reasons why it is desirable to perform proofs of security in a proof assistant like Isabelle/HOL or Rocq. First, it gives us an overwhelming assurance that the proof of security is actually a proof and not just the result of a bug in a complex verification tool.

This is because the basic idea of an LCF-style theorem prover is to have an abstract datatype theorem so that new theorems can only be constructed through functions that correspond to accepted proof rules; thus implementing just this datatype correctly prevents us from ever accepting a wrong proof as a theorem, no matter what complex machinery we build for automatically finding proofs. Second, a human may have an insight of how to easily prove a particular statement where a “stupid” verification algorithm may run into a complex check or even be infeasible. Third, the language of a proof assistant can formalize all accepted mathematics, so there is no narrow limit on what aspects of a system we can formalize. For instance, we have proved in Isabelle/HOL a compositionality result for our protocol model: given a set of protocols for which we have proved security and that meet a number of requirements, then also their composition is correct. Since also the said requirements are proved in Isabelle, we arrive at a full security proof of the entire system checked by Isabelle. A result like this is beyond the scope of any standard verification tool. Note also that as part of the composition, some of the component protocols may be proved secure by different methods or even automatically.

With our work, we aim for achieving the high assurance of an LCF-style theorem prover (namely, Isabelle/HOL) with a highly-automated verification approach for a well-defined fragment of stateful (security) protocols. The result is both an extensive formalization of stateful protocols and a fully-automated verification method, i.e., a tool. In more detail, our work has two contributions:

1. The formalization in Isabelle of the abstract interpretation approach for stateful protocols as the PSPSP tool. In a nutshell, we have implemented in Isabelle the computation of the abstract fixed point—the proof idea so to speak—and how Isabelle can convince herself that this fixed point covers everything that can happen in the concrete protocol. The Isabelle security proof that one obtains consists of two main parts: first, we have a number of protocol-independent theorems that we have proved in Isabelle once and for all, and second, for every protocol and fixed point, we have a number of checks that Isabelle can directly execute to establish the correctness of the given protocol. The entire protocol-independent formalization consists of more than 25,000 lines of Isabelle code (definitions, theorems and proofs).
2. The development and integration into Isabelle of a simple protocol specification language for stateful protocols that is based on a notion of atomic transactions: in a transaction, an entity may receive a message, consult its long-term database, make changes to the database and finally send out a reply. This language is more high-level than for instance multi-set rewriting while directly defining a state-transition system. The language additionally allows the specification of analysis rules which are rules that express how the intruder can extract knowledge from received messages built using cryptographic functions.

The full details are described in our latest paper [1] that just has been accapted in the Journal of Computer Security. The formalization in Isabelle/HOL, including the tool PSPSP (implemented in Isabelle/HOL), is available in the Archive of Formal Proofs (AFP) [2].

References §

Since 2007, the Test and Proof (TAP) conference has long been a leading venue for research on the intersection of software testing and formal verification. Now, TAP is joining the 27th International Symposium on Formal Methods (FM 2026) as a new special track. This integration places the ground-breaking work of the Test and Proofs community at the heart of the world’s premier conference on formal methods.

This new track provides a dedicated forum for researchers, practitioners, and tool developers to present and discuss the latest advances in the synergistic combination of traditionally distinct areas of dynamic analysis, e.g., testing, and static analysis, e.g., proving. By joining FM, the TAP track offers authors a wider, more diverse audience and the prestige of publication in the main, open-access FM 2026 proceedings, published by Springer in the LNCS series. We invite you to be part of this exciting new chapter for the tests and proofs community!

Track Highlight: FM 2026 Keynote by Professor Cristian Cadar

We are thrilled to announce that TAP Track at FM 2026 will feature a keynote address by Professor Cristian Cadar of Imperial College London. Professor Cadar is a world-renowned authority on software reliability, security, and verification, and is particularly celebrated for his pioneering contributions to symbolic and dynamic execution (e.g., KLEE). His selection as a main symposium keynote speaker is a powerful testament to the increasing importance of the core topics of the TAP track to the broader computer science community.

Scope and Topics of Interest §

The TAP track solicits high-quality, original research on the interplay between dynamic techniques such as testing, runtime verification etc.testing and formal verification such as proving, model checking, abstract interpretation, etc. . The track aims to foster new collaborations and advance the state of the art in creating reliable and secure software and systems. Topics of interest include, but are not limited to, the following areas:

Foundations for Combining Testing and Verification

• Formalisms and theories that unify testing and proof
  
• Semantic foundations for combined static and dynamic analysis
  
• Proof theory for test-case generation and specification conformance
  
• Type systems with a testing and proving focus
  
• Formal models of test-based and proof-based development

Synergistic Techniques and Tools

• Combination of model checking, theorem proving, and runtime verification
  
• Synergies between symbolic execution, fuzzing, and formal analysis
  
• Test-case generation from formal specifications (e.g., using B, Z, TLA+, VDM)
  
• Using test execution results to guide or automate proof discovery
  
• Static analysis for test-suite reduction, prioritization, and optimization
  
• Verification-based and property-based testing
  
• Formal methods for testing AI/ML-based systems
  
• AI/ML techniques for enhancing formal verification and testing
  
• Derivation of specifications and contracts from tests
  
• Combination of static and dynamic analysis for security vulnerability detection

Applications and Empirical Evaluation

• Case studies and experience reports applying combined test-and-proof techniques to industrial systems (e.g., in security, cyber-physical systems, autonomous systems, blockchain, or IoT)
  
• Empirical comparisons of different verification, testing, and combined techniques
  
• Tool demonstration papers for new and innovative tools that support tests and proofs
  
• Application of TAP techniques to challenge problems and benchmarks

Submission Categories and Guidelines §

The TAP track papers can be submitted in all paper categories supported by the FM 2026 Research Track and submissions to the TAP track will be reviewed following the policies and quality criteria of the FM Research Track.

The TAP track solicits papers in the following categories:

• Regular Papers (max 15 pages, excluding references and appendices): For mature, original research contributions.
  
• Long Tool Papers (max 15 pages, excluding references and appendices): For presenting mature tools, their theoretical foundations, and empirical evaluations.
  
• Case Study Papers (max 15 pages, excluding references and appendices): For in-depth reports on the application of TAP techniques to significant, real-world problems.
  
• Short Papers (max 6 pages, excluding references and appendices): For presenting novel but not yet fully mature ideas, or for tool demonstration papers that focus on a tool’s features and usage.

Papers should be original work, not published or submitted elsewhere, in Springer LNCS format, and written in English.

Submit your papers at https://easychair.org/conferences/?conf=fm2026

Reviewing is single-blind. Each paper will be evaluated by at least three members of the Program Committee. Papers will be accepted or rejected in the category in which they were submitted and will not be moved between categories

Authors of accepted papers are strongly encouraged to submit their supporting artifacts to the FM 2026 Artifact Evaluation track.

Important Dates §

All deadlines are Anywhere on Earth (AoE, UTC-12h). The deadlines for the TAP track are aligned with the FM 2026 Research Track.

Publication §

All accepted papers for the TAP track will be published as part of the main FM 2026 conference proceedings. The proceedings will be published by Springer in their open-access Lecture Notes in Computer Science (LNCS) series. At least one author of an accepted paper must register for the conference and present the work.

Track Organization §

Track Chairs:

• Marie-Christine Jakobs, Ludwig-Maximilan University, Munich, Germany
  
• Achim D. Brucker, University of Exeter, UK

For inquiries, please contact the track chairs.

Modern manufacturing relies heavily on highly integrated IT systems. While various terms – such as Industry 4.0, Cyber-Physical Production Systems, and the Industrial Internet of Things (IIoT) – describe these systems, they all share a common characteristic: the fusion of enterprise software with sensors and actuators. This creates a complex IT landscape comprising devices with diverse computational capabilities, operating systems, and software versions. Additionally, many manufacturing environments must integrate legacy systems that were never designed to be connected to the internet, further complicating security efforts.

Beyond the inherent challenges of securing such heterogeneous environments, cyberattacks on manufacturing systems can have severe real-world consequences, extending beyond data breaches to physical disruptions and costly damages.

Want to learn more? Attend my talk at BSides Exeter today: I will first provide a brief introduction to modern manufacturing systems. I will then explore key cybersecurity threats, with a particular focus on attacks targeting process logic vulnerabilities that can be exploited by both external threat actors and insiders. As far as possible, identified threats will be illustrated by real world attacks. I will conclude the talk with a brief outlook on ongoing research developing tools to detect (and mitigate) cybersecurity threats in modern manufacturing.

Update: Missed the talk? Watch the recording.

After the successful release of Isabelle/DOF as part of the Archive of Formal Proofs (AFP), we are now happy to announce the availability of add-ons for the latest Isabelle release (i.e., Isabelle 2025).

The Isabelle/DOF 2025 Add-Ons package (a version for Isabelle 2024 is also available) is available on Zenodo. The Isabelle/DOF 2025 Add-Ons extends the Isabelle/DOF version for Isabelle 2025 that is available as part of the Archive of Formal Proofs (AFP) with the following features:

• Additional document ontologies and LaTeX templates (in the session Isabelle_DOF-Ontologies).
• Additional examples using various Ontologies and LaTeX template.
• A tool for creating new Isabelle/DOF projects (isabelle dof_mkroot).

References §

This year, we are hosting two world-class cyber events on our campus during the week commencing 21st of April, 2025: Secure South West and BSides Exeter.

In more detail:

• On Friday 25th of April 2025, we have
  • Secure South West focusing on the positive change cyber can bring to society.
  • BSides NextGen Track, a special session the day before the main BSides event, introducing cybersecurity careers to GCSE and A-Level students.
• On Saturday 26th of April 2025, we are hosting BSides Exeter.

In total, we expect way over 300 cybersecurity enthusiasts on our campus. We are looking forward to welcoming you all to this great line-up of cyber events!

Modern supply chains of goods and services rely heavily on close collaborations between the partners within these supply chains. Consequently, there is a demand for IT systems that support collaborations between business partners, for instance, allowing for joint computations for global optimizations (in contrast to local optimizations that each partner can do on their own). Still, businesses are very reluctant to share data or connect their enterprise systems to allow for such joint computation. The topmost factor that businesses name as reason for not collaborating, is their security concern in general and, in particular, the confidentiality of business critical data.

While there are techniques (e.g., homomorphic encryption or secure multi-party computation) that allow joint computations and, at the same time, that are protecting the confidentiality of the data that flows into such a joint computation, they are not widely used. One of the main problems that prevent their adoption is their perceived performance overhead.

In our recently published journal paper [brucker.ea:confidential-supply-chains:2025], which supercedes our earlier conference version [brucker.ea:confidential-lca:2021], we address this problem by an approach that utilized the structure of supply chains by decomposing global computations into local groups, and applying secure multi-party computation within each group. This results in a scalable (resulting in a significant smaller runtime overhead than traditional approaches) and secure (i. e., protecting the confidentiality of data provided by supply chain partners) approach for joint computations within supply chains. We evaluate our approach using life-cycle assessment (LCA) as a case study. Our experiments show that, for instance, secure LCA computations even in supply chains with 15 partners are possible within less than two minutes, while traditional approaches using secure multi-party computation need more than a day.

References §

We have an exciting funded opportunity for a PhD on developing “Verification Environment for Distributed Systems Implemented in Go”. The main objectives are to define a formal semantics of Go and its CSP-inspired concurrency model in an interactive theorem prover (e.g., Isabelle/HOL) as well as developing a calculus for program verification. This is a unique opportunity to work in the intersection of theory and application and while doing so, contributing to improving the state of the art in software correctness and security.

A detailed description of the PhD proposal is available at:

• A Verification Environment for Distributed Systems Implemented in Go

Information about the funding and application process is available at:

• https://www.exeter.ac.uk/study/funding/award/?id=5477

Application deadline is the midnight GMT on 10th of February 2025.

Please reach out to me, if you have any questions.

Smart contracts are computer programs designed to automate legal agreements. They are usually developed in a high-level programming language, the most popular of which is Solidity. Every day, hundreds of thousands of new contracts are deployed managing millions of dollars worth of transactions. As for every computer program, smart contracts may contain bugs which can be exploited. However, since smart contracts are often used to automate financial transactions, such exploits may result in huge economic losses. In general, it is estimated that since 2019, more than $5B was stolen due to vulnerabilities in smart contracts.

To address the issue of smart contract vulnerabilities we developed Isabelle/Solidity. Isabelle/Solidity is, on the one hand, a deep embedding of an executable denotational semantics for Solidity within the Isabelle/HOL interactive theorem prover. On the other hand, Isabelle/Solidity is an interactive program verification environment for Solidity smart contracts.

We describe Isabelle/Solidity in our latest publication in the journal Formal Aspects of Computing [1].

References §

It is not a secret that any computer science curriculum needs to make hard choices on which topic to include and which to not include (or only discuss very lightly). On area whose fundamental need is not always obvious to everybody is Formal Methods. In particular, when considering the ACM Curriculum for Computer Science, the inclusion of Formal Methods as a mandatory Knowledge Area needs arguing for why and how does every computer science graduate benefit from such knowledge.

We do not agree with the sentence “While there is a belief that formal methods are important, and they are growing in importance, we cannot state that every computer science graduate will need to use formal methods in their career.” We argue that formal methods are and have to be an integral part of every computer science curriculum. Just as not all graduates will need to know how to work with databases either, it is still important for students to have a basic understanding of how data is stored and managed efficiently. The same way, students have to understand why and how methods work, what their formal background is, and how they are justified. No engineer should be ignorant of the foundations of their subject and the formal methods based on these.

