Comète Head: Catuscia Palamidessi Comité de Visite AERES, February 3-4, 2009 1 / 15
The Comète team Name Function Institution Since Permanent Researchers Catuscia Palamidessi DR INRIA 2003 Frank Valencia CR CNRS 2004 Post-docs and engineers Simon Kramer Postdoc INRIA 2007 PhD Students Jesus Aranda PhD student E. Polytechnique 2006 Romain Beauxis PhD student E. Polytechnique 2005 Christelle Braun PhD student E. Polytechnique 2007 Mario Sergio Ferreira PhD student DGA/CNRS 2008 Carlos Olarte PhD student INRIA 2006 Sylvain Pradalier PhD student ENS Cachan 2006 2 / 15
Scientific project Research Domains Ubiquitous Computing, Concurrency, Security Protocols, Probability Goals Specification and verification of security properties / protocols (exp. probabilistic protocols for protecting private information) Nondeterminism in security (leaking scheduler) Expressiveness of calculi for concurrent and mobile systems Software project π pa : a specification language for concurrent, mobile and probabilistic systems and protocols A model checker for π pa
Positioning National Secsi, Moscova (formal analysis of security protocols) International PRISM (probabilistic model checking) R. Segala’s team (probability & nondeterminism) G. Smith’s team (information-hiding / information flow) Specificity of our approaches Combination of probability and mobility in π pa Specific treatment of nondeterminism (for information-hiding) Bayesian framework
Projects and collaborations ProNoBiS. INRIA/ARC. With Jean Goubault-Larrecq (ENS Cachan), Roberto Segala (University of Verona), Marta Kwiatkowska (University of Oxford). 2006-07. Printemps. INRIA/DREI Equipe Associeé with Prakash Panangaden (McGill University). Started in 2006. Rossignol. ACI Securité. With Denis Lugiez (LIF), Florent Jacquemard (ENS Cachan) and Yassine Lakhnech (VERIMAG). 2003-06. OISA. DGA. 2007-08. Monaco. PAI-Egide. With Iain Phillips (Imperial College) and Uve Nestmann (Technical University of Berlin). 2007-08. 5 / 15
Main results Separation between recursion and replication in process calculi Decidability results for a subset of linear temporal logic An information-theoretic approach to anonymity protocols Study of bayesian risk in information hiding Implementation of a subset of π pa in PRISM (In collaboration with the PRISM team, University of Oxford) Characterization of π pa constructs maintaining secrecy 6 / 15
Focus on some of the results 7 / 15
An Information-Theoretic approach to Anonymity Anonymity protocols as noisy channels p(o 1 |a 1 ) The input A represents the a 1 o 1 information to keep secret .. and the output O .. .. . . . represents the observables p(o n |a 1 ) a m o n Degree of protection offered by a protocol The converse of the Mutual Information associated to the channel I ( O ; A ) = H ( A ) − H ( A | O ) Verification Given a protocol specified in π pa , we can automatically compute its degree of protection 8 / 15
Bayesian risk in Information Flow The Bayesian risk is the probability of error of an adversary that tries to infer the secret by using the MAP criterion (Maximum Aposteriori Probability) Relation between the Bayesian risk and the Conditional Entropy 0.6 Object of study since decades 0.5 0.4 Foundational and practical 0.3 0.2 motivations 0.1 0.0 0.25 0.5 0.75 1.0 0.0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1.0 Bounds on the Bayesian risk using the Conditional entropy Bounds by Rény (1966), Hellman-Raviv (1970), Santhi-Vardy (2006) The Bayesian risk is a piecewise linear function. We have obtained a tighter bound by characterizing its “corner points”
π pa constructs which maintain secrecy The π pa calculus T ::= � ◦ i p i T i probabilistic choice | � i s i . T i secret choice ( s i ∈ Sec ) | � i r i . T i nondeterministic choice ( r i ∈ Obs ∪ { τ } ) | T | T parallel composition | ( ν a ) T restriction | ! T replication An operator op maintains secrecy if Protection ( op ( T )) ≥ Protection ( T ) The probabilistic and nondeterministic choices, and a restricted form of parallel composition maintain secrecy Generalization of the result of Chaum (1988). 10 / 15
Perspectives I Protection of private and/or critical information is becoming an issue more and more important in today’s world Probability is fundamental, both as an abstraction and because of the use of randomized primitives in information-hiding protocols. Other quantitative aspects, like time, are important too. The classical notion of nondeterminism is not suitable for security. Need for new foundations. The interplay between probability and nondeterminism requires special care. Cooperation with Jan Gobault-Larrecq, Prakash Panangaden, and Roberto Segala 11 / 15
Perspectives II The existing tools (model checkers) are not suitable to verify protocols for information protection Cooperation with the PRISM team (Marta Kwiatkowska, University of Oxford) The literature on the π -calculus, in particular that behind the existing model checkers, is mainly first-order. This makes very difficult to extend the existing results and tools to the probabilistic case. Need for a high-order framework Cooperation with the Parsifal team (Dale Miller, LIX) 12 / 15
Publications (by permanent members and PhDs) 2005 2006 2007 2008 Permanent members 3 2 2 2 Number of PhDs 2 5(2) 6(2) 6(2) Journal publications 4 (2) 2 (1) 6 (3) 5 (4) International conferences 4 (2) 4 (2) 7 (4) 7 (3) International workshops 9 (3) 8 (3) 5 (4) 2 (1) Total publications 17 (7) 14 (6) 18(11) 14(8) The numbers in green represent the number of PhD students co-supervised by an external advisor The numbers in red represent the number of publication with external coauthors 13 / 15
Visibility Program Committees FOSSACS’09, QEST’08, FICS’08, MFPS XXIV, LICS’08, VMCAI’08, CiE’08, ESOP’08, CONCUR’07, QEST’07, FCT’07, ESOP’07, FInCo’07, SAC’07, LPAR’06, CONCUR’06, MFPS XXII, FOSSACS’06, EXPRESS’06, CLEI’05, LPAR’05, ICLP’05, CONCUR’05, ESOP’05, SOFSEM’05, FInCo’05, ICLP’05 Editorial boards MSCS, TPLP, ENTCS, JFLP Conference organization MFPS XXV, SOFSEM 2009 Track on Foundations, SecCo’07, LIX Colloquium 2006, ICALP’05 Track B. Invited talks ICE’08, PAuL’07, PERAD’07, PLID’07, MFPS XXI, CLEI’05
Notable facts FORTE’06 Best Paper Award Robin Milner visits Comète for one year in 2007 on a chair Blaise Pascal SPECIF /Gilles Kahn Award for one of the two second best PhD Thesis in France in 2008 15 / 15
Recommend
More recommend