Security protocols, such as SSL (Secure Socket Layer) implemented in web browsers, play a vital role in our society that increasingly relies on electronic networks, such as the Internet and mobile phone networks. Whereas there are now reasonably mature mathematical methods to study the security of these protocols, rigorous techniques to ensure the correctness and security of the software implementing them are still in their infancy. The development of such techniques is of particular importance, as many security problems are ultimately due to software bugs. In order to reinforce Seneca's maxim `If virtue precedes us every step will be safe', the SOJOURN project aims at the development of rigorous, tool-supported techniques to assess and improve the security of Java implementations of the security protocols, with SSL as a concrete case study.
This is obviously an instance of a much more general problem, namely how to ensure the security of software. This is not just an issue of growing importance for the IT sector, but for society as a whole. It concerns all people as they increasingly rely on computerised networks in everyday life, e.g. for banking and health care, where security and privacy are very important. The fundamental scientific questions in this field of research -- how to identify relevant security properties, how to characterise and specify them, and how to ensure that they are met -- are still very much open questions. Surely, we cannot hope to solve these questions, but by concentrating our efforts in a specific area of security protocols, where the security issues are relatively clear, and by building on existing technologies and tools, we can expect to make an impact.
Fields of science
Call for proposal
See other projects for this call