In our paper [1], we aim to highlight why every computer scientist needs to be familiar with formal methods. We argue that education in formal methods plays a key role by shaping students’ programming mindset, fostering an appreciation for underlying principles, and encouraging the practice of thoughtful program design and justification, rather than simply writing programs without reflection and deeper understanding. Since integrating formal methods into the computer science curriculum is not a straightforward process, we explore the additional question: what are the trade-offs between one dedicated knowledge area of formal methods in a computer science curriculum versus having formal methods scattered across all knowledge areas? Solving problems while designing software and software-intensive systems demands an understanding of what is required, followed by a specification and formalizing a solution in a programming language. How to do this systematically and correctly on solid grounds is exactly the supported by Formal Methods.

References §

The linking of formal and informal information is perhaps the most pervasive challenge in the digitization of modern society. Extracting knowledge from reasonably well-structured “raw”-texts is a crucial prerequisite for any form of advanced search, classification, “semantic” validation and “semantic” merge technology. This challenge incites numerous research efforts summarized under the labels “semantic web” or “data mining”. A key role in structuring this linking is played by ontologies (also called “vocabulary” in semantic web communities), i.e., a machine-readable form of the structure of documents and the document discourse.

Such ontologies can be used for scientific discourse underlying scholarly articles, the conversion, and integration of semiformal content, for advanced semantic search in mathematical libraries or documentation in various domains. In other words, ontologies generate the meta-data necessary to annotate raw text allowing their “deeper analysis”, in particular inside mathematical formulas or equivalent formal content such as programs or UML-models.

To support such scenarios, we developed Isabelle/DOF, an ontology framework on top of Isabelle/HOL. It allows for the formal development of ontologies and continuous conformity-checking of integrated documents, including the tracing of typed meta-data of documents. Isabelle/DOF deeply integrates into the Isabelle/HOL ecosystem, allowing to write documents containing (informal) text, executable code, (formal and semiformal) definitions, and proofs. Users of Isabelle/DOF can either use HOL or one of the many formal methods that have been embedded into Isabelle/HOL to express formal parts of their documents.

In our most recent journal paper [1], which supersedes [2], we describe in detail, how we extended Isabelle/DOF to support parametric ontological classes.

References §

Smart contracts are programs stored on the blockchain, often developed in a high-level programming language, the most popular of which is Solidity. Smart contracts are used to automate financial transactions and thus bugs can lead to large financial losses.

For example, in 2016, a vulnerability in an Ethereum smart contract was exploited, resulting in a loss of approximately $60M. More recently, hackers exploited a vulnerability in the DeFi-platform Poly Network to steal $600M. Overall, it is estimated that since 2019, more than $5B have been stolen due to vulnerabilities in smart contracts. The high impact of vulnerabilities in smart contracts, together with the fact that once deployed to the blockchain, they cannot be updated or removed easily, makes it important to “get them right” before they are deployed. To address this problem, we developed Isabelle/Solidity, a shallow embedding of Solidity in Isabelle/HOL.

Isabelle/Solidity consists of a novel formalization of the Solidity storage model, a shallow embedding of Solidity expressions and statements, an implementation of Isabelle commands to support a user in specifying Solidity smart contracts, and a verification condition generator to support a user in the verification.

In our paper at the Software Engineering and Formal Methods (SEFM 2024) conference [1], we describe Isabelle/Solidity in more detail and also show how we ensure its compliance to the official Solidity tooling.

References §

I am happy to announce that Dr. Bethaina Touijer will join the Software Assurance & Security Research Team as a Postdoctoral Researcher.

Bethaina will work on developing formal methods for analysing business process logic, in particular in the context of enterprise sytems.

The computer science curriculum at the University of Exeter focuses on the applied software engineering and data science aspects. Hence, there are very few modules focusing on the foundations and theory. Instead, of having dedicated theory-focused modules, theory is embedded into applied modules. One such example is our approach of integrating formal methods, mostly in the form of model checking, into our second year undergraduate cyber security module.

In this module, we integrate a roughly three weeks long section on security protocols, with a focus on their formal modelling and formal analysis. In these three weeks, we use a holistic approach for teaching the security objectives of security protocols, their analysis of actual implementations using a network sniffer, their formal verification using a model checker (and comparing it to an approaches based on interactive theorem proving).

This approach has been developed over the course of eight years at two UK universities: The University of Sheffield and the University of Exeter. In this paper, we focus on our experience in Exeter, at which we are offering the module in the form discussed in this paper since the academic year 2019/2020. While the module usually is delivered as synchronous in-person delivery, during the COVID-19 pandemic we also delivered the module successfully as (asynchronous) remote delivery. For the remote delivery, we replaced the lectures by pre-recorded videos and the lab sessions had been taught in flipped-classroom-style, with weekly synchronous drop-in sessions offered online.

We report, in more detail, on our experience with this integrated approach in our paper at the Formal Methods Teaching Workshop (FMTea 2024) [1]. The workshop will take place on the 10th of September 2024 – feel free to join us!

References §

We are happy to announce that Isabelle/DOF, our document ontology framework on top of Isabelle/HOL, is now available in the Archive of Formal Proofs (AFP).

While this seems a minor change in how Isabelle/DOF is distributed, it actually is a major achievement for Isabelle/DOF. From now on, other entries of the AFP can make use of Isabelle/DOF and the ontological modelling it provides. Furthermore, this helps to ensure that Isabelle/DOF will also work with future releases of Isabelle/HOL. Note that the AFP only contains the core of Isabelle/DOF. We plan to make additional ontologies and document setups available as an add-on package in the future.

References §

As part of a US funded project, we have an exciting opportunity for a PostDoc in the Security and Trust of Advanced Systems Group at the University of Exeter (UK) to work applying formal methods to enterprise systems:

We will use formal methods (e.g., model checking, SMT solving, interactive theorem proving), to analyze business-process-driven (enterprise) systems (e.g., business logic and workflows described a BPMN models). A particular focus will be the analysis of complex compositions of workflows within one organization as well as across multiple organizations.

In particular, we will develop novel techniques to detect faults and vulnerabilities (that can be exploited by both internal and external attackers) in complex business-process-driven systems, contributing to protecting critical workflows such as manufacturing or logistics.

In such environments, attackers can exploit such faults and vulnerabilities to cause all kinds of harm such as direct financial losses or causing the production of safety or security critical products to stop. Overall, the project aims to develop automated techniques for assessing the risk of business process or workflows as well as finding and mitigating such attacks.

This is a unique opportunity for somebody wanting to use/apply formal methods to the security of large enterprise systems.

More information and application details can be found at:

• https://jobs.exeter.ac.uk/hrpr_webrecruitment/wrd/run/etrec179gf.open?WVID=171839ediw&LANG=USA&VACANCY_ID=386422ijTy

Application deadline is the 18th of April 2024. Please contact me for more details.

The AutoCHERI project will have a strong presence at the Embedded World Conference in Nuremberg, Germany. On the 10th of April 2024, there will be a presentation introducing the project, in particular emphasizing the importance of memory safety in the automotive sector. The following day, we will give a technical deep-dive into memory safety.

Memory corruption vulnerabilities are one of the most common software security vulnerabilities. While in many application areas, the use of memory-safe languages is possible, this is often not the case for embedded systems or low-level implementations such as operating systems or network stacks.

We will discuss traditional approaches such as fuzzing, runtime pointer tracking, and formal verification and compare them with a novel hard-ware based solution. The latter is currently implemented in the Morello processor.

The Morello processor is an experimental multicore, superscalar ARMv8-A processor, implemented as System-on-Chip that supported the Capability Hardware Enhanced RISC Instructions (CHERI) set. CHERI provides a fine-grained memory protection that allow historically memory-unsafe programming languages such as C and C++ to be adapted to provide strong, compatible, and efficient protection against many currently widely exploited vulnerabilities.

Want to learn more? Join us at Embedded World in Nuremberg.

We have an exciting opportunity for PhD study with myself and Prof. Burkhart Wolff from the Université Paris-Saclay on developing a formal semantics for Go(lang) in Isabelle/HOL.

This is part of a new ‘double PhD’ programme leading to a PhD award from the University of Exeter and the Université Paris-Saclay.

More information and application details can be found at:

• https://www.exeter.ac.uk/study/pg-research/funding/phdfunding/paris-saclay/
• https://adum.fr/as/ed/voirproposition.pl?site=adumR&matricule_prop=53822#version

Application deadline is the 31st of March 2024. Please contact us for more details.

Interval analysis (also called interval arithmetic) is a well known mathematical technique to analyze or mitigate rounding errors or measurement errors. Hence, it is somewhat surprising that it has not yet been formalized in widely used theorem provers.

With our work, we close this gap at least for Isabelle/HOL: we formalize extended interval analysis, including the concept of inclusion isotone (or inclusion isotonic) (extended) interval analysis. The main result is the formal proof that interval-splitting converges for Lipschitz-continuous interval isotone functions. From pragmatic perspective, we provide the datatypes and theory required for integrating interval analysis into other formalizations and applications. Your formalization is available as part of the Archive of Formal Proofs (AFP) [1].

A high-level description of the work has been accepted at the International Conference on Formal Methods in Software Engineering (FormaliSE 2024) [2]. In this paper, we also motivate applications of interval arithmetic in computer science, namely its (preliminary) integration into program verification.

References §

As a group, we are always happy to work with local groups and, for instance, supporting local events. Since several years, we are working closely together with they South West Cyber Security Cluster (SWCSC).

We are proud to help to bring BSides to Exeter in 2024. BSides Exeter will take place in 2024 on our lovely Streatham Campus. Join the BSides Exeter Discord to receive the latest updates.

Communication networks like the Internet form a large distributed system where a huge number of components run in parallel, such as security protocols and distributed web applications. For what concerns security, it is obviously infeasible to verify them all at once as one monolithic entity; rather, one has to verify individual components in isolation.

While many typical components like TLS have been studied intensively, there exists much less research on analyzing and ensuring the security of the composition of security protocols. This is a problem since the composition of systems that are secure in isolation can easily be insecure. The main goal of compositionality is thus a theorem of the form: given a set of components that are already proved secure in isolation and that satisfy a number of easy-to-check conditions, then also their parallel composition is secure. Said conditions should of course also be realistic in practice, or better yet, already be satisfied for many existing components. Another benefit of compositionality is that when one would like to exchange a component with another one, all that is needed is the proof that the new component is secure in isolation and satisfies the composition conditions—without having to re-prove anything about the other components.

In our recently paper [1] (which supersedes our conference paper [2]) that has been accepted in the ACM Transactions on Privacy and Security. In this paper, we present three contributions over previous work in parallel compositionality. First, we extend the compositionality paradigm to stateful systems: while previous approaches work only for simple protocols that only have a local session state, our result supports participants who maintain long-term databases that can be shared among several protocols. This includes a paradigm for declassification of shared secrets. This result is in fact so general that it also covers many forms of sequential composition as a special case of stateful parallel composition. Second, our compositionality result is formalized and proved in Isabelle/HOL, providing a strong correctness guarantee of our proofs. This also means that one can prove, without gaps, the security of an entire system in Isabelle/HOL, namely the security of components in isolation, the composition conditions, and thus derive the security of the entire system as an Isabelle theorem. For the components one can also make use of our tool PSPSP that can perform automatic proofs for many stateful protocols. Third, for the compositionality conditions we have also implemented an automated check procedure in Isabelle.

Want to learn more? Read our journal paper [1] or have a look at the formalization in Isabelle/HOL [3].

References §

I am looking forward to the Fun in the REPL in Bristol on the 1st of November 2023. This is part of the S-REPLS series.

As part of the meeting, I will give an introduction into Isabelle/HOL from the perspective of a functional programming enthusiast. In particular, I will introduce Isabelle/ML and its outstanding concept of anti-quotation that, for instance, provide a static strongly typed “bridge” between Isabelle/HOL and Isabelle/ML. Moreover, I will demonstrate Isabelle’s code generator that supports SML, Haskell, Scala, OCaml, and as a novelty developed by us: F#.

See you in Bristol!

I am happy to announce that Teddy Cameron-Burke will join the Software Assurance & Security Research Team as a PhD student.

Teddy got his BSc in Computer Science and Mathematics from the University of Exeter. In his BSc project, he formalized homomorphic encryption in Isabelle/HOL. Teddy will continue to work with Isabelle in his PhD project, focusing on developing novel verification approaches for domain-specific programming languages, e.g., for the development of cyber-physical systems.

Many congratulations to Sakine Yalman who passed her PhD viva with minor corrections!

Sakine’s PhD thesis [1] entitled “Improving Confidentiality Inter-Organizational Collaborations” presents a novel approach for improving the collaboration between organisations, for instance, within supply-chains while ensuring the confidentiality of data. During her PhD, Sakine published a first paper [2] and a further journal submission is already planned.

Well done Sakine and good luck in your future!!!

References §

Prof. Burkhart Wolff from the University Paris-Saclay will present our joint work on Isabelle/DOF as a keynote speaker at the International Conference on Rigorous State Based Methods (ABZ 2023).

Isabelle/DOF is an ontology framework on top of Isabelle. It allows for the formal development of ontologies as well as continuous conformity-checking of integrated documents annotated by ontological data. An integrated document may contain text, code, definitions, proofs, and user-programmed constructs supporting a wide range of formal methods. Isabelle/DOF is designed to leverage traceability in integrated documents by supporting navigation in Isabelle’s IDE as well as the document generation process.

The keynote will, in particular, address recent extensions of Isabelle/DOF with annotations of lambda-terms, a pervasive data-structure underlying Isabelle used to syntactically represent expressions and formulas. Rather than introducing an own programming language for meta-data, we use Higher-order Logic (HOL) for expressions, data-constraints, ontological invariants, and queries via code-generation and reflection. This allows both for powerful query languages and logical reasoning over ontologies in, for example, ontological mappings. Our application examples cover documents targeting formal certifications such as CENELEC 50128 or Common Criteria.

