Joint Workshop on
Automated Reasoning for Security Protocol Analysis
Issues in the Theory of Security
from this year on
Theory of Security and Applications
Affiliated with ETAPS 2011
Saarbrücken, Germany
March 31 and April 1, 2011

Download Pre-proceedings of TOSCA'11

Programme - Background, aim and scope - Instructions for authors - Important dates - PC - Additional information


THURSDAY March 31st

14:00 ETAPS Invited Talk. Michael Backes

Small break

Session: Protocols and Algebra
Chair: Catuscia Palamidessi

15:15 Florent Jacquemard, Étienne Lozes, Ralf Treinen and Jules Villard. Multiple Congruence Relations, First-Order Theories on Terms, and the Frames of the Applied Pi-Calculus

15:45 Sreekanth Malladi. Soundness of Removing Cancellation Identities in Protocol Analysis under Exclusive-OR

Session: Abstraction Layers
Chair: Sebastian Mödersheim

16:45 Invited Talk. Ueli Maurer. Constructive Cryptography: A New Paradigm for Security Definitions and Proofs

17:45 Moez Ben MBarka, Francine Krief and Olivier Ly. Modeling Long Term Signature Validation for Resolution of Dispute

FRIDAY April 1st

9:00 ETAPS Invited Talk. Marta Kwiatkowska

Coffee Break

Session: Protocol Composition and Construction
Chair: Pierpaolo Degano

10:30 Invited Talk. Veronique Cortier. Secure composition of protocols

11:30 Joshua Guttman. Security Goals and Protocol Transformations

12:00 Michael Backes, Matteo Maffei, Kim Pecina and Raphael M. Reischuk. G2C: Cryptographic Protocols From Goal-Driven Specifications

12:30-14:00 Lunch

Session: Information Hiding
Chair: Joshua Guttman

14:00 Invited Talk. David Sands. Paragon: Programming with Expressive Information Flow Policies

15:00 Morten Dahl, Stephanie Delaune and Graham Steel. Formal Analysis of Privacy for Anonymous Location Based Services

15:30 Marieke Huisman and Henri-charles Blondeel. Model-checking Secure Information Flow for Multi-Threaded Programs

Coffee Break

Session: Applications.
Chair: Catherine Meadows

16:30 Invited Talk. Sjouke Mauw. Looking for the needle in a haystack: reverse engineering data dumps

17:30 Zhengqin Luo, Tamara Rezk and Manuel Serrano. Automated Code Injection Prevention for Web Applications

18:00 Joeri de Ruiter and Erik Poll. Formal analysis of the EMV protocol suite

Background, aim and scope

Computer security is an established field of computer science of both theoretical and practical significance. In recent years, there has been increasing interest in logic-based foundations for various methods in computer security, including the formal specification, analysis and design of security protocols and their applications, the formal definition of various aspects of security such as access control mechanisms, mobile code security and denial-of-service attacks, and the modeling of information flow and its application to confidentiality policies, system composition, and covert channel analysis.

ARSPA is a series of workshops on Automated Reasoning for Security Protocol Analysis, bringing together researchers and practitioners from both the security and the formal methods communities, from academia and industry