Reliably Secure Software Systems (RS3) –
DFG Priority Programme 1496
The fifth annual meeting of RS3 took place from 5th to 8th of October 2015. On October 5th and 6th the projects presented their current status and the next steps of RS3 were planned. This part of the meeting was directly be followed by a two-day staff meeting on October 7th and 8th. The staff meeting is intended for work on RS3-wide, common topics. The meeting took place in Bremen.
Members of the scientific advisory board (SAB) were invited to attend:
05.10.2015 - 06.10.2015.
Members of the Friends of RS3 (FoRS3) were invited to attend:
05.10.2015 - 06.10.2015.
Principal investigators of RS3 projects were invited to attend:
05.10.2015 - 06.10.2015.
Doctoral and post-doctoral researchers in RS3 projects were invited to attend:
05.10.2015 - 8.10.2015.
The meeting took place at:
Universität Bremen Bibliothekstraße 1, MZH 28359 BremenDuring the annual meeting the progress of individual projects as well as of RS3 as a whole was presented. There were also keynote talks by
During the staff meeting the post-doctoral and doctoral researchers worked on common topics in the reference scenarios and project clusters.
The schedule for the meeting can be found here.
In this talk we will discuss the leakage of secret information due to the probabilistic correlation with public observables. We will focus in particular on recent advances in the fields of information flow control and privacy protection. More precisely, we will illustrate the the g-leakage framework, a generalization of the min-entropy leakage, which offers a rich operational model of the attacker, based on decision theory, and is characterized by a surprisingly simple set of axioms. Then we will introduce differential privacy (DP), one of the most successful approaches to prevent disclosure of private information in statistical databases. We will briefly discuss the relation between the two frameworks, and we will show a generalization of DP to arbitrary metric domains, with a novel application to location privacy.
Developers reason about software at the abstraction level of source code, whereas attackers often try to break a software system by going below that abstraction level. Hence, a general and powerful approach to software security is to make compilation more defensive such that it is harder for attackers to break source code level abstractions. Formally, compilation from a source language to some target language is secure (or fully-abstract) if the compilation from source language programs to target language programs preserves and reflects behavioral equivalence. Such compilers essentially limit the power of an attacker interacting with a compiled software module in the target language to that of an attacker interacting with the same software module in the source language. Designing (and proving) a compiler to be fully-abstract can be challenging however, and depends strongly on characteristics of the source and target languages. In this talk, we will illustrate why fully-abstract compilation is useful from a security point of view, and we will discuss designs (and correctness proofs) for a number of secure compilation techniques.
There was a special offer by Deutsche Bahn AG for traveling to the annual meeting.
The following hotels also provided special offers (information how to use this offer can be found in the wiki)
Please note that TU Darmstadt regulations apply for reimbursement via the coordinator project.
Please use the following travel claim forms for your reimbursement:
English explanation of the travel claim form: pdf version
If you have further questions regarding the annual meeting, please do not hesitate to contact
assistant
at spp-rs3.de
.