For more details, please have look at our paper that is part of the ABZ 2023 proceedings [1].

References §

From 8th of May to 8th of June, I will be staying at the University Paris-Saclay. I will be staying with the Laboratoire Méthodes Formelles (LMF), which kindly is hosting me.

During my visit, I will focus on existing collaborations with the group of Prof. Burkhart Wolff (e.g., the continued development of Isabelle/DOF) and I am also looking forward to meet new people. Please reach out to me, if you happen to be in Paris and want to meet.

As part of the 16th edition of Secure South West, we will present work we are doing as part of the AutoCHERI on applying Secure by Design principle to smart vehicles.

In particular, we will show the cybersecurity threats to modern connected vehicles and discuss how Capability Hardware Enhanced RISC Instructions (CHERI) can help. CHERI is a novel hardware extension that helps to prevent memory overflows, and also provides compartmentalization. These features promise to make smart vehicles more secure while saving costs.

Want to learn more? Join us, on the 16th of April 2023, at Secure South West in Exeter.

For the first time, we are hosting Secure South West on our lovely Streatham Campus in Exeter. Secure South West is organised by South West Cyber Security Cluster. This year, it focuses on Smart Systems Security.

Smart Systems bring sensor-based intelligence into connected places and the enterprise, helping make predictive decisions – its cognitive intelligence brought into our IT and business management systems. But this Operational Technology also brings new risks at both the societal and business levels. These systems are built differently, usually with cost and power priorities that create new challenges to securing both their sensor/actuator data flows and the IT systems they interface with. This event will explore all aspects of cyber security for those interested in, considering adopting or actively using these smart sensors and systems. We will cover policy and regulatory requirements, innovative cyber security techniques, skills, and the latest cybersec technology so that best practice can be shared into all these application areas, empowering smart systems developers and adopters to build safe and secure infrastructure.

Attendance is free, register here!

Feedforward neural networks are used very successfully in many applications areas, e.g., image recognition. Still, it is well known that neural networks are susceptible if small changes applied to their input result in misclassification. Situations in which such a slight input change, often hardly noticeable by a human expert, results in a misclassification are called adversarial attacks. Such attacks can be life-threatening if, for example, they occur in image classification systems used in autonomous cars or medical diagnosis.

Systems employing neural networks, e.g., for safety or security critical functionality, are a particular challenge for formal verification, which usually expects a program (e.g., given as source code in a programming language). Such a program does, per se, not exist for neural networks.

To address this challenge, we developed a formal embedding of feedforward neural networks into Isabelle/HOL, together with a discussion of properties that are desirable for neural networks in critical applications. Our Isabelle-based prototype can import neural networks trained in TensorFlow, and we demonstrate our approach using a neural network trained for the classification of digits.

We will present our work next week at the Formal Methods (FM 2023) conference in Lübeck, Germany.

References §

Usually, security protocols are not executed in isolation. Actually, manny different security protocols usually run in parallel. Still, while the security properties of many of these protocols, e.g., TLS, have been analyzed in great detail, much less research has been devoted to their parallel composition. And, it is far from self-evident that the parallel composition of secure protocols is still secure.

For example, different protocols may have a similar message structures of different meaning, so that an attacker may be able to abuse messages, or parts thereof, that they have learned in the context of one protocol, and use them in the context of another where the same structure has a different meaning. Thus, we have to exclude that the protocols in some sense “interfere” with each other. However, it is unreasonable to require that the developers of the different protocols have to work together and synchronize with each other. Similarly, we do not want to reason about the composition of several protocols as a whole, neither in manual nor automated verification. Instead, we want a set of sufficient conditions and a composition theorem of the form: every set of protocols that satisfies the conditions yields a secure composition, provided that each protocol is secure in isolation. The conditions should be realistic so that many existing protocols like TLS actually satisfy them, and they should be simple, in the sense that checking them is a static task that does not involve considering the reachable states.

In our recent paper [1] in the ACM Transactions on Privacy and Security, we present a formalization of stateful protocol composition in Isabelle/HOL, together with a formal verification approach also implemented in Isabelle/HOL. We extend the compositionality paradigm to stateful protocols, where participants may maintain a database (e.g., a list of valid public keys). Such databases do not necessarily grow monotonically during protocol execution—we allow, e.g., negative membership checks and deletion of elements from databases. Moreover, we allow databases to be shared between the protocols to be composed. For instance, in the example of public keys, there could be several protocols for registering, certifying, and revoking keys that all work on the same public-key database. Since such a shared database can potentially be exploited by the intruder to trigger harmful interference, an important part of our result is a clear coordination of the ways in which each protocol is allowed to access the database. This coordination is based on assumptions and guarantees on the transactions that involve the database. Moreover, this also allows us to support protocols with the declassification of long-term secrets (e.g., that the private key to a revoked public key may be learned by the intruder without breaking the security goals). The result is so general that it actually also covers many forms of sequential composition as a special case, since one can for instance model that one protocol inserts keys into a database of fresh session keys, and another protocol “consumes” and uses them. Our main contributions are:

1. We extend the compositionality paradigm to stateful protocols. In particular, our result supports participants who maintain long-term databases that can be shared among several protocols, and a paradigm for declassification of shared secrets. Our result is so general that it also covers various forms of sequential composition as a special case.
2. Our compositionality result is formalized and proved in the interactive theorem prover Isabelle/HOL, providing a strong correctness guarantee of our proofs. This means that one can prove the security of a composed protocol in Isabelle by proving the security of the components in isolation and checking the compositionality conditions, and thus derive the security of the composition as an Isabelle theorem.
3. We implemented checks for the compositionality conditions in Isabelle/HOL, so that they can be checked automatically.
4. We have connected the compositionality result to our tool PSPSP [2] that can perform automatic proofs for many stateful protocols in Isabelle. This extends PSPSP (for protocols supported by PSPSP) with a composable verification method.

All of our theory and proofs are published and maintained in the Archive of Formal Proofs (AFP) [2], [3]. The overall formalization is over 27000 lines of code (over 8000 more lines than the conference version) and took about 36 person months to develop.

References §

Universities in the UK (and the discussion in this post is based, and most likely limited to, the UK academic sector) accept students with a UG (BSc) degree into their PhD programs. Thus, students in the UK often wonder about the differences between doing a postgraduate taught degree and a postgraduate research degree. But also if you have already your MSc finished (or are close to finishing it) and are considering applying for a PhD programme, it will be useful to understand the differences in the application and selection process.

One of important difference between a taught program and a research program is that a research program is an individual programme: it is all about you (and your supervisor). In contrast, a taught program is mass event (the “mass” can be relatively small, i.e., cohort sizes of postgraduate taught programs are often in the medium double-digit range). This has consequences on selecting the right university (or research group) and strategies for making your application successful.

Taught Postgraduate Programs §

Let’s start with looking at Taught Postgraduate Programs. When applying for an MSc programme, you are often one of hundredths applicants and decision if your application is successful or not, is often taken by a dedicated admissions team, based on your marks in your undergraduate studies, checking that you satisfy the admission criteria. Only in exceptional cases, when, for instance, you want to replace certain requirements (e.g., an undergraduate degree that teaches programming) by job experience (e.g., if you worked as a software developer), your application is read carefully by an academic.

Of course, you want to study at a university with a good reputation. But, most importantly, you want to learn the topics that really motivate you and that build the basis for your envisioned career path. Hence, carefully check the description of the programmes you are applying for (and for the modules offered) to avoid disappointments. For example, not every programme that has ``cybersecurity’’ in its title, will cover those areas of cybersecurity that you are interested in. This will also help you, if you are considering a PhD after your MSc: PhD supervisors consider it an advantage, if they have already supervised the M.Sc. Research Project of a student. And, if the M.Sc. Research Project and your PhD topic are aligned, it gives you a head-start for your PhD.

Research Postgraduate Programs §

While, in the following, I am focusing on PhD programmes, similar consideration are valid for the much less common degree “MSc by Research” (a one-year MSc degree that is purely based on an individual research project). A postgraduate research program, as the name suggests, focuses on research. There are usually only a few taught modules (e.g., in the UK it is very common that research students need to complete a module on research methodology). Hence, both the application process and the PhD studies are centered around you, our research topic, and your relationship to your PhD supervisor. This observation should guide both the selection of the best suitable supervisor and the documents that your application process

If you want to do a PhD in a certain topic (and, if you want to do a PhD, you should have an idea, in which area you want to do it), look out for potential supervisors that are knowledge in your area of interest, e.g., they have published papers that are, broadly speaking, relevant to your PhD topic. For example, even though I am doing a lot of research in cybersecurity, there are many areas of cybersecurity, I am not supervising students on, because I lack the necessary expertise.

In your application, you should demonstrate that the expertise of your future supervisor is useful for your PhD topic. Ideally, your application refers to one or several papers written by the research group you are applying at. In a certain way, the reputation of the university is less important (compared to a taught programme). Rather, try to understand if your research topic and your personality fits well into the research area and supervisory style of your week/month: some supervisors meet their PhD candidates at least weekly, others future supervisor. For example, how many supervisory meetings are planned per only every other week or less often. Similarly, some supervisors are more involved in the actual research than others. What is best for you, depends on your personal needs and your research topic. Some topics require a closer supervision than others. If accepted, you will need to work with this supervisor for the next 3 to 5 years. Also, at the end of your PhD, your individual work will be assessed both by the PhD committee and by future employers (that will also look at your publications and your PhD thesis).

Numbers play an important role in our everyday life. And computers are known two work fast and efficiently with numbers, hence their name. Therefore, it might come as a surprise that numbers, as represented by modern computers, do not always behave as one expects.

For example, consider the simple computation of computing the sum of 0.1 and 0.2:

In [1]: 0.1+0.2
Out[1]: 0.30000000000000004

Which does not produce the expected result of 0.3. Also, there are numbers to which we can add one, and still yield the same number:

In [2]: 1e16+1 == 1e16
Out[2]: True

Both behaviors are due to the specific representation of floating point numbers using the IEEE-754 standard. These numbers are not, as many might assume, a faithful representation of mathematical reals: they are an approximation with a lot of corner cases that one needs to take care of when implementing safety of security critical software - or software, that just should be correct.

Ok, floating point numbers are difficult. But integers are much simpler and work as expected, right? Consider the following program, running on an imaginary 8-Bit Computer:

#include <stdio.h>
int main() {
      signed int x=70; // Let's assume 8-Bit integers, i.e.,  we
      signed int y=50; // can represent numbers between -128 and 127. 
  
      if (x + y > 0){
          printf("Hello World\n");
      }else{
          printf("Hello Universe\n");
      }
      return 0;
}

Assuming 8-Bit integers, the maximum positive number that can be represented is 255. Actually, 142+130 yields here -3, which shows the unexpected behavior that adding two positive numbers can result in a negative result.

These special cases can lead to functional errors as well as being the root cause of severe security vulnerabilities.

Will discuss these examples and others, and how they can result in security vulnerabilities in my talk at the Heise devSec conference that takes place from the 4th to 6th of October 2022 in Karlsruhe, Germany.

As part of their fourth year of their integrated Masters degree, our computer science students are working on a group software development project. This means a team of five to seven students (equating to an effort of 1500 to 2100 hours in total) develops a piece of software for a client. Which client? Maybe you!

The main goal of this software development project is to give our students the experience to work on a real software project for a real client. While in previous years, clients were members of the university, we are this year actively searching for clients from outside the university.

The student teams will be supervised by an academic from the computer science department. And, as a client (project owner), you will decide what the students will build. For this, you will be asked to regularly attend meetings with the student team to ensure that the final results satisfy your needs.

If you have an idea of a project, and are unsure if it is the right git, just contact us. We need your ideas until Friday, 23 September 2022 to allow the teams to start in October 2023 with their work. The students will aim for having a first prototype finished in early January 2023 and the handover of the final product should happen before Easter 2023.

For example, last year our students developed a social platform the economists for which further development has been taken on by an external software company or research prototypes for the Engineering Department.

JSON (JavaScript Object Notation) is common format for exchanging data. Thus, sometimes it would be handy to be able to “import” JSON-formatted data into Isabelle/HOL, e.g., as part of a datatype package (implemented in Isabelle/ML) for using the data as part of a system verification (in Isabelle/HOL).

Using our AFP entry “Nano JSON” [1] this is now easy. It provides both import and export of JSON-formatted data into Isabelle - both on the level of Isabelle/ML and Isabelle/HOL. Thus, it allows users of Isabelle/HOL to work with JSON-formatted data in Isabelle without needing to implement import or export functionalities in ML. At the same time, user that want to implement their own datatype package can use the Isabelle/ML API provided by AFP entry “Nano JSON”.

For example, assuming a simple JSON encoded data like

{
    "menu": {
        "id": "file",
        "value": "File",
        "popup": {
            "menuitem": [
                {"value": "New", "onclick": "CreateNewDoc()"},
                {"value": "Open", "onclick": "OpenDoc()"},
                {"value": "Close", "onclick": "CloseDoc()"}
            ]
        }  
    }, 
    "flag":true, 
    "number":42
}

stored in a file example.json, you can now import this data into Isabelle

JSON_file "example.json" defining example

and use it in a formal context, such as

lemma ‹([STR ''onclick''], STRING STR ''CreateNewDoc()'') ∈ set(nj_filter (STR ''onclick'') example_literal_literal)›
  by(normalization)

Alternative ways of importing JSON §

For short JSON-snippets, you can use an antiquotation:

lemma ‹y == JSON ‹{"name": true}› ›
  oops

Moreover, for you can also use a new Isar command that allows for inlining JSON into Isabelle theories:

JSON ‹
{
    "menu": {
        "id": "file",
        "value": "File",
        "popup": {
            "menuitem": [
                {"value": "New", "onclick": "CreateNewDoc()"},
                {"value": "Open", "onclick": "OpenDoc()"},
                {"value": "Close", "onclick": "CloseDoc()"}
            ]
        }  
    }, 
    "flag":true, 
    "number":42
}
› defining example04

Exporting JSON §

Exporting JSON is easy, assuming that the data has already been converted the HOL-representation of JSON provided:

JSON_export example file example

References §

Ever wondered how to verify smart contracts written in Solidy? Thanks to our deep embedding of Solidty into Isabelle/HOL, you can now start verifying smart contracts in Isabelle.

