BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Memento EPFL//
BEGIN:VEVENT
SUMMARY:Cryptosense: Security Analysis for Cryptographic APIs
DTSTART:20130612T140000
DTEND:20130612T150000
DTSTAMP:20260502T120601Z
UID:2fe20b637925a98aba51f298ca6bafc60ad75898fbade6be8f4abfdd
CATEGORIES:Conferences - Seminars
DESCRIPTION:Prof. Graham Steel\, CNRS\, ENS de Cachan and INRIA\nIn practi
 ce\, most developers use cryptography via an application program interface
  (API) either to a software library or a hardware device where keys are st
 ored and all cryptographic operations take place. Designing such interface
 s so that they offer flexible functionality but cannot be abused to reveal
  keys or secrets has proved to be extremely difficult\, with a number of p
 ublished vulnerabilities in widely-used APIs appearing over the last decad
 e.\nThis talk will discuss research on the use of formal methods to specif
 y and verify such interfaces in order to either detect flaws or prove secu
 rity properties. We will focus on the example of RSA PKCS#11\, the most wi
 dely used interface for cryptographic devices\, and show how research has 
 progressed from initial theoretical results through to a powerful tool\, t
 he Cryptosense Analyzer\, which can reverse engineer the particular config
 uration of PKCS#11 in use on some device under test\, construct a model of
  the device's functionality\, and call a model checker to search for attac
 ks. If an attack is found\, it can be executed automatically on the device
 \, and\nadvice for secure configuration is given. The talk will conclude w
 ith a live demonstration.
LOCATION:BC 420 https://plan.epfl.ch/?room==BC%20420
STATUS:CONFIRMED
END:VEVENT
END:VCALENDAR