Security Programming with High-Level Abstractions: a Tutorial (Extended Abstract)

The specification of security protocols with high-level programming abstractions, suited for security analysis and verification, has been advocated by the formal methods for security research community. Based on these principles of application design, we developed a tutorial to introduce undergraduate students to the foundations of security programming. The main pedagogical goal of this tutorial is to teach, in a simple and effective way, how to build secure distributed applications using common cryptographic primitives abstracting from their low-level details. The tutorial is aimed at helping the students to grasp quickly the main security concepts and to apply them effectively to the coding of distributed programs implementing security properties like authentication and secrecy. As programming is one of the main skills required by the cybersecurity industry, we believe that this tutorial can contribute to the professional development of future graduates

Security Programming with High-Level Abstractions: a Tutorial (Extended Abstract)

The specification of security protocols with high-level programming abstractions, suited for security analysis and verification, has been advocated by the formal methods for security research community. Based on these principles of application design, we developed a tutorial to introduce undergraduate students to the foundations of security programming. The main pedagogical goal of this tutorial is to teach, in a simple and effective way, how to build secure distributed applications using common cryptographic primitives abstracting from their low-level details. The tutorial is aimed at helping the students to grasp quickly the main security concepts and to apply them effectively to the coding of distributed programs implementing security properties like authentication and secrecy. As programming is one of the main skills required by the cybersecurity industry, we believe that this tutorial can contribute to the professional development of future graduates

On the role of secondary motions in turbulent square duct flow

We use a direct numerical simulations (DNS) database for turbulent flow in a square duct up to bulk Reynolds number \Rey_b=40000, to quantitatively analyze the role of secondary motions on the mean flow structure. For that purpose we derive a generalized form of the identity of Fukagata, Iwamoto and Kasagi (FIK), which allows to quantify the effect of cross-stream convection on the mean streamwise velocity, wall shear stress and bulk friction coefficient. Secondary motions are found to contribute for about $6\%$ of total friction, and to act as a self-regulating mechanism of turbulence whereby wall shear stress nonuniformities induced by corners are equalized, and universality of the wall-normal velocity profiles is established. We also carry out numerical experiments whereby the secondary motions are artificially suppressed, in which case their equalizing role is partially taken by the turbulent stresses

An IDE for the Design, Verification and Implementation of Security Protocols

Security protocols are critical components for the construction of secure and dependable distributed applications, but their implementation is challenging and error prone. Therefore, tools for formal modelling and analysis of security protocols can be potentially very useful to support software engineers. However, despite such tools having been available for a long time, their adoption outside the research community has been very limited. In fact, most practitioners find such applications too complex and hardly usable for their daily work. In this paper, we present an Integrated Development Environment for the design, verification and implementation of security protocols, aimed at lowering the adoption barrier of formal methods tools for security. In the spirit of Model Driven Development, the environment supports the user in the specification of the model using the simple and intuitive language AnB (and its extension AnBx). Moreover, it provides a push-button solution for the formal verification of the abstract and concrete models, and for the automatic generation of Java implementation. This Eclipse-based IDE leverages on existing languages and tools for the modelling and verification of security protocols, such as the AnBx Compiler and Code Generator, the model checker OFMC and the cryptographic protocol verifier ProVerif