Our formalization is available in the Archive of Formal Proofs marmsoler.ea:isabelle-solidity:2022?, which can be easily added to Isabelle/HOL. If you want to read a more high-level description of the underlying work, read our conference papers on the topic [2].

References §

We are proud to announce the release of Isabelle/DOF 1.3.0. Isabelle/DOF is a Document Ontology Framework on top of Isabelle 2021-1. Isabelle/DOF allows for both conventional typesetting and formal development.

Changes §

The most important user-visible changes are:

• Isabelle/DOF is now a proper Isabelle component that should be installed using the isabelle components command. The installation script is now only a convenient way of installing the required AFP entries.
• The tool mkroot_DOF has been renamed to dof_mkroot (and reimplemented in Scala).
• The project-specific configuration is not part of the ROOT file, the formerly used isadof.cfg is obsolete and no longer supported.
• Removed explicit use of the document/build script in favor of reimplementing its functionality in Scala as an Isabelle/DOF specific document generator.

Migrating Existing Projects §

The following steps need to be executed to migrate existing projects from older version of Isabelle/DOF:

• If your ROOT file does not contain the option document_build = dof, add it.

• The script document/build should be removed and its entry in the ROOT file deleted.

• The configuration (i.e., which ontologies to use and which document template to use) needs to be upgraded. For example, if you document/isadof.cfg looks as follows:

  Template: scrreprt-modern
  Ontology: technical_report cenelec_50128

  The options of the corresponding ROOT file needs to be updated to include:

    dof_ontologies = "Isabelle_DOF.technical_report Isabelle_DOF.cenelec_50128", dof_template = "Isabelle_DOF.scrreprt-modern",

  Thereafter, the file document/isadof.cfg should be removed nd its entry in the ROOT file deleted.

Availability §

Isabelle/DOF 1.3.0 is available for Isabelle 2021-1:

• Isabelle/DOF 1.3.0 for Isabelle 2021-1

In our work “A Denotational Semantics of Solidity in Isabelle/HOL” [1] we presented a formal semantics for Solidity, the most common language for implementing smart contracts. Such a formal semantics one of the corner stones of developing a formal verification approach that, mathematically, can prove the absence of certain types of bugs (e.g., such as the Parity Wallet bug that made USD 280mil worth of Ether inaccessible).

But, of course, any verification can only be as good as the underlying semantics. So, how do we ensure that our formal semantics actually captures the behavior of Solidity faithfully? This is the question we answer in our latest paper [2] that will be presented at the International Conference on Tests and Proofs.

In our approach, we use grammar-based fuzzing, a technique that generates example programs from a formal grammar. Our goal is to ensure that our post-hoc developed formal semantics of Solidity complies to the real world system, i.e., our formalization should behave identical to the implementation. For ensuring this, we generate a test oracle from our formal specification, which allows us to check that executing a test case (generated by the grammar-based fuzzer) executed on the formal semantics yields the same result as executed on the Ethereum blockchain. Our main contributions are:

1. An approach extending a parse grammar for Solidity to ensure that a generic grammar-based fuzzer generates type correct Solidity programs, instead of generating syntactically correct, but often ill-typed, programs.
2. An approach for automatically deriving a test-oracle from a formal specification in Isabelle/HOL that allows to efficiently decide if a test case passes or fails and that allows to measure the test coverage in terms of statements and expressions of the target language usually based on an implicit test specification that informally can be described as “no crashes occur”.
3. A framework for testing the compliance of a formal semantics of Solidity in Isabelle/HOL to their execution on the Ethereum blockchain

Update: The formalization is now also available in the Archive of Formal Proofs marmsoler.ea:isabelle-solidity:2022?.

References §

A large part of an academic’s life is writing grant proposals that are submitted to funding agencies. One of the UK’s funding agencies that supports research in security, safety, and correctness of systems is EPSRC. EPSRC officially requires proposal to follow a certain layout, that is summarized on the EPSRC website as follows:

All attachments must be completed in single-spaced typescript in Arial 11 or other sans serif typeface of equivalent size, with margins of at least 2cm. Arial narrow and Calibri are not allowable font types.

Text in embedded diagrams or pictures, numerical formulae or references can be smaller, as long as it is legible. Text in tables and figure labels not within embedded diagrams or pictures should be at least 11 point.

We recommend that all attachments are uploaded into Je-S as Adobe Acrobat files (PDF) as uploading word documents can result in layout changes to the document. Also, as Je-S does not support all Microsoft Office Word font types, unsupported fonts will be replaced, possibly resulting in layout changes to the document.

On the one hand, this is a rather loosely specified layout. On the other hand, it is not that straight forward to implement using LaTeX. For example, font sizes in LaTeX are specified slightly differently: the well-known 11pt option sets the default font size to 10.95 TeX points (pt), which is 10.909 = 10.95 * 72/72.27 Postscript Points (bp). Hence, the font size needs to be scaled by a factor of 11/10.909.

The new LaTeX class epsrc aims for making proposal writing a little easier. To ensure the consistency of common configurations across the various documents that EPSRC requires, the class file uses a file epsrc.config that, if available, is shared across all documents. A minimal example is:

\author{Poor Researcher}
\projectitle[PGMM]{Please Give Me Money}

Otherwise, the class file is loaded as usual:

\documentclass{epsrc}

For more details, please see the example and documentation at https://git.logicalhacking.com/adbrucker/epsrc.

We are proud to announce the release of Isabelle/DOF 1.2.0. Isabelle/DOF is a novel Document Ontology Framework on top of Isabelle. Isabelle/DOF allows for both conventional typesetting and formal development.

Isabelle/DOF 1.2.0 is available for Isabelle 2021:

• Isabelle/DOF 1.2.0 for Isabelle 2021

Currently, the UK government pushes a concept called Digital Security by Design (DSbD) that focuses on utilizing novel hardware features to improve the security and trustworthiness of systems. Actually, Digital Security (and Privacy) by Design is a much broader concept focusing on security and privacy of systems right of systems right from the start of their development. And it also links to the - often misunderstood - concept of the Trusted Computing Base (TCB).

Want to learn more? Attend the Secure South West 15 on the 23rd March 2022. You can attend either online or in-person in Plymouth, UK. In my presentation, I will introduce the core guidelines for building systems that are secure and privacy aware “by Design”, putting a particular emphasis on the skills needed to understand and apply these concepts and while teaching those skills can be challenging.

As part of the launch of the UK’s new Cyber Security Strategy it has been announced that we are participants of a successful demonstrator project. The project is led by Beam Connectivity.

As part of this project, we will will investigate how the novel Digital Security by Design CHERI (a security enhanced processor instructions set for ARM and RISC-V processors) can be used to improve the security and safety of connected vehicles.

Expect more intersting news and updates in the future!

Several fully funded PhD scholarships for UK applicants are available in the Security and Trust of Advanced Systems Group (Prof. Achim Brucker and Dr. Diego Marmsoler) at the Department of Computer Science of the University of Exeter, UK.

We are looking for enthusiastic and outstanding Computer Science or Mathematics students with a strong background in at least one of the following topics:

• safety or security of (software) systems,
• formal modelling or formal reasoning/verification,
• program analysis or program verification,
• language-based security
• semantics of programming languages,
• theorem proving, model checking,
• cryptographic protocols,
• distributed systems (e.g., blockchain),
• specification-based testing, and
• design and implementation of security architectures.

This award provides annual funding to cover UK tuition fees and a tax-free stipend. For students who pay UK tuition fees the award will cover the tuition fees in full, plus at least £15,009 per year tax-free stipend. The studentship will be awarded on the basis of merit for 3.5 years of full-time study.

Interested candidates should contact the potential supervisors Prof. Achim Brucker or Dr. Diego Marmsoler to discuss their application.

For more details, please consult the official advertisements:

• Compositional Verification of Smart Contracts in Isabelle
• Formal Verification for Safety- or Security-Critical Systems
• Software Engineering for Security- or Safety-Critical Systems
• Open Call

The closing date for applications is midnight on the 24th of January 2022.

Smart contracts are programs, usually automating legal agreements such as financial transactions. Thus, bugs in smart contracts can lead to large financial losses. For example, an incorrectly initialized contract was the root cause of the Parity Wallet bug that made USD 280mil worth of Ether inaccessible. Ether is the cryptocurrency of the Ethereum blockchain that uses Solidity for expressing smart contracts.

In our SEFM paper [1], we address this problem by presenting an executable denotational semantics for Solidity in the interactive theorem prover Isabelle/HOL. This formal semantics builds the foundation of an interactive program verification environment for Solidity programs and allows for inspecting Solidity programs by (symbolic) execution. We combine the latter with grammar-based fuzzing to ensure that our formal semantics complies to the Solidity implementation on the Ethereum Blockchain. Finally, we demonstrate the formal verification of Solidity programs by two examples: constant folding and memory optimization.

The formalization and presented tools are available on Zenodo marmsoler.ea:zenodo-isolidity:2021?.

References §

The environmental impact of products is an important factor in buying decisions of customers, and it is also an increasing concern of lawmakers. Hence, companies are interested in determining the ecological footprint of their products. Life-cycle assessment (LCA) is a standardized method for computing the ecological footprint of a product.

Today, LCA is usually not computed in real-time and neither is LCA using actual sensor data: in contrast it is computed “offline” using “historic” values based on exemplary measurements. With the rise of the Internet of Things (IoT), LCA computations can be based on actual production processes. While an LCA based on actual sensor data is desirable from an ecological perspective, it also can reveal trade secrets, e.g., details about production processes or business relationships.

In our SPBP paper [1], we present an approach, using secure multi-party computation, to enable the confidential data sharing required for an LCA computation using sensor data.

Our prototype is available at https://git.logicalhacking.com/PrivacyPreservingLCA/ConfidentialLCA under an Apache license (SPDX-License-Identifier: Apache-2.0).

References §

I am happy to announce that Amy Stell will join the Software Assurance & Security Research Team as a PhD student.

Amy got her BSc in Computer Science from the University of Exeter. In her BSc project, she formalized neural networks in Isabelle/HOL, and she will continue to develop formal methods for improving the security, safety, and correctness of machine learning during her PHD studies.

In protocol verification we observe a wide spectrum from fully automated methods to interactive theorem proving with proof assistants like Isabelle/HOL. The latter provide overwhelmingly high assurance of the correctness, which automated methods often cannot: due to their complexity, bugs in such automated verification tools are likely and thus the risk of erroneously verifying a flawed protocol is non-negligible. There are a few works that try to combine advantages from both ends of the spectrum: a high degree of automation and assurance.

In our CSF paper [1], we present here a first step towards achieving this for a more challenging class of protocols, namely those that work with a mutable long- term state. To our knowledge this is the first approach that achieves fully automated verification of stateful protocols in an LCF-style theorem prover. The approach also includes a simple user-friendly transaction-based protocol specification language embedded into Isabelle, and can also leverage a number of existing results such as soundness of a typed model.

The formalization and the automated tool PSPSP [2] are available in the Archive of Formal Proofs.

References §

A warm welcome to Dr Avik Chakraborti. Avik is joining the Security and Trust of Advanced Systems Group at the Department of Computer Science of the University of Exeter as a Lecturer in Cyber Security.

Avik is a world-renowned expert in applied cryptography. Our students will already meet him after Easter, when he starts teaching, as part of your MSc Cyber Security Analytics, the module on Security Assessment and Validation.

We are proud to announce the release of Isabelle/DOF 1.1.0. Isabelle/DOF is a novel Document Ontology Framework on top of Isabelle. Isabelle/DOF allows for both conventional typesetting and formal development.

Isabelle/DOF 1.1.0 supports both Isabelle 2021 and Isabelle 2020:

• Isabelle/DOF 1.1.0 for Isabelle 2021
• Isabelle/DOF 1.1.0 for Isabelle 2020

In this post, Sakine explains her PhD research. This post has also been published on the Research and Innovation Blog of the University of Exeter.

Deciding My Research Focus §

With the convergence of technologies such as real-time analytics, machine learning, and embedded systems, the use of smart devices is increasing rapidly. Smart devices, such as smartwatches, smartphones, or home automation gadgets, are used in a wide range of areas from control systems, automation systems to healthcare systems.

As I am curious and sensitive about my confidential data, I do always wonder how data collected by smart devices is used and how companies producing these smart devices ensure the confidentiality, privacy, and security of this data.

As you may know, it is not possible to solve all problems that you have in your mind in just one PhD! Therefore, I am focusing on what excites me the most!

Being Caught Between Protecting Confidential Data and Addressing the Environmental Concerns of Consumers §

When I was reviewing literature, an interesting research article took my attention. It was including a subject that I knew nothing about called Life-Cycle Assessment (LCA).

As we can see in our daily lives, the environmental impact of products has become an increasingly important factor in buying decisions of customers, moreover, is also a growing concern of law makers. Hence, companies have an increased interest in determining the ecological footprint of their products. And LCA is a standardized method for computing the ecological footprint of a product. It evaluates the ecological sustainability of a product or service in a quantitative way, and its computation requires exhaustive and comprehensible information about industrial activities, from cradle to grave. This information can, e.g., include information about the production and delivery processes of partners within a supply chain. As this information can reveal the details of production processes that are often considered a trade secret, it is confidential. Moreover, collaborating actively within a supply chain can disclose business relationships, which can be confidential too!

