References of "Mauw, Sjouke 50002343"
     in
Bookmark and Share    
See detailProceedings of the 10th IFIP WG 11.11 International Conference on Trust Management (IFIPTM 2016)
Habib, Sheikh Mahbub; Vassileva, Julita; Mauw, Sjouke UL et al

Book published by Springer (2016)

Detailed reference viewed: 24 (1 UL)
Full Text
Peer Reviewed
See detailAnalysing the Efficacy of Security Policies in Cyber-Physical Socio-Technical Systems
Lenzini, Gabriele UL; Mauw, Sjouke UL; Ouchani, Samir UL

in Barthe, Gilles; Markatos, Evangelos (Eds.) Security and Trust Management - STM 2016 (2016)

A crucial question for an ICT organization wishing to improve its security is whether a security policy together with physical access controls protects from socio-technical threats. We study this question ... [more ▼]

A crucial question for an ICT organization wishing to improve its security is whether a security policy together with physical access controls protects from socio-technical threats. We study this question formally. We model the information flow defined by what the organization's employees do (copy, move, and destroy information) and propose an algorithm that enforces a policy on the model, before checking against an adversary if a security requirement holds. [less ▲]

Detailed reference viewed: 183 (19 UL)
Full Text
Peer Reviewed
See detailSecurity analysis of socio-technical physical systems
Lenzini, Gabriele UL; Mauw, Sjouke UL; Ouchani, Samir UL

in Computers electrical engineering (2015)

Recent initiatives that evaluate the security of physical systems with objects as assets and people as agents – here called socio-technical physical systems – have limitations: their agent behavior is too ... [more ▼]

Recent initiatives that evaluate the security of physical systems with objects as assets and people as agents – here called socio-technical physical systems – have limitations: their agent behavior is too simple, they just estimate feasibility and not the likelihood of attacks, or they do estimate likelihood but on explicitly provided attacks only. We propose a model that can detect and quantify attacks. It has a rich set of agent actions with associated probability and cost. We also propose a threat model, an intruder that can misbehave and that competes with honest agents. The intruder’s actions have an associated cost and are constrained to be realistic. We map our model to a probabilistic symbolic model checker and we express templates of security properties in the Probabilistic Computation Tree Logic, thus supporting automatic analysis of security properties. A use case shows the effectiveness of our approach. [less ▲]

Detailed reference viewed: 173 (13 UL)
Full Text
Peer Reviewed
See detailLocation-private interstellar communication
Jonker, Hugo UL; Mauw, Sjouke UL; Radomirovic, Sasa UL

in 23rd Security Protocols Workshop (2015)

Detailed reference viewed: 62 (5 UL)
Full Text
Peer Reviewed
See detailLocation-private interstellar communication (Transcript of Discussion)
Mauw, Sjouke UL

in Proc.\ 23rd Security Protocols Workshop (2015)

Detailed reference viewed: 41 (2 UL)
Full Text
Peer Reviewed
See detailAttack Trees with Sequential Conjunction
Jhawar, Ravi UL; Kordy, Barbara; Mauw, Sjouke UL et al

in Proceedings of the 30th IFIP TC 11 International Conference ICT Systems Security and Privacy Protection (SEC 2015) (2015)

Detailed reference viewed: 104 (7 UL)
Full Text
Peer Reviewed
See detailPUF-based authentication protocol to address ticket-switching of RFID-tagged items
Mauw, Sjouke UL; Piramuthu, S.

in Proc. 8th Workshop on Security and Trust Management, Pisa, Italy, September 13-14 2012 (2015)

Ticket-switching incidents where customers switch the price tag or bar code in order to pay a lower amount for their ‘purchased item’ is not uncommon in retail stores. Since the item has to pass through a ... [more ▼]

Ticket-switching incidents where customers switch the price tag or bar code in order to pay a lower amount for their ‘purchased item’ is not uncommon in retail stores. Since the item has to pass through a check-out counter before leaving the store, it has a (even if miniscule) positive probability of being identified. However, when item-level RFID tags are used in an automated check-out environment, the probability of such incidents coming to light is estimated to be almost zero. We propose an authentication protocol for this scenario using a pair of item-level RFID tags, one of which is PUF-enabled to resist cloning attacks. [less ▲]

