Reliably Secure Software Systems (RS3) –
DFG Priority Programme 1496
This page lists all topic workshops that took place within RS3.
On March 27-29, 2017, the topic workshop "A Machine-Readable Library of Information-Flow Case Studies" took place in Darmstadt. Five researchers from the projects (1) DeduSec, (2) IFC4MC, and (3) RSCP met to drive forward the development of the RS3 library of RIFL information-flow specifications.
On August 1-3, 2016, the topic workshop "Developing a Consolidated Example Library of RIFL Specifications" took place in Karlsruhe. Five researchers from the projects (1) DeduSec, (2) IFC4MC, and (3) RSCP consolidated the collection of RIFL information-flow specifications generated at previous RS3 meetings into a library of examples.
On June 20-22, 2016, the topic workshop "Declassification in RIFL" took place in Darmstadt. Seven researchers from the projects (1) DeduSec, (2) FiFAKS, (3) IFC4MC, and (4) RSCP met to extend the information-flow specification language RIFL by features for supporting controlled declassification.
On April 14-16, 2016, the topic workshop "Client-Server Integration in Web-Based Workflow Management Systems" took place in Darmstadt. Four researchers from the projects (1) IFC4BC, (2) MORES, and (3) SecDed met to integrate the client-side and the server-side of the verified conference management system CoCon with the goal of providing holistic security guarantees for the entire system.
On April 11-14, 2016, the topic workshop "More Precise Classification of Sources and Sinks in RIFL" took place in Darmstadt. Seven researchers from the projects (1) DeduSec, (2) FiFAKS, (3) IFC4MC, and (4) RSCP met to clarify the semantics of existing language features of RIFL and to extend RIFL by new language features enabling the more precise classification of sources and sinks of programs.
On February 25-26, 2016, the topic workshop "Open-Source Apps in the RS3 Certifying App Store" took place in Königsfeld immediately after the Staff Meeting 2016. Ten researchers from the projects (1) IFC4MC, (2) IFlow, (3) INTERFLOW, (4) RSCP, and (5) SADAN as well as two associated researchers worked on including third-party open-source apps in the RS3 Certifying App Store and on building a demonstrator for the reference scenario Software Security for Mobile Devices.
On November 23-25, 2015, the topic workshop "Extending RIFL" took place in Darmstadt. Nine researchers from the projects (1) DeduSec, (2) IFC4MC, (3) FIfAKS, (4) MORES, and (5) RSCP as well as an associated researcher discussed future directions for the RS3 Information-Flow Requirement Specification Language (RIFL) and worked on extending the language.
On May 6-8, 2015, the topic workshop "Executable Specification and Code Generation with Isabelle/HOL" took place in Munich. Five researchers from the projects (1) MORES, (2) RSCP, and (3) SecDed as well as two associated researchers met for a tutorial on how to generate programs from Isabelle/HOL theories and how to ensure that the generated programs are efficient.
On April 27-28, 2015, the topic workshop "Development of a Demonstrator for the RS3 Certifying App Store" took place in Darmstadt. Six researchers from the projects (1) IFC4MC, (2) RSCP, (3) RUNSECURE, and (4) SRPM met to create an improved demonstrator of the RS3 Certifying App Store by enhancing its user interface and integrating a new analysis technique.
On July 28-29, 2014, the topic workshop "Security in-the-Large" took place in Darmstadt. Six researchers from the projects (1) E-Voting, (2) IFlow, (3) MORES, (4) FM-SecEng, and (5) SecDed met and worked on identifying the main challenges faced by the reference scenarios with respect to Security in-the-Large as well as next steps to addressing these challenges.
On May 26-27, 2014, the topic workshop "Tool Integration in the RS3 Certifying App Store" took place in Darmstadt. Nine researchers from the projects (1) IFlow, (2) RSCP, (3) RUNSECURE, and (4) SADAN met and worked on integrating different methods and tools into the RS3 Certifying App Store.