So… After giving some background information, I would like to pose a question. If you were one of the companies placed in a supply chain, would you be interested in sharing your whole data or would you try to hide your confidential information?

Although companies are willing to determine the ecological footprint of their products, they are also concerned about how their confidential data is used in computations/operations and shared with the public or other competitive companies. As a result, security and confidentiality concerns are currently hindering both the collaboration within supply chains and precisely LCA.

What Do I Propose? §

With my work, I try to provide a good balance of data protection needs and the availability of data. My work should make it possible to analyse data while preserving privacy of data.

In the first year of my PhD, I developed a hierarchical method for confidential computations within a business network such as supply chains. I applied my method to LCA, which ensures the confidentiality of data (e.g., information about details of production processes) and meta-data (e.g., supplier-consumer relationships). In contrast to traditional LCA, in my approach, I decompose LCA into “levels” in a recursive way which enables us to apply secure multi-party computation (SMPC) in an efficient way in complex supply chains.

In my second year, I plan to extend my approach to focus on the formal privacy analysis of smart devices used in business networks.

Artificial Intelligence (AI) and machine learning (ML) seem to revolutionize all aspects of our life. Of course, this also is true for cybersecurity - at least if we believe the statements from vendors that want to sell their latest AI/ML-enhanced security product. But is this really true?

In my presentation at the Secure South West 14, I will briefly explain how ML/AI works, and I will discuss four different aspects of ML/AI in the context of security:

• ML/AI for defensive security (or: how can ML/AI be used for protecting systems and organizations),
• ML/AI for offensive security (or: how threat actors might use ML/AI for attacking systems and organizations),
• Security and safety of ML/AI (or: can we actually trust ML/AI, can we use it to build systems that our life depends on?), and
• Challenges of ML/AI (or: challenges that systems relying on ML/AI face, and that not everybody likes to talk about).

Want to learn more? Attend the Secure South West 14 on the 17th of March 2021. Given the current circumstances, the event will be online and is free to attend.

Modern systems, ranging from (smart) IoT devices to enterprise software applications, are rarely developed “on the green field”: modern developers are “composers” that build systems by combining existing solutions with own developments. It is not uncommon that the final product consists of up to 90% of third-party components.

On the one hand, these projects speed up the development. On the other hand, their use requires trust and care: with a few lines of code in an installation script, your development system can be powned or a small vulnerability in a dependency can be the root cause of one of the largest data leaks of the last years.

Want to learn more? Attend the CIISec Masterclass on the 17th February 2021. In this masterclass, I will discuss, using real world examples, the security threats of using software dependencies carelessly and provide recommendations that help to minimize this risk.

In March, Michael passed successful his PhD viva. Now, his PhD thesis is available online [1]. The thesis investigates one of the cornerstones of modern software development that enables the creation of sophisticated software systems: the concept of reusable software components for web applications.

The abstract of the thesis entitled “Formal Foundations for Provably Safe Web Components” reads in its entirety:

One of the cornerstones of modern software development that enables the creation of sophisticated software systems is the concept of reusable software components. E Especially the fast-paced and business-driven web ecosystem is in need of a robust and safe way of reusing components. As it stands, however, the concepts and functions needed to create web components are spread out, immature, and not clearly defined, leaving much room for misunderstandings. To improve the situation, we need to look at the core of web browsers: the Document Object Model (DOM). It represents the state of a website with which users and client-side code (JavaScript) interact. Being in this central position makes the DOM the most central and critical part of a web browser with respect to safety and security, so we need to understand exactly what it does and which guarantees it provides. A well- established approach for this kind of highly critical system is to apply formal methods to mathematically prove certain properties. In this thesis, we provide a formal analysis of web components based on shadow roots, highlight their short-comings by proving them unsafe in many circumstances, and propose suggestions to provably improve their safety. In more detail, we build a formalisation of the Core DOM in Isabelle/HOL into which we introduce shadow roots. Then, we extract novel properties and invariants that improve the often implicit assumptions of the standard. We show that the model complies to the standard by symbolically evaluating all relevant test cases from the official compliance suite successfully on our model. We introduce novel definitions of web components and their safety and classify the most important DOM API accordingly, by which we uncover surprising behavior and shortcomings. Finally, we propose changes to the DOM standard by altering our model and proving that the safety of many DOM API methods improves while leading to a less ambiguous API.

Parts of the PhD thesis [1] have been published in international conferences [2], [3]. Moreover, the formalization is available in the Archive of Formal Proofs:

• The standard compliant formalization is contained in the following three entries:
  • A Formal Model of the Document Object Model [4]
  • A Formalization of Web Components [5]
  • A Formal Model of the Document Object Model with Shadow Roots [6]
• The improved version of the DOM that is safely composable is formalized in the following three entries:
  • The Safely Composable DOM [7]
  • A Formal Model of the Safely Composable Document Object Model with Shadow Roots [8]
  • A Formalization of Safely Composable Web Components [9]

References §

Wondering with video conference software to use? There are plenty of options available, but not all of them are equally privacy-friendly.

We helped the South West Cyber Security Cluster (SWCSC) to create a selector that helps you to select the best video conferencing tool for your business based on features and a cybersecurity and privacy assessments by the SWCSC.

Just use the `text filters’ to narrow the list to meet your needs. Read the column header notes (hover over and click) to understand the basis of each assessment. Access the selector.

In addition to selecting a secure and privacy-friendly video conferencing tool, you might also want to establish a few best practices, e.g.:

• Do not publish screenshots of your meetings, they
  • might reveal meeting ids or passwords
  • violate the privacy of the participants (if you want to publish a screenshot showing participants, ask for permission)
• Do protect your meetings with a password and/or a lobby (and check whom you do admit)
• Do not host public meetings using your personal (private) meeting room
• You might want to blur or hide your background, if you use a camera
• Only the presenter(s) should be able to share screens and/or take over control of the meeting (admitting people, etc.)

Model transformations play a central role in model-driven software development. Hence, logical unsafe model transformation can result in erroneous systems. Still, most model transformations are written in languages that do not provide built-in safeness guarantees.

We present a new technique to construct tool support for domain-specific languages (DSLs) inside the interactive theorem prover environment Isabelle. Our approach is based on modeling the DSL formally in higher-order logic (HOL), modeling the API of Isabelle inside it, and defining the transformation between these two. Reflection via the powerful code generators yields code that can be integrated as extension into Isabelle and its user interface. Moreover, we use code generation to produce tactic code which is bound to appropriate command-level syntax.

In our JOT paper [1], we present an approach that ensures the logical safeness (conservativity) of the theorem prover extension and, thus, provides a certified tool for the DSL in all aspects: the deductive capacities of theorem prover, code generation, and IDE support. We demonstrate our approach by extending Isabelle/HOL with support for UML/OCL and, more generally, providing support for a formal object-oriented modeling method.

The underlying formalization [2] is available in the Archive of Formal Proofs.

References §

For the first time, we are welcoming students in our brand-new MSc Cyber Security Analytics degree. In the taught modules, the students will improve their skills in cyber security, data analytics, and machine learning.

In their research project, the students will refine their skills by applying their newly acquired knowledge to a project in the intersection of data science and cyber security. This could, e.g., a project using data science techniques for analyzing a security problem or analyzing the security of data science or machine learning techniques.

The current pandemic has forced many businesses into a very sudden and far-reaching adaption of digital technologies to facilitate remote working. This change looks as though it is here to stay.

We are seeing an increasing number of criminal activities that try to take advantage of both the large number of novice remote works and the general uncertainties that the current situation brings.

Consequently, many businesses are faced with the question: what is the weakest link in our cyber defense that we need to strengthen? Many of us will be reminded of the catchphrase “humans are the weakest link in cybersecurity”. But is this really a good picture that should guide our actions?

The problem with this picture is that it makes it too easy to blame users: we trained our staff not to click on links in emails and still, they are doing it. Actually, the picture hinders us to ask two important questions: first, how can we improve our processes so that users do not have to click on links and, second, how can we build a system for which clicking on links is secure and safe.

A better picture might be a swing with two chains: we need to keep both chains strong and in good shape, so that our children enjoy using a swing that keeps them safe. Translating this picture to cybersecurity means that we need to address the weak links in our “social chain” and our “technical chain”. Moreover, we need to bring both together processes and IT systems that are easy to use and support the tasks the users need to fulfil in their role. We need to develop systems that are safe and secure by design, that are easy to use and maintain. This, together with supporting and educating users will minimize the risk of becoming a victim of criminal cyber activities.

Stay safe and secure and keep your knowledge, skills and technical systems up-to-date.

Note: This post has also been published on the Research & Innovation Blog of the University of Exeter and in the South West Business Insider.

The environmental impact of products becomes an increasingly important factor in buying decisions of customers, moreover, is also a growing concern of lawmakers. Hence, companies have an increased interest in determining the ecological footprint of their products. A standardized method for computing the ecological footprint of a product is life-cycle assessment (LCA).

Life Cycle Assessment (LCA) is a technique that evaluates the ecological sustainability of a product or service in a quantitative way. LCA requires exhaustive and comprehensible information about industrial activities to make an accurate evaluation. LCA relies on a variety of data about the production and delivery processes of the partners within a supply chain. As this data can reveal, e.g., trade secrets, it is often classified as confidential. Moreover, the collaborations within a supply chain can reveal business relationships within a supply chain, which can be confidential in themselves. As a result, security and confidentially concerns are currently hindering both the collaboration within supply chains and the timely and precise LCA.

On the 9th of June 2020, Sakine gave her first presentation at the NeGIS 2020 Workshops. In her presentation, she presented an approach for LCA that ensures the confidentiality of data (e.g., information about details of production processes) and meta-data (e.g., supplier-consumer relationships). One of the core ideas is the decomposition of LCA into “levels”, which allows for applying secure multi-party computation (SMPC) efficiently, enabling close-to real time LCA in complex supply chains.

Supplementary Material §

• Video

Every day, you work with Isabelle, you likely learn a new trick. Sadly, you will also have forgotten as quickly as you learned them. To make it easier to rediscover them, and also to make it easier to port them across different versions of Isabelle, we build a collection of “hacks”.

These “hacks” provide additional functionality to Isabelle or showcase specific functionality. Each individual hack usually consists out of a single theory file and all documentation is contained in that theory file The plan is to keep the main branch working with the most current release of Isabelle, and to provide tags for older Isabelle releases. The hacks are available at: https://git.logicalhacking.com/adbrucker/isabelle-hacks. Currently, the following hacks are included:

• Assert.thy provides a new top level command assert that provides a simple way for specifying assertions that Isabelle checks while processing a theory.
• Hiding_Type_Variables.thy provides print a setup for defining default type variables of type constructors. The default type variables can be hidden in output, e.g., ('a, 'b, 'c) foo is shown as (_) foo. This shorthand notation can also be used in input (using a parse translation), which (sometimes) helps to focus on the important parts of complex type declarations.
• Nano_JSON.thy provides support for a JSON-like data exchange for Isabelle/HOL.
• Code_Reflection.thy provides a new top-level command for reflecting generated SML code into Isabelle’s ML environment.

New hacks will be added regularly.

If not otherwise stated, all hacks are licensed under a 2-clause BSD-style license, i.e., the license used for Isabelle itself and for most of the entries in the Archive of Formal Proofs.

Two fully funded PhD scholarships for EU/UK applicants are available in the Security and Trust of Advanced Systems Group (Prof Achim Brucker or Dr Diego Marmsoler) at the Department of Computer Science of the University of Exeter, UK.

We are looking for enthusiastic and outstanding Computer Science or Mathematics students with a strong background in some of the following topics:

• safety or security of (software) systems,
• formal modelling or formal reasoning/verification,
• program analysis or program verification,
• language-based security
• semantics of programming languages,
• theorem proving, model checking,
• cryptographic protocols,
• distributed systems (e.g., blockchain),
• specification-based testing, and
• design and implementation of security architectures.

This award provides annual funding to cover UK/EU tuition fees and a tax-free stipend. For students who pay UK/EU tuition fees the award will cover the tuition fees in full, plus at least £15,009 per year tax-free stipend. The studentship will be awarded on the basis of merit for 3.5 years of full-time study.

For more details, please consult the official advertisement.

The closing date for applications is midnight on 1 May 2020. Project-specific queries should be directed to the supervisors, Prof Achim Brucker or Dr Diego Marmsoler.

As part of the expansion of the Department of Computer Science at the University of Exeter, we are recruiting for a Lecturer in Cybersecurity. The lecturer will be part of the newly formed Security and Trust of Advanced Systems Group.

We are looking for a candidate with an outstanding research record in any area related to cybersecurity (information security) such as (but not limited to):

• access control
• usable security
• software/application security
• formal methods for security
• language-based security/privacy
• secure programming
• information flow
• security protocols
• network security
• security of distributes systems
• human aspects of security
• hardware security
• security economics
• security-by-design
• applied cryptography
• privacy-enhancing technologies
• threat hunting, security analytics
• threat modelling
• forensics, reverse engineering
• trustworthy AI/ML
• security/penetration testing

You will have a PhD or equivalent in Cybersecurity, Computer Science, Mathematics, Engineering or a related area. Please refer to the job description for full details.

We understand security and safety entangled concepts: in most modern systems one cannot be achieved without the other. Hence, we encourage also candidates working in related domains such as safety, dependability, resilience, or reliability to apply.

Please apply by 8th of April 2020! See the [full announcement](https://jobs.exeter.ac.uk/hrpr_webrecruitment/wrd/run/ETREC107GF.open?VACANCY_ID=803965SHQd&WVID=381759 1jNg&LANG=USA) for all details.