Detailed reference viewed: 73 (0 UL)
Full Text
Peer Reviewed
See detailComparing distance bounding protocols: A critical mission supported by decision theory
Avoine, Gildas; Mauw, Sjouke UL; Trujillo Rasua, Rolando UL

in Computer Communications (2015), 67

Detailed reference viewed: 75 (7 UL)
Full Text
Peer Reviewed
See detailFP-Block: Usable Web Privacy by Controlling Browser Fingerprinting
Ferreira Torres, Christof UL; Jonker, Hugo; Mauw, Sjouke UL

in Pernul, Günther; Y A Ryan, Peter; Weippl, Edgar (Eds.) Computer Security -- ESORICS 2015 (2015)

Online tracking of users is used for benign goals, such as detecting fraudulent logins, but also to invade user privacy. We posit that for non-oppressed users, tracking within one website does not have a ... [more ▼]

Online tracking of users is used for benign goals, such as detecting fraudulent logins, but also to invade user privacy. We posit that for non-oppressed users, tracking within one website does not have a substantial negative impact on privacy, while it enables legitimate benefits. In contrast, cross-domain tracking negatively impacts user privacy, while being of little benefit to the user. Existing methods to counter fingerprint-based tracking treat cross-domain tracking and regular tracking the same. This often results in hampering or disabling desired functionality, such as embedded videos. By distinguishing between regular and cross-domain tracking, more desired functionality can be preserved. We have developed a prototype tool, FP-Block, that counters cross-domain fingerprint-based tracking while still allowing regular tracking. FP-Block ensures that any embedded party will see a different, unrelatable fingerprint for each site on which it is embedded. Thus, the user’s fingerprint can no longer be tracked across the web, while desired functionality is better preserved compared to existing methods. [less ▲]

Detailed reference viewed: 246 (5 UL)
See detailProceedings 4th International Workshop on Engineering Safety and Security Systems
Pang, Jun UL; Liu, Yang; Mauw, Sjouke UL

Book published by EPTCS - 184 (2015)

Detailed reference viewed: 65 (4 UL)
Full Text
Peer Reviewed
See detailGeneralizing multi-party contract signing
Mauw, Sjouke UL; Radomirovic, Sasa UL

in Proc. 4th Conference on Principles of Security and Trust (POST'15) (2015)

Multi-party contract signing (MPCS) protocols allow a group of signers to exchange signatures on a predefined contract. Previous approaches considered either completely linear protocols or fully parallel ... [more ▼]

Multi-party contract signing (MPCS) protocols allow a group of signers to exchange signatures on a predefined contract. Previous approaches considered either completely linear protocols or fully parallel broadcasting protocols. We introduce the new class of DAG MPCS protocols which combines parallel and linear execution and allows for parallelism even within a signer role. This generalization is useful in practical applications where the set of signers has a hierarchical structure, such as chaining of service level agreements and subcontracting. Our novel DAG MPCS protocols are represented by directed acyclic graphs and equipped with a labeled transition system semantics. We define the notion of abort-chaining sequences and prove that a DAG MPCS protocol satisfies fairness if and only if it does not have an abortchaining sequence. We exhibit several examples of optimistic fair DAG MPCS protocols. The fairness of these protocols follows from our theory and has additionally been verified with our automated tool. We define two complexity measures for DAG MPCS protocols, related to execution time and total number of messages exchanged. We prove lower bounds for fair DAG MPCS protocols in terms of these measures. [less ▲]

Detailed reference viewed: 58 (0 UL)
Full Text
Peer Reviewed
See detailA symbolic algorithm for the analysis of robust timed automata
Kordy, Piotr UL; Langerak, Rom; Mauw, Sjouke UL et al

in 19th International Symposium on Formal Methods (FM'14), 12-16 May 2014 (2014, May)

