Given the presence of residual vulnerabilities in software systems, it is critical to apply suitable countermeasures in order to minimize the likelihood of an attack. In this paper we propose a formal approach, based on stochastic games, to threat ...

TLA⁺ is a formal language for specifying systems, including distributed algorithms, that is supported by powerful verification tools. In this work we present a framework for checking if traces of distributed programs are compatible with high-level ...

Information flow analysis (IFA) is a powerful technique for verifying confidentiality and integrity. This is highly desirable for embedded systems, where security violations can lead to significant economic damages or even loss of human life. ...

Runtime verification of temporal properties over timed sequences of observations is crucial in various applications within cyber-physical systems ranging from autonomous vehicles over smart grids to medical devices. In this paper, we are ...

Current formal verification of security protocols relies on specialized researchers and complex tools, inaccessible to protocol designers who informally evaluate their work with emulators. This paper addresses this gap by embedding symbolic ...

As the deployment of AI agents in Automated Driving Systems (ADS) becomes increasingly prevalent, ensuring their safety and reliability is of paramount importance. This paper presents a novel approach to enhance the safety assurance of automated ...

We present a methodology for formally modelling and verifying multi-factor authentication (MFA) schemes employed in eIDAS digital identity cards. This methodology adopts an interface-based threat model to comprehensively analyse potential ...

Deductive verification is often more efficient than alternative techniques like model checking at reasoning about functional properties of programs. This is especially true when the program under verification contains very large or unbounded data ...

Clearly articulating the assumptions of the execution environment is crucial for the successful application of code-level formal verification. The process of specifying a model for the environment can be both laborious and error-prone, often ...

Effective layered attestation systems require a trusted mechanism for their implementation, configuration, and deployment. Core to these systems are a distributed collection of Attestation Manager (AM) components that orchestrate primitive ...

Providing good methods for testing properties of software is critical. Such methods often depend on a formal description of the program input language, in particular, when they are based on grammar-based fuzzing. Unfortunately, it cannot be ...

Privacy policies define the terms under which personal data may be collected and processed by data controllers. The General Data Protection Regulation (GDPR) imposes requirements on these policies that are often difficult to implement. ...${}^{}$${}^{}$

Programming language frameworks allow us to generate language tools (e.g., interpreters) just from a formal description of the syntax and semantics of a programming language. As these frameworks tend to be quite complex, an issue arises whether we ...

SYCL is a C++ programming model for the development of heterogeneous programs. It uses the concept of kernels, where multiple instances of a computation are executed concurrently on a computing unit. This concurrency entails that the set of ...

Smart contracts are programs stored on the blockchain, often developed in a high-level programming language, the most popular of which is Solidity. Smart contracts are used to automate financial transactions and thus bugs can lead to large ...

Cyber-physical systems have become ubiquitous in our daily lives, and their complexity continually evolves to unprecedented levels. In addition to their heterogeneity and interaction with a physical environment, we see a tremendous increase in the ...