Many congratulations to Michael Herzberg who passed his PhD viva with minor corrections!

Michael’s PhD thesis entitled “Formal Foundations for Provably Safe Web Components” presents a formally verified proposal for improving web components. During his PhD, Michael published three conference publications [1]–[3].

Well done Michael and good luck in your future!!!

References §

Both the home/personal online offerings of Microsoft Outlook (e.g., Outlook.com, Office 365 Home, or Office 365 Personal) and the professional Office 365 offerings (e.g., as part of Office 365 Advanced Threat Detection) might rewrite links in received emails with the goal of protecting users against certain threats (e.g., phishing).

For various reasons, one might to rewrite these “safelinks” back into their original form.

The script unsantize-safelinks does exactly this. This can, for example, be used for displaying mails nicely in mutt or other text-based mail programs. In your “.muttrc” you need to add/edit the following configuration:

set display_filter="unsanitize-safelinks"

If you want to also rewrite the links when using tools such as urlscan, use:

macro index,pager \cb "<pipe-message> unsanitize-safelinks| urlscan<Enter>"

And the following trick rewrites the links prior to editing a message (e.g., when replying):

set editor ="unsanitize-safelinks -i %s && $EDITOR %s"

Finally, if links should be rewritten when viewing the HTML-part, you need to edit your .mailcap entry for type text/html:

text/html; unsanitize-safelinks -i --html %s && /usr/bin/sensible-browser %s; description=HTML Text; nametemplate=%s.html

Availability §

The project is licensed under a 2-clause BSD license and available at: https://git.logicalhacking.com/adbrucker/unsanitize-safelinks.

A warm welcome to Dr Diego Marmsoler. Diego is joining the Security and Trust of Advanced Systems Group at the Department of Computer Science of the University of Exeter as a Lecturer in Cyber Security.

Diego is a world-renowned expert on formal methods. Our students will already meet him next week, when he starts teaching our module on Web Development.

After a successful 19th edition of the International Workshop on OCL and Textual Modeling in Munich the proceedings are now available online, as Volume 2513 of the CEUR Workshop Proceedings.

The proceedings also include a summary of the discussion of the expert panel and lightning talk session [1], in which three experts on OCL and textual modelling presented their ongoing works.

References §

A common problem in the certification of highly safety or security critical systems is the consistency of the certification documentation in general and, in particular, the linking between semiformal and formal content of the certification documentation.

We address this problem by using an existing framework, Isabelle/DOF, that allows writing certification documents with consistency guarantees, in both, the semiformal and formal parts. Isabelle/DOF supports the modeling of document ontologies using a strongly typed ontology definition language. An ontology is then enforced inside documents including formal parts, e.g., system models, verification proofs, code, tests and validations of corner-cases. The entire set of documents is checked within Isabelle/HOL, which includes the definition of ontologies and the editing of integrated documents based on them. This process is supported by an IDE that provides continuous checking of the document consistency.

In our iFM paper [1], we present how a specific software-engineering certification standard, namely CENELEC 50128, can be modeled inside Isabelle/DOF. Based on an ontology covering a substantial part of this standard, we present how Isabelle/DOF can be applied to a certification case-study in the railway domain.

References §

The trend towards ever more complex client-side web applications is unstoppable. Compared to traditional software development, client-side web development lacks a well-established component model, i.e., a method for easily and safely reusing already developed functionality. To address this issue, the web community started to adopt shadow trees as part of the Document Object Model (DOM). Shadow trees allow developers to “partition” a DOM instance into parts that should be safely separated, e.g., code modifying one part should not unintentionally affect other parts of the DOM.

While shadow trees provide the technical basis for defining web components, the DOM standard neither defines the concept of web components nor specifies the safety properties that web components should guarantee. Consequently, the standard also does not discuss how or even if the methods for modifying the DOM respect component boundaries.

In our FACS paper [1], we present a formally verified model of web components and define safety properties which ensure that different web components can only interact with each other using well-defined interfaces. Moreover, our verification of the application programming interface (API) of the DOM revealed numerous invariants that implementations of the DOM API need to preserve to ensure the integrity of components.

References §

Software is changing the marine world both by providing new functionality and opportunities and by replacing mechanical controls by software-based systems. In this session, we will look at the security risk of interconnected software systems in general, discuss lessons learned in other sectors, and explore what makes cybersecurity for the marine sector special.

Want to learn more? Visit the Marine and Maritime Cyber Security event in Plymouth.

DOF is a novel framework for defining ontologies and en- forcing them during document development and document evolution. A major goal of DOF is the integrated development of formal certification documents (e.g., for Common Criteria or CENELEC 50128) that require consistency across both formal and informal arguments.

To support a consistent development of formal and informal parts of a document, we provide Isabelle/DOF, an implementation of DOF on top of Isabelle/HOL. Isabelle/DOF is integrated into Isabelle’s IDE, which allows for smooth ontology development as well as immediate ontological feedback during the editing of a document.

In our SEFM paper [1], we give an in-depth presentation of the design concepts of DOF’s Ontology Definition Language (ODL) and key aspects of the technology of its implementation. Isabelle/DOF is the first ontology language supporting machine-checked links between the formal and informal parts in an LCF-style interactive theorem proving environment. Sufficiently annotated, large documents can easily be developed collaboratively, while ensuring their consistency, and the impact of changes (in the formal and the semiformal content) is tracked automatically.

References §

Models are an important way of understanding software systems. If they do not already exist, then we need to infer them from system behaviour. Most current approaches infer classical FSM models that do not consider data, thus limiting applicability. EFSMs provide a way to concisely model systems with an internal state but existing inference techniques either do not infer models which allow outputs to be computed from inputs, or rely heavily on comprehensive white-box traces that reveal the internal program state, which are often unavailable.

In our SEFM paper [1], we present an approach for inferring EFSM models, including functions that modify the internal state. Our technique uses black- box traces which only contain information visible to an external observer of the system. We implemented our approach as a prototype.

References §

Today, Software is rarely developed “on the green field”: software developers are “composers” that build new system by combining existing solutions. Custom code is, in many development projects, a curiosity.

As a result, modern software depends on numerous third-party projects, which, sometimes, are as small as three lines of code or as large as several millions lines of code. On the one hand, these projects speed up the development. On the other hand, their use requires trust and care: with a few lines of code in an installation script, your development system can be attacked or a small vulnerability in a dependency can be the root cause of one of the largest data leaks of the last years.

Want to learn more? Attend my keynote at the International Workshop on Secure Software Engineering (SSE 2019). In my keynote, I will argue that the mature tools and techniques for developing secure software do not work well in an environment where software is composed instead of developed. By using real world examples of third-party components, I will make the case that research in secure software engineering needs to re-prioritize topics to be fit for a world of software composition.

More and more devices of our daily life are ``smart:’’ ranging from smart light bulbs to smart TVs to smart fridges – everything can, and most likely will be, in the future connected to the Internet. More and more people are already used to remotely controlling their heating at home using their smartphone.

Want to learn more? Visit the TechExeter Conference on the 11th September 2019! I will, using smart home automation as an example, explain simple techniques for hacking (not so) smart devices.

After the presentation, you should

• understand the amount of systems that power a small smart device,
• understand basic hacking techniques for smart devices, and
• understand several security flaws that occur in IoT devices.

We are proud to announce the first public release of Isabelle/DOF. Isabelle/DOF is a Document Ontology Framework (DOF) allowing annotating text elements in formal developments with structured, typed meta-information. Developers can define this meta-information according to their needs, e.g., to enable semantic queries (in the sense of semantic web), tool interaction, or document generation.

Currently, Isabelle/DOF focuses on the generation of documents with formal and semi-formal or informal content. While Isabelle/DOF is developed on top of Isabelle/HOL, its users are not necessarily Isabelle users: Isabelle/DOF aims at authors of any type of documents involving formal content or formal structure. Possible application areas are, e.g., mathematical papers, or documents with certification processes.

Isabelle/DOF can be downloaded from its website: https://git.logicalhacking.com/Isabelle_DOF/Isabelle_DOF/ Alternatively, a Docker image is available that allows to directly start Isabelle/DOF (this requires a host operating system with an X-Sever):

docker run -ti --rm -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix \
           logicalhacking/isabelle_dof-1.0.0_isabelle2019 isabelle jedit

As the Isabelle/DOF installation requires applying a small patch to Isabelle itself, the Docker image is helpful for users that want to avoid modifying Isabelle itself.

The Isabelle/DOF distribution contains the Isabelle/DOF: User and Implementation Manual and the system is also described in [1] and [2]. The manual and [2] are written using Isabelle/DOF.

Supplementary Material §

• Isabelle/DOF Website: https://git.logicalhacking.com/Isabelle_DOF/Isabelle_DOF/
• Isabelle_DOF-1.0.0_Isabelle2019.pdf
• Isabelle_DOF-1.0.0_Isabelle2019.tar.xz
• Isabelle_DOF-1.0.0_Isabelle2019.tar.xz.asc

References §

After three and a half years in Sheffield, it is, again, time for new challenges. After starting the security group in Sheffield by both making the business case for a security group and being its first member, I am doing it again: I am building a new Cybersecurity Group in Exeter: This time as Professor and Head of Group.

Today, I am starting a “new life” as Full Professor (Chair for Cybersecurity) and Head of Group Cybersecurity Group (in creation) at the Computer Science Department at the University of Exeter (and, yes, there is a outdoor swimming pool next to my new office).

Personally, I plan to continue my research in both a deep understanding of theory and practice and, thus, being able to bridge the gap between theory and practice as well as between industry and academia. My team will continue to work on all kinds of aspects of developing secure, reliable, and resilient software (and hardware) systems.

On a wider perspective, the Cybersecurity Group will include several lecturer positions (the first offer has already been made, and the next call for applications will be out soon). The team will grow fast and support the already excellent and world-leading computer science department in Exeter with their security expertise in research and education.

Having worked for eight years in the global security team of SAP SE, I have a strong understanding of industrial needs and strengths. I am looking forward not only to collaborate with my new colleagues at the university, I am also looking forward to all kinds of collaborations with local industry in Devon, Cornwall, and elsewhere.

Let’s stay in touch and I am looking forward to collaborations opportunities with all of you – regardless if you are working in industry or academia and regardless if we already worked together or not!

As every year, the submission deadline for the International Workshop on OCL and Textual Modeling is approaching fast. Get ready now and prepare your paper(s): the Call for Paper is already published.

This is already the 19th edition of the workshop. As last year, the workshop will be co-located with the MODELS taking place in Munich, Germany.

See you in Munich!

Software vendors that consume thousands of Free and Open Source Software (FOSS) components and offer more than a decade of support and security fixes are expected to react quickly on disclosed vulnerabilities—in some case such as Heartbleed, within hours.

This seems to be infeasible, in particular given that software vendors need to know rather precisely, if their product is affected by a vulnerability in a third party component or not: if they are not affected, they want to be able to re-assure their customers that they are not affected as well. If they are affected, they want to be able to fix the security vulnerability quickly and with the least possible impact on existing functionality (and the least effort for both the software vendor and its customers). So, how can we solve this problem?

For helping software vendors, we propose a screening test: a novel, automatic method based on thin slicing, for estimating quickly whether a given vulnerability is present in a consumed FOSS component by looking across its entire repository.

Our screening test scales to large open source projects (e.g., Apache Tomcat, Spring Framework, etc.), scanning thousands of commits and several hundred thousand lines of code in minutes. Further, we provide insights on the empirical probability that, on 166 FOSS projects, a potentially vulnerable component might not actually be vulnerable after all.

Sounds too good to be true? Indeed, our approach is not aimed at replacing traditional static analysis methods that are based on precise but costly semantic analysis (e.g., symbolic execution). Instead, we aim for a fast alternative that deliberately trades accuracy for speed. Its application by our industry partner is not intended to replace traditional static analysis but to prioritize its application to versions most at risk.

Want to know more and attending ICSE? You are lucky, we will present this work at ICSE 2019 in the “Journal First” category. If you are not attending ICSE, do not worry, you can look up all the details in our TSE paper [1].

Updates:

• The paper was selected as one of the Highlights from ICSE 2019.
• The implementation is available at: https://git.logicalhacking.com/FLOSS-Security/foss-vuln-tracker.

References §

Do you want to join a world-class computer science department and help us to establishment of an information and computer security research group? Then now is the right time to apply.

The Department Of Computer Science of the University of Exeter is currently hiring for a new cybersecurity group. The new lecturer will join a growing department and will contribute to a new research focus in cybersecurity.

This is a unique opportunity to join a new cybersecurity group as founding member and to influence its future development.

Application in all areas of cybersecurity are welcome, and we are particularly encouraging people working in the intersection of security and formal aspects (e.g., formal methods, verification, type systems, programming languages, logic) to apply. Please apply by 4th of April 2019!

I am happy to announce that Sakine Yalman will join the Software Assurance & Security Research Team as a PhD student.

Sakine got her MSc in Advanced Computer Science from The University of Sheffield. In her MSc thesis, she developed a static analysis tool for smart contracts for the Ethereum blockchain. In her PhD studies, she will focus on security and privacy aspects of cloud and edge computing.

Why formalize (e.g., developing a formal semantics) an existing standard (e.g., as we did with our formalization of the DOM standard)? Of course, there are obvious benefits such as identifying glitches or areas of (unwanted) under-specification, but what are the wider benefits?

Actually, the most important question that needs to be answered is: what is the relation between the formalization of a standard, the official standard, and implementations that claim to conform to the standard. If there is not a strong link between the formalization between all three artifacts, formal proofs based on the formal specification are only of limited value. This is true regardless if the formalization has been developed in a post-hoc reverse-engineering fashion or is part of the official standard.

