Reliably Secure Software Systems (RS3) –
DFG Priority Programme 1496
The third annual meeting of RS3 took place from 7th to 10th of October 2013. It was the second annual meeting in the second funding period. On October 7th and 8th the projects presented their current status and the next steps of RS3 were planned. This part of the meeting was directly followed by a two-day staff meeting on October 9th and 10th. The staff meeting was intended for work on RS3-wide, common topics . The meeting took place in Saarbrücken.
Members of the scientific advisory board were invited to attend:
Members of the Friends of RS3 (FoRS3) were invited to attend:
Principal investigators of RS3 projects were invited to attend:
Doctoral and post-doctoral researchers in RS3 projects were invited to attend:
07.10.2013 - 10.10.2013.
The meeting took place at:
During the annual meeting the projects presented their progress. During the staff meeting the doctoral and post-doctoral researchers worked on common topics in the reference scenarios and project clusters. The schedule for the annual meeting can be found here.
Abstract: The Flowspecs project is developing tools and techniques for evaluation of the trustworthiness of mobile apps, specifically for the Android platform. We focus on `enterprise scenarios', involving mission-related apps that may access enterprise networks, where incentives and resources exists for substantive evaluations with respect to policies specified using qualified types and other program annotations. In this talk I highlight challenges in specifying and verifying information flow properties for code using object-based data structures and callback-based APIs. I review the 'region logic' approach to local reasoning about heap separation and recent work on a relational version of the logic, which includes both proof rules for program composition and encoding techniques to leverage existing SMT-based verification tools. These techniques are used to establish end-to-end properties formulated in terms of knowledge.
Abstract: Language-based Security is a very active area of research that deals with enforcing application security at the programming-language level. This can be achieved by embedding security features inside the language itself, or by enforcing security through program analysis. Today's applications are distributed across different tiers and often run on mobile devices, which expose computing systems to a completely new class of security attacks. Ensuring that applications are secure and not vulnerable to integrity or confidentiality violations is particularly essential in the industry. Therefore, Language-based Security has been an important industrial-research focus.
This keynote presents Language-based Security from an industrial-research perspective. It describes the challenges that an enterprise must face to verify the applications it deploys and provisions to its employees and customers’ devices, and the security measures that need to be adopted to prevent security exposures. It also discusses the state of the art in the research area of secure language design and program analysis for security, looking at how this area has evolved over the years, and proposing a set of principles, learned in the industry, which should be considered when designing new languages and enforcing application-level security.
Contingencies were reserved in several hotels in Saarbrücken. Details how to access these contingencies could be found in the RS3 wiki.
If you have further questions regarding the annual meeting, please do not hesitate to contact