Detailed reference viewed: 52 (2 UL)
Full Text
Peer Reviewed
See detailOn Robustness of Trust Systems
Zhang, Jie; Yang, Liu; Mauw, Sjouke UL et al

in 8th IFIP WG 11.11 International Conference on Trust Management (IFIPTM'14), Singapore 7-10 July 2014 (2014)

Detailed reference viewed: 62 (0 UL)
See detailProceedings of the 10th International Workshop on Security and Trust Management (STM 2014)
Mauw, Sjouke UL; Jensen, Christian Damsgaard

Book published by Springer (2014)

Detailed reference viewed: 28 (1 UL)
See detailInformaticaonderwijs aan Nederlandse Universiteiten in 2013 - State of the Art
Paredaens, Jan; Bijlsma, Lex; Boot, Peter et al

Report (2014)

Detailed reference viewed: 22 (0 UL)
Peer Reviewed
See detailProceedings First International Workshop on Graphical Models for Security, GraMSec 2014
Kordy, Barbara UL; Mauw, Sjouke UL; Pieters, Pieters

in First International Workshop on Graphical Models for Security, GraMSec 2014, Grenoble, France, 12th April, 2014 (2014)

Detailed reference viewed: 16 (1 UL)
Full Text
Peer Reviewed
See detailOn Robustness of Trust Systems
Zhang, Jie; Yang, Liu; Mauw, Sjouke UL et al

in 8th IFIP WG 11.11 International Conference on Trust Management (IFIPTM'14), Singapore 7-10 July 2014 (2014)

Detailed reference viewed: 48 (0 UL)
Full Text
Peer Reviewed
See detailDEMO: Demonstrating a Trust Framework for Evaluating GNSS Signal Integrity
Chen, Xihui UL; Harpes, Carlo; Lenzini, Gabriele UL et al

in Proceedings of 20th ACM Conference on Computer and Communications Security (CCS'13) (2013, November)

Through real-life experiments, it has been proved that spoofing is a practical threat to applications using the free civil service provided by Global Navigation Satellite Systems (GNSS). In this paper, we ... [more ▼]

Through real-life experiments, it has been proved that spoofing is a practical threat to applications using the free civil service provided by Global Navigation Satellite Systems (GNSS). In this paper, we demonstrate a prototype that can verify the integrity of GNSS civil signals. By integrity we intuitively mean that civil signals originate from a GNSS satellite without having been artificially interfered with. Our prototype provides interfaces that can incorporate existing spoofing detection methods whose results are then combined into an overall evaluation of the signal’s integrity, which we call integrity level. Considering the various security requirements from different applications, integrity levels can be calculated in many ways determined by their users. We also present an application scenario that deploys our prototype and offers a public central service – localisation assurance certification. Through experiments, we successfully show that our prototype is not only effective but also efficient in practice. [less ▲]

Detailed reference viewed: 236 (10 UL)
Full Text
Peer Reviewed
See detailDesign and formal analysis of a group signature based electronic toll pricing system
Chen, Xihui UL; Lenzini, Gabriele UL; Mauw, Sjouke UL et al

in Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (2013), 4(1), 55-75

Detailed reference viewed: 79 (12 UL)
Full Text
Peer Reviewed
See detailLocation Assurance and Privacy in GNSS Navigation
Chen, Xihui; Harpes, Carlo; Lenzini, Gabriele UL et al

in ERCIM News (2013), 2013(94),

The growing popularity of location-based services such as GNSS (Global Navigation Satellite System) navigation requires confidence in the reliability of the calculated locations. The exploration of a ... [more ▼]

The growing popularity of location-based services such as GNSS (Global Navigation Satellite System) navigation requires confidence in the reliability of the calculated locations. The exploration of a user’s location also gives rise to severe privacy concerns. Within an ESA (European Space Agency) funded project, we have developed a service that not only verifies the correctness of users’ locations but also enables users to control the accuracy of their revealed locations. [less ▲]

Detailed reference viewed: 55 (5 UL)