Actually, most popular technologies are only specified by standards using a semi-formal or, worse, an informal notation. Moreover, the tools used for writing standards only support, if at all, trivial consistency checks. Thus, it is no surprise that such standards usually contain inconsistencies (e.g., different sections of the same standard that contradict each other) or unwanted under-specifications (e.g., where the authors of the standard omit the specification of important properties that the defined API should fulfill).

Even if a standard is developed formally, or contains a (often non-normative) formalization, two important questions arise:

1. to what extent does the formal model comply with the semi-formal parts of the standard, and
2. to what extent does an actual implementation comply with the formal model?

If the formal model was used for verifying properties, one also needs to validate that the real system fulfills the assumptions made during the verification.

Luckily, for many industrial standards, it is common that the standard includes a compliance-test suite, which gives a first hint how to improve the situation: if the formalization is executable, we can execute the test cases on the formal specification to check that the specification complies to the test suite. But can we do more?

Yes, we can. The following figure shows how we can use test and proof (verification) techniques for establishing strong links between formal standards, compliance test suites, and implementations.

In more detail, we can

• use the existing compliance test suite to check that a formalization satisfies the requirements expressed as tests. As compliance testing is usually the way how implementation show that they comply to a standard, this should give us the same guarantees for the formalization.
• use the formalization to analyze the consistency of the standard as well as prove important correctness, safety, or security properties. If our implementation adheres to the standard and fulfills a comprehensive compliance test suite, this should give us a strong guarantee that compliant implementation fulfill these properties as well.
• use the formalization to generate test cased (e.g., using specification-based or model-based test case generation techniques). This will allow us to improve the coverage of the compliance test suite, e.g., by including tests for properties that have been identified during the formal verification of the formal specification.

This approach shows that not only go test and verification hand-in-hand, it also shows that a formalization of a standard can contribute to improving the informal parts of a standard, such as the compliance test suite.

If you are interested in more detail, please have a look at our TAP paper [1], where we report on applying some of these ideas to our formalization of the DOM standard [2].

References §

At its core, the Document Object Model (DOM) defines a tree-like data structure for representing documents in general and HTML documents in particular. It is the heart of any modern web browser. Formalizing the key concepts of the DOM is a prerequisite for the formal reasoning over client-side JavaScript programs and for the analysis of security concepts in modern web browsers.

As a first step towards a verified client-side web application stack, we model and formally verify the Document Object Model (DOM) in Isabelle/HOL. The Document Object Model (DOM) is the central data structure of all modern web browsers. At its core, the DOM defines a tree-like data structure for representing documents in general and HTML documents in particular. Thus, the correctness of a DOM implementation is crucial for ensuring that a web browser displays web pages correctly. Moreover, the DOM is the core data structure underlying client-side JavaScript programs, i.e, client-side JavaScript programs are mostly programs that read, write, and update the DOM.

We formalize the DOM as a shallow embedding in Isabelle/HOL using a typed data model for the node-tree. Furthermore, we formalize a typed heap for storing (partial) node-trees together with the necessary consistency constraints. Finally, we formalize the operations on this heap that allow manipulating node-trees.

For example, the HOL definitions of \(\text{adopt_node}\), i.e. the method that removes a node from its previous parent, if it had any, and assigns it to the new \(\text{ownerDocument}\), looks as follows: \[ \begin{array}{l} \color{blue}{\textbf{definition}}~\text{adopt_node}~::~\\ ~~~~\_~\text{document_ptr}_\text{Core_DOM}~\Rightarrow~\_~\text{node_ptr}_\text{Core_DOM}~\Rightarrow~\_~\text{dom_prog}\\ ~~\textbf{where}\\ ~~~~\text{adopt_node}~document~node~=~\text{do}~\{~\\ ~~~~~~parent\_opt~\leftarrow~\text{get_parent}~node;~\\ ~~~~~~(\text{case}~parent\_opt~\text{of}~\\ ~~~~~~~~\text{Some}~parent~\Rightarrow~\text{remove_child}~parent~node~\\ ~~~~~~|~\text{None}~\Rightarrow~\text{do}~\{~\\ ~~~~~~~~~~old\_document~\leftarrow~\text{get_owner_document}~(\text{cast}~node);~\\ ~~~~~~~~~~\text{remove_from_disconnected_nodes}~old\_document~node\\ ~~~~~~~~\});~\\ ~~~~~~\text{add_to_disconnected_nodes}~document~node~\\ ~~~~~\}~ \end{array} \] First, \(\text{adopt_node}\) tries to retrieve the parent of the node to be adopted. If the node has a parent node, it removes the node from the children list, otherwise it removes it from the list of disconnected nodes of the previous owner document. Finally, the node is now added to the disconnected nodes of the new document.

We can now formally prove important properties of \(\text{adopt_node}\) such as \[ \begin{array}{l} \color{blue}{\textbf{lemma}}~\text{adopt_node_children_remain_distinct}:\\ ~~\textbf{assumes}~\text{wellformed}:~\text{heap_is_wellformed}~h\\ ~~~~\textbf{and}~\text{parent_known}:~\And~parent.\\ ~~~~~~h~\vdash~\text{get_parent}~node\_ptr~\rightarrow_r~\text{Some}~parent\\ ~~~~~~\Longrightarrow~\text{is_known_ptr}_\text{Core_DOM}~parent\\ ~~~~\textbf{and}~\text{adopt_node}:~h~\vdash~\text{adopt_node}~\text{owner_document}~node_ptr~\rightarrow_h~h2\\ ~~~~\textbf{and}~\text{ptr_known}:~\text{is_known_ptr}_\text{Core_DOM}~ptr\\ ~~~~\textbf{and}~\text{children}:~h2~\vdash~\text{get_child_nodes}~ptr~\rightarrow_r~children\\ ~~\color{blue}{\textbf{shows}}~\text{distinct}~children\\ \end{array} \] This lemma states that after using \(\text{adopt_node}\), all children lists remain distinct.

Our machine-checked formalization of the DOM node tree has the following properties:

• It provides a consistency guarantee. Since all definitions in our formal semantics are conservative and all rules are derived, the logical consistency of the DOM node-tree is reduced to the consistency of HOL.
• It serves as a *technical basis for a proof system. Based on the derived rules and specific setup of proof tactics over node-trees, our formalization provides a generic proof environment for the verification of programs manipulating node-trees.
• It is executable*, which allows to validate its compliance to the standard by evaluating the compliance test suite on the formal model, and
• It is extensible, i.e, properties proven over the core DOM do not need to be re-proven for object-oriented extensions such as the HTML document model.

For more details, see our WWW paper [1]. The formalization is available in the Archive of Formal Proofs (AFP) [2].

References §

Quite often, we need to develop a detailed understanding how a system works, without having access to its internal implementation. For example, we might need to understand and old legacy system, which we want to connect to our brand-new infrastructure, or we want to do a security assessment of a third party system.

One approach to develop a better understanding of a “black-box” system is to infer a model (e.g., in form of a Finite State Machine) from system traces.

Consider, for example, the following traces: \[ \begin{align*} &\mathit{select}(\mathit{coke}) \rightarrow \mathit{coin}(50)/[50] \rightarrow \mathit{coin}(50)/[100] \rightarrow \mathit{vend}()/[coke] \\ &\mathit{select}(\mathit{coke}) \rightarrow \mathit{coin}(100)/[100] \rightarrow \mathit{vend}()/[\mathit{coke}] \\ &\mathit{select}(\mathit{pepsi}) \rightarrow \mathit{coin}(50)/[50] \rightarrow \mathit{vend}() \rightarrow \mathit{coin}(50)/[100] \rightarrow \mathit{vend}()/[\mathit{pepsi}] \end{align*} \] These traces describe certain executions of a vending machine (where \(\mathit{label}(\mathit{arguments})/[\mathit{outputs}]\) represents an event).

Using Finite State Machine (FSM) inference, we can construct a FSM that accepts the traces from out example:

In traditional FSM inference, labels are atomic. For example, \(\mathit{select}(\mathit{coke})\) does not represent an event with label \(\mathit{select}\) and input \(\mathit{coke}\), rather the transition is labelled by the literal string “select(coke)” making it a completely separate entity from the transition “select(pepsi).” This is a major problem as it means that information such as the selected drink and accrued funds must be encoded as part of the control state. Increasing product choice or the coins accepted quickly causes an explosion in model size disproportionate to the change in observable behavior.

EFSM inference can make use of a compact representation of the internal state of the inferred system:

In this EFSM, which also accepts the traces from our example, the selected drink is stored in a register \(r_1\) for later use in the output of the \(vend\) transition. A second register \(r_2\) (initialized with \(0\) by the select transaction) keeps track of the money inserted so far. Drinks are only dispensed once this value reaches \(100\). This enables customers to pay for their drink with any coin in any order. This is a much more concise and faithful model of the real system.

Current EFSM inference approaches tend to focus on guard expressions, overlooking how individual transitions mutate the data state. The inference of data update functions is a key technical challenge in EFSM inference but significantly complicates the merging process.

In our ICFEM paper [1], we present a novel approach for inferring EFSMs from system traces that also infers the updates of the internal state. Our approach supports the merging of transitions that update the internal data state. Finally, our model is formalized in Isabelle/HOL, allowing for the machine-checked verification of system properties.

Update: The formalization is now available in the Archive of Formal Proofs: “A Formal Model of Extended Finite State Machines” [2].

References §

Usually, networks such as the Internet run many security protocols (e.g., TLS, IPSec, DNSSEC) in parallel. While the security properties of many of these protocols have been analyzed in great detail, much less research has been devoted to their parallel composition. It is far from self-evident that the parallel composition of secure protocols is still secure, in fact one can systematically construct counter-examples.

One such problem is if protocols have similar message structures of different meaning, so that an attacker may be able to abuse messages, or parts thereof, that he has learned in the context of one protocol, and use them in the context of another where the same structure has a different meaning.

We address this problem in our ESORICS 2018 paper, entitled “Stateful Protocol Composition” [1]. In particular, we extend the compositionality paradigm to stateful protocols, where participants may maintain a database (e.g., a list of valid public keys) independent of sessions. Such databases do not necessarily grow monotonically during protocol execution: we allow, for instance, negative membership checks and deletion of elements from databases. Moreover, we allow for such databases to be shared between the protocols to be composed. For instance, in the example of public keys, there could be several protocols for registering, certifying, and revoking keys that all work on the same public-key database. Since such a shared database can potentially be exploited by the intruder to trigger harmful interferences, an important part of our result is a clear coordination of the ways in which each protocol is allowed to access the database. This coordination is based on assumptions and guarantees on the transactions that involve the database. Moreover, this also allows us to support protocols with the declassification of long-term secrets (e.g., that the private key to a revoked public key may be learned by the intruder without breaking the security goals). The result is so general that it actually also covers many forms of sequential composition as a special case, since one can for instance model that one protocol inserts keys into a database of fresh session keys, and another protocol “consumes” and uses them.

The proof of the main result is by a reduction to a problem finding solutions for intruder constraints: given a satisfiable constraint representing an attack on the composition, we show that the projection of the constraints to the individual protocols are satisfiable. This particular tricky part of the proof has been formalized in the interactive theorem prover Isabelle/HOL.

For details, read our ESORICS paper [1] or the extended version [2], which includes the pen-and-paper proofs and short explanations of the Isabelle proofs.

Update: The formalization is now available in the Archive of Formal Proofs: “Stateful Protocol Composition and Typing” [3].

References §

Software security vulnerabilities are a serious threat to software vendors and their customers: they can result in both monetary loss and loss of reputation. Thus, implementing a rigid secure software development life-cycle (SDLC) is a competitive advantage for a software vendor. Security testing is an important part of any SDLC. Moreover, it is commonly accepted that security testing should be applied as early as possible in software development.

Interested in applying Security Testing during development? We will offer a one-day continuous professional development (CDP) training on the 13th of September at The University of Sheffield.

In this course, you will learn different security testing approaches (e.g., SAST, DAST), their specific strengths and weaknesses, how to evaluate tools and how to select the best “blend” of tools for their own software development. Moreover, the participants will learn how these tools can be integrated into various software development methods (ranging from traditional waterfall-like processes to agile processes supporting continues delivery).

This course on security testing is only one of our “compact” offerings for people working in industry. Similarly, we are also offering courses on secure programming or an introduction to secure software engineering.

For more information, please visit the website of The University of Sheffield or contact Achim Brucker. We also offer these courses as in-house courses, adapted to your needs and wishes.

Mentioning ontologies and Isabelle/HOL in one sentence, might sound weird for man of us. While both are somehow used for writing formal documents, the degree of formalization is, at least at the first glance, very much different.

We asked ourselves if it is possible to integrate ontologies into Isabelle, as the current document preparation system of Isabelle lacks a mechanism for ensuring the structure of different document types (as, e.g., required in certification processes) in general and, in particular, mechanism for linking informal and formal parts of a document.

The result of this work, is Isabelle/DOF, a Document Ontology Framework on top of Isabelle. Isabelle/DOF allows for both conventional typesetting and formal (proof) development.

Isabelle/DOF allows for define ontologies within Isabelle. The ontologies are deeply integrated into the Isabelle system in general and the document preparation in particular. Thus, ontological constraints defined in an ontology are checked (while writing documents) to ensure that also the semi-formal parts of a document adhere to a certain structure and, e.g., that all links and references are defined.

More details about the initial details of Isabelle/DOF can be found in our CICM paper [1]. Isabelle/DOF is licensed under a 2-clause BSD license and available in a git repository.

References §

The term “usable security” is on everyone’s lips and there seems to be a general agreement that, first, security controls should not unnecessarily affect the usability and unfriendliness of systems. And, second, that simple to use system should be preferred as they minimize the risk of handling errors that can be the root cause of security incidents such as data leakages.