On February 3-4, 2014, the topic workshop "Formal Verification of Information Flow Properties of Web-Based Workflow Management Systems" took place in Munich. Eight researchers from the projects (1) FM-SecEng, (2) MORES, (3) MoVeSPAcI, (4) SecDed, and (5) SpAGAT met and worked on the integration of different methods and tools into the reference scenario Web-based Workflow Management Systems.
On December 18, 2013, the topic workshop "Online and Offline Monitoring for Secure Usage" took place in Darmstadt. Five researchers from the projects (1) RUNSECURE, (2) SADAN, (3) TbgESP met and discussed benefits and drawbacks of different online and offline monitoring approaches. During the topic workshop, the participants created an overview of technologies exploited in different approaches and a list of application scenarios.
On February 19-20, 2013, the topic workshop "Information Flow in Object-Oriented Systems" took place in Darmstadt. Eleven researchers from the projects (1) ALBIA, (2) DeduSec, (3) E-Voting, (4) IFC4MC, (5) IFlow, (6) MoVeSPAcI, (7) RSCP met and discussed appropriate attacker models in object-oriented systems. During the topic workshop, different attack scenarios in object-oriented systems were identified, along with best practices for secure object-oriented coding.
On June 18-19, the topic workshop "Concurrent Noninterference" took place in Darmstadt. Ten researchers from the projects (1) DeduSec, (2) IFC for Mobile Components, (3) RSCP, (4) Secure Type Systems and Deduction and (5) Type-based gradual enforcement of security policies for concurrent programs met in Darmstadt and presented the progress achieved so far. The presentations covered amongst others dynamic logic, type systems and PDGs. During fruitful discussions synergies were identified and plans for joint publications were made.
On March 14-15, 2012, the topic workshop "Security in Business Processes" took place in Dortmund. Ten researchers from the projects (1) AMBOSS, (2) USIFES, (3) MoDelSec, (4) SADAN, (5) Service Automata, and (6) WS4DSec met in Dortmund to develop a common basis for specifying security requirements for business processes and analyzing or enforcing their compliance.
The researchers of the projects Quis-Custodiet, Dedusec, Spagat and MoDelSec organized the topic workshop "Information Flow and Security in Sequential Applications" in order to exchange on the newest ideas and results of their research. Since all of us pursue the research with equal mathematical rigor, we had very fruitful discussions regarding the comparison, strengths and weaknesses of our approaches to guarantee information security. We also considered the theoretical possibility to integrate the various approaches into a unified tool that could provide a degree of precision that no technology could do that is based on one single theoretical solution.
On November 21st, the topic workshop "E-voting and Information Flow" took place in Karlsruhe, with four participating projects: (1) Implementation-Level Analysis of E-Voting Systems, (2) DeduSec: Program-level Specification and Deductive Verification of Security Properties, (3) IFC for Mobile Components: Information Flow Control for Mobile Components Based on Precise Analysis for Parallel Programs, and (4) MoVeSPAcI: Modular Verification of Security Properties in Actor Implementations.
The workshop participants presented the progress achieved so far on analyzing specific security properties of the e-voting system developed within RS3. Remaining technical challenges were discussed in detail and concrete plans for joint publications were made. Overall the workshop showed that the approaches taken thus far in the e-voting scenario are very promising and that they will be further pursued.
On November 3-4, ten researchers from the projects IFC for Mobile Components, IFlow, ModelSec, and RSCP met in Darmstadt for a topic workshop. One of the goals pursed by the participants was to establish a plausible connection between the state-of-the-art security vulnerabilities on Android and the static information flow control techniques. During the fruitful discussions a tangible progress has been achieved. Motivated by privilege escalation attacks, the researchers explored a possibility to statically enforce system-wide information flow policies on Android. It turned out, that the sketched solution perfectly fits the "security-in-the-large" guiding theme of the priority programme. The collaboration on this exciting topic will be continued.
The first RS3 Topic Workshop "Security Properties in Security Engineering" took place in Augsburg on May 12-13, 2011. 9 researchers from projects FM-SecEng, IFlow, ModelSec, and MoVeSPAcI meet to explore how to formally model and specify security requirements in the software development process. Initiated by the projects FM-SecEng and Iflow, this meeting continues the active discussions in the Security Engineering cluster during the RS3 KickOff.