Talk "Modelling and verifying privacy properties of web systems "

by Mark Ryan

Sat, 03 September 2011 at 03:00 pm in Winchester, United Kingdom

Joint work with: Myrto Arapinis, Sergiu Bursuc (University of Birmingham)

Abstract: We describe the protocol underlying a novel cloud-based conference management system that offers strong security and privacy properties. In our system, authors, reviewers and the conference chair interact through their web browsers with the cloud, to perform the usual tasks of uploading and downloading papers and reviews. In contrast with current systems, in our system the cloud provider does not have access to the content of papers and reviews, and moreover is unable to link authors, reviewers, and scores. We provide a prototype implementation of the system and performance results. We also express the protocol and its desired privacy properties in the language of ProVerif, and automatically prove that the properties hold.