But it also seems to be a general surprise (at least for security experts), why software developers always make so many mistakes that should be easy to avoid, and that lead to insecure software systems. In fact, many of the large security incidents of the last weeks/months/years are caused by “seemingly simple to fix” programming errors.

Bringing both observations together, it should be obvious that we need usable and developer-friendly security controls and programming frameworks that make it easy to build secure systems. Still, reality looks different: many programming languages, APIs, and frameworks provide complex interfaces that are, actually, hard to use securely. In fact, they are miles away from providing usable security for developers.

If you want to learn more, visit our talk at the OWASP AppSecEU in London. In this talk, I will discuss examples of complex and “non-usable” security for developers such as APIs that, in fact, are (nearly) impossible to use securely or that require an understanding of security topics that most security experts to not have (and, thus, that we cannot expect from software developers).

Supplementary Material §

• Slides of our talk at the OWASP AppSecEU 2018

Everybody seems to talk about the disruption Blockchains (or, more general, Distributed Ledger Technology) brings. Still, the number of really convincing applications outside cryptocurrencies is not always clear. In a research project together with the Transport Systems Catapult and the Management School, we looked at the use of Blockchains in transport scenarios.

The result of this collaboration are now online as Transport Systems Catapult Report **Blockchain Disruption in Transport: Are You Decentralized yet?. In this report, we explore how distributed ledgers could disrupt the transport sector in the coming years. The report is based on a literature review as well as insights gained from stakeholder engagement, e.g., interviews with experts from the transportation domain. As distributed ledgers is clearly not the silver bullet for all problems, we also discuss common misbeliefs, e.g., with respect to the security implications of distributed ledgers.

It is already the time of the year when you should prepare your submission to the International Workshop on OCL and Textual Modeling. The Call for Paper is already published.

This is already the 18th edition of the workshop. Note that this year, the workshop will be co-located with the MODELS taking place in Copenhagen, Denmark.

See you in Copenhagen!

We program computers since over 50 years. Still, we are - sad but true - used to insecure, crashing, or otherwise non-working computer systems. Gerald Weinberg, an American computer scientist, once said: “If builders built buildings the way programmers wrote programs, then the first woodpecker that came along would destroy civilization.”

Is building correct and secure programs really so hard that humans cannot master this tasks or are we just careless when implementing programs? I will discuss this question next week in my Pint of Science talk in Sheffield.

Interested? See you on the 16th of May 2018 at 7:30 pm, in The Millowner’s Arms (Sheffield Industrial Museums Trust, Kelham Island Museum, Alma Street, S3 8RY).

Last month, we got interviewed by Hakin9 about one of our “side-projects”: DVHMA - The Damn Vulnerable Hybrid Mobile App. DVHMA is a hybrid mobile app (for Android) that intentionally contains vulnerabilities. Its purpose is to enable security professionals to test their tools and techniques legally, help developers better understand the common pitfalls in developing hybrid mobile apps securely.

We developed it to study pitfalls in developing hybrid apps, e.g., using Apache Cordova or SAP Kapsel, securely. Originally we developed DVHMA as a test case for evaluating static application security testing tools [1]. Hence, the focus was to develop a deeper understanding of injection vulnerabilities that exploit the JavaScript to Java bridge.

Today, DVHMA is becoming increasingly popular by penetration testers and forensics experts that want to learn the specifics of Cordova apps.

DVHMA is published under the Apache 2.0 License and you are welcome to participate in its further development. We are currently working on improving DVHMA and hope to be able to release a substantial update in the future.

References §

Luckily, an increasing number of publishers allows authors of (academic) papers to publish a pre-print of their accepted papers on their personal website or their institutional website. This eases access to those papers significantly, as the “official” version on the publishers’ website is often behind a paywall. Most publishers require that the pre-prints published by the author contain a statement referring to the official version.

Thus, the only remaining question is: how to produce a pre-print containing this reference with as little effort as possible. If you are using LaTeX for writing your papers, authorarchive package might be the solution.

Adding the self-archiving note to a paper formatted with Springer’s LNCS style is as easy as adding

\usepackage[LNCS,
   key=brucker-authorarchive-2016,
   year=2016,
   publication={Anonymous et al. (eds). Proceedings of the International
       Conference on LaTeX-Hacks, LNCS~42. Some Publisher, 2016.}
   startpage={42},
   doi={00/00_00},
   doiText={0/00\_00},
   nocopyright
 ]{authorarchive}

to the preamble of your paper. The package also supports advanced features such as adding bibliographic entries (e.g., for BibTex) into the final PDF.

The LaTeX package “authorarchive” is a LaTeX style for producing author self-archiving copies of (academic) papers. It is available on CTAN and development versions are available in the authorarchive git repository. The package is dual-licensed under a 2-clause BSD-style license and/or the LPPL version 1 or any later version.

Links §

• CTAN and development versions
• git repository.

Enforcing the secure execution of BPMN-based service composition required a flexible monitoring and enforcement approach that allows to control the compliance of the highly dynamic system during run-time.

To address the challenges crated by combining loosely coupled services that are offered and operated by different service providers, we developed a framework for monitoring services at run-time and ensuring that services behave as they have promised. In particular, we focus on monitoring nonfunctional properties that are specified within an agreed security contract. The novelty of our work is based on the way in which monitoring information can be combined from multiple dynamic services to automate the monitoring of business processes and proactively report compliance violations.

Our framework allows to both specify policy diagrammatically and by using a textual policy language. Moreover, the framework supports the enables monitoring of both atomic and composite services.

Want to learn the details or read our case study? Have a look at our latest paper in the Journal of Software: Evolution and Process [1].

PS: The monitoring framework works nicely together with our tools for End-to-End Secure Service Compositions.

References §

Apache Cordova is a widely used framework for writing mobile apps that follows the “hybrid app” paradigm. A hybrid app is a mobile app that is partly implemented in platform-neutral HTML5/JavaScript and partly in platform specific languages (e.g., Java or Objective C).

Static (data flow) analysis of hybrid apps that supports the analysis of both the platform independent and the platform specific parts in a unified way (e.g., for finding injection attacks) is an unsolved problem.

The main problem with statically analyzing Cordova apps is that many vulnerabilities in Cordova applications exploit data flows that cross the boundary between HTML/JavaScript and native code. Thus, a static tool should be able to analyze these cross-language data flows.

There are, in principle, three ways for implementing a static analysis statically of cross-language data-flows of Cordova apps:

1. A (deep) analysis of the Cordova: In this approach, the full Cordova framework source code is, all plugin source code, together with the implemented application, is analyzed.
   • Advantages:
     • Very precise computation of all data flows possible.
     • Only very limited amount of manual modeling of sinks and sources required.
   • Disadvantages:
     • Computationally very expensive. The analysis might take hours even for very small extensions.
2. Modeling the core API of Cordova: In this approach, the cross-language interfaces of the core Cordova framework are modeled, avoiding the need of analyzing the framework statically. Only the application itself and all used plugins are analyzed.
   • Advantages:
     • Allows for analyzing the application in the context of custom or modified plugins.
     • Usually very fast (a few minutes, even for complex applications)
       
   • Disadvantages:
     • If the framework changes, a specialist needs to update the model.
3. Modeling the Cordova plugins: In this approach, the Cordova framework and all plugins are modeled, i.e., their sources and sinks are configured in the static analysis tool. Only the application code itself is statically analyzed.
   • Advantages:
     • Very fast.
   • Disadvantages:
     • No detection of vulnerabilities caused by modified or custom plugins.

We consider the second approach a good compromise between thoroughly
analyzing all possible cross-language data flows and performance (respectively, repetitively scanning the same code). We implemented this approach in a prototype and its evaluation shows that it reliably detects cross-language data flows in Cordova application. For more details, have a look at our ESSoS 2016 paper [1].

References §

Analyzing data is an important part of evaluating the effectiveness and efficiency of activities to improve the security of software or to understand the security risk of software systems. Thus, everybody involved in secure software development should have at least a basic understanding of data science techniques.

If you want to learn more about using data science for analyzing your secure software development process, have a look at our book chapter on “Data Analytics for Software Security” [1].

In this chapter, we report on our own experiences in empirical secure software research at, SAP SE, the largest European software vendor. Based on this, we derive actionable recommendations for building the foundations of an expressive data science for software security: we focus on using data analytics for improving the secure software development. Data analytics is the science of examining raw data with the purpose of drawing conclusions about that information using machine learning methods or statistical learning methods. Data analytical techniques have been successfully used in both the cyber-security domain and the software engineering domain. For example, data analytical methods are used to investigate software engineering challenges such as effort prediction. Thus, applying these techniques to the intersection of both areas to help practitioners to develop more secure software with less effort, seems promising.

References §

During the development of software systems, security is often understood as a task for specialists. This is unfortunate, as today any system need to fulfill a large variety of security (and privacy) properties of which many rely on input from domain experts that are often no security experts. To allow security interested developers of service-based systems, e.g., using microservices, we developed a too-supported, model-based approach that allows to capture and analyze security properties on the level of composition models. Moreover, our approach supports “pushing security requirements” down to the implementation level, supporting developers in implementing the services securely.

Modeling and Validating Security Properties §

Let’s start top down with the modeling of service compositions. In our prototype, we use BPMN as graphical notation for modeling the actual service composition (as well as user interactions, i.e, manual tasks). The example in the following figure shows a simple service composition implementing a travel booking service:

In our approach, the designer of the service composition can, already on this very abstract level, specify several security and privacy properties that need to be fulfilled by the actual system. For example, the service designer can specify who can access (invoke) services using a role-based access control model that also supports separation of duty and binding of duty requirements.

We do not only support the specification of security and privacy properties, our approach allows also to analyze the specified requirements to detect inconsistencies as early as possible in the design phase. Recall our example from the first figure: here, the role-based access control does not enforce the required separation of duty requirement.

Service Quantification and Ranking §

Service-based systems are usually implemented by combining already existing services and, if necessary, by implementing services for which no readily-available implementation exists. Our approach supports service designers in selection the most suitable service from service marketplaces by a ranking that includes functional as well as non-functional (i.e., security or performance) requirements.

Implementing Services Securely §

Our approach allows combining model-driven and traditional, code-based, development. This is usually necessary when no readily-available service implementation exists and a bespoke service needs to be developed. In this situation, we derive, from the high-level security specification on the model-level, properties that need to be fulfilled on the code level. These requirements are checked by using static analysis tool that uses project-specific rules that are automatically generated from the high-level models. In the following example, a developer is warned that a service is not correctly handling credit card data:

Conclusion §

Clearly, only a relatively small subset of business-related security and privacy requirements can be captures by non-experts. Still, our approach shows that allowing non-experts to specify security properties facilitates the necessary discussion with security experts on how the developed systems can be secured. Moreover, the end-to-end approach ensures that security requirements captures early on in the design-phase are not lost when implementing the system.

Want to learn more? The details are in our paper published in the journal “Software: Practice and Experience (SPE)” [1].

References §

More and more devices that we buy today are “smart”, i.e., they can be connected to the Internet. Actually, many experts expect that by 2020, over 50 billion (smart) things will be connected to the Internet. Technically, a smart device contains a small computer which runs software and, as we all know from our daily experiences, software often has bugs that can lead to security vulnerabilities. In 2016, a botnet called Mirai targeted smart home devices and used them for attacking a domain registration service provider. This resulted in the unavailability of well-known services such as Google for Github for many users.

The Mirai attack showed the potential of exploiting security vulnerabilities in smart things. This risk is likely to increase, if more and more devices get connected to the Internet. To avoid (or at least minimize the risk of) such attacks, smart things need, as any computer, supplied with updates.

Let’s make a thought experiment and assume, we would be using smart devices since decades. Now let’s try to answer the question, which version of Microsoft’s Windows would run, if various devices are close to their average span:

• Computer and mobile devices: Computer and mobile devices have an average life span of three to five years. Thus, your computer most likely was bought with Windows 8 (released on 26th of October 2012).
• Wi-Fi routers: Small network devices such as switches or wi-fi routers have an average life span of seven years. Thus, your wi-fi router most likely would be running Windows 7 (released on 22nd of October 2009).
• Cars: Cars have an average life span of 14 years. Thus, your car would most likely still run on Windows XP (released on 25th of October 2001).
• Fridges: Large home appliances (e.g., your fridge) have an average life span of 17 years. If you had bought a smart fridge 17 years ago, it would have been shipped with a brand-new version of Windows Me (released on 14th of September 2000).
• Light bulbs: Modern LED light bulbs have an expected average life span of 20 years. Thus, your light bulb might still run Windows 98 (released on June 25th 1998).

Of course, smart devices usually do not run consumer-oriented operating systems. Still, this thought experiments illustrateshow long the software running on smart devices needs to be supplied with security patches. This long maintenance of the software of smart devices will be a challenge for both manufactures and users

An even more interesting question is the liability of operating smart devices. If a vulnerability in a smart device is exploited by a third party and, as in the case of the Mirai botnet, the smart device is hijacked for criminal activities, who is liable? The manufacture that, maybe 15 years ago, produced an insecure smart device, or the user that is still operating an insecure device. And if security patches are available, who is responsible that patches are applied?

Thus, traditional manufactures will need to learn that, in the future, they are no longer producing physical devices, they are turning into software companies that sell software-defined products. Hence, manufactures need to be able to provide security patches for their smart devices for the whole life of the product, which is often much longer than the life span of most consumer software that we use today. And consumers need, either manually or automatically, able to apply the security patches.

With our research on security economics, security testing, and techniques for securing the software supply chain, we hope to contribute to making life easier and more secure for vendors, consumer, and everybody living in a software-defined world.