David Basin

The Tamarin prover is an open-source analysis tool for cryptographic protocols. Given a specification of a protocol, possible adversaries, and the desired security properties, Tamarin either verifies the protocol or provides counter examples witnessing attacks. Tamarin is a robust and powerful analysis tool: it has been under development for over a decade and has reached a state of maturity where it can be applied to model and analyze a wide range of real-world cryptographic protocols. It is now one of the leading tools in this domain, with a wide and active user community spanning both academia and industry. The objective of this book is to help both researchers and practitioners to gain a general understanding of how Formal Methods tools like Tamarin can be used to analyze and improve the quality of real-world protocols. Moreover, we specifically showcase the Tamarin prover and provide guidance on its usage. In this sense, this book provides a user’s manual forTamarin. But it goes far beyond that, highlighting Tamarin’s underlying theory and its use in modeling and applications.

When the SCION project started in 2009, the goal was to create an architecture offering high availability and security for basic point-to-point communication. In the five years since the publication of SCION: A Secure Internet Architecture, this next-generation Internet architecture has evolved in terms of both design and deployment.On the one hand, there has been development of exciting new concepts and systems, including a new global time-synchronization system, an inter-domain approach for bandwidth reservations called COLIBRI, and Green Networking, which allows combating global climate change on three fronts. On the other hand, SCION is now also in production use by the Swiss financial ecosystem, and enables participants such as the Swiss National Bank, the Swiss provider of clearing services (SIX), and all Swiss financial institutes to communicate securely and reliably with each other via the Secure Swiss Finance Network.This unique guidebook provides an updated description of SCION's main components, covering new research topics and the most recent deployments. In particular, it presents in-depth discussion of formal verification efforts. Importantly, it offers a comprehensive, thorough description of the current SCION system:Describes the principles that guided SCION's design as a secure and robust Internet architectureProvides a comprehensive description of the next evolution in the way data finds its way through the InternetExplains how SCION can contribute to reducing carbon emissions, by introducing SCION Green NetworkingDemonstrates how SCION not only functions in academic settings but also works in production deploymentsDiscusses additional use cases for driving SCION's adoptionPresents the approaches for formal verification of protocols and code Illustrated with many colorful figures, pictures, and diagrams, allowing easy access to the concepts and use cases Assembled by a team with extensive experience in the fields of computer networks and security, this text/reference is suitable for researchers, practitioners, and graduate students interested in network security. Also, readers with limited background in computer networking but with a desire to know more about SCION will benefit from an overview of relevant chapters in the beginning of the book.

When the SCION project started in 2009, the goal was to create an architecture offering high availability and security for basic point-to-point communication. In the five years since the publication of SCION: A Secure Internet Architecture, this next-generation Internet architecture has evolved in terms of both design and deployment.On the one hand, there has been development of exciting new concepts and systems, including a new global time-synchronization system, an inter-domain approach for bandwidth reservations called COLIBRI, and Green Networking, which allows combating global climate change on three fronts. On the other hand, SCION is now also in production use by the Swiss financial ecosystem, and enables participants such as the Swiss National Bank, the Swiss provider of clearing services (SIX), and all Swiss financial institutes to communicate securely and reliably with each other via the Secure Swiss Finance Network.This unique guidebook provides an updated description of SCION's main components, covering new research topics and the most recent deployments. In particular, it presents in-depth discussion of formal verification efforts. Importantly, it offers a comprehensive, thorough description of the current SCION system:Describes the principles that guided SCION's design as a secure and robust Internet architectureProvides a comprehensive description of the next evolution in the way data finds its way through the InternetExplains how SCION can contribute to reducing carbon emissions, by introducing SCION Green NetworkingDemonstrates how SCION not only functions in academic settings but also works in production deploymentsDiscusses additional use cases for driving SCION's adoptionPresents the approaches for formal verification of protocols and code Illustrated with many colorful figures, pictures, and diagrams, allowing easy access to the concepts and use cases Assembled by a team with extensive experience in the fields of computer networks and security, this text/reference is suitable for researchers, practitioners, and graduate students interested in network security. Also, readers with limited background in computer networking but with a desire to know more about SCION will benefit from an overview of relevant chapters in the beginning of the book.

This book explores fundamental principles for securing IT systems and illustrates them with hands-on experiments that may be carried out by the reader using accompanying software. The experiments highlight key information security problems that arise in modern operating systems, networks, and web applications. The authors explain how to identify and exploit such problems and they show different countermeasures and their implementation. The reader thus gains a detailed understanding of how vulnerabilities arise and practical experience tackling them.After presenting the basics of security principles, virtual environments, and network services, the authors explain the core security principles of authentication and access control, logging and log analysis, web application security, certificates and public-key cryptography, and risk management. The book concludes with appendices on the design of related courses, report templates, and the basics of Linux as needed for the assignments.The authors have successfully taught IT security to students and professionals using the content of this book and the laboratory setting it describes. The book can be used in undergraduate or graduate laboratory courses, complementing more theoretically oriented courses, and it can also be used for self-study by IT professionals who want hands-on experience in applied information security. The authors' supporting software is freely available online and the text is supported throughout with exercises.

This book explores fundamental principles for securing IT systems and illustrates them with hands-on experiments that may be carried out by the reader using accompanying software. The experiments highlight key information security problems that arise in modern operating systems, networks, and web applications. The authors explain how to identify and exploit such problems and they show different countermeasures and their implementation. The reader thus gains a detailed understanding of how vulnerabilities arise and practical experience tackling them.After presenting the basics of security principles, virtual environments, and network services, the authors explain the core security principles of authentication and access control, logging and log analysis, web application security, certificates and public-key cryptography, and risk management. The book concludes with appendices on the design of related courses, report templates, and the basics of Linux as needed for the assignments.The authors have successfully taught IT security to students and professionals using the content of this book and the laboratory setting it describes. The book can be used in undergraduate or graduate laboratory courses, complementing more theoretically oriented courses, and it can also be used for self-study by IT professionals who want hands-on experience in applied information security. The authors' supporting software is freely available online and the text is supported throughout with exercises.

Rippling is a radically new technique for the automation of mathematical reasoning. It is widely applicable whenever a goal is to be proved from one or more syntactically similar givens. It was originally developed for inductive proofs, where the goal was the induction conclusion and the givens were the induction hypotheses. It has proved to be applicable to a much wider class of tasks, from summing series via analysis to general equational reasoning. The application to induction has especially important practical implications in the building of dependable IT systems, and provides solutions to issues such as the problem of combinatorial explosion. Rippling is the first of many new search control techniques based on formula annotation; some additional annotated reasoning techniques are also described here. This systematic and comprehensive introduction to rippling, and to the wider subject of automated inductive theorem proving, will be welcomed by researchers and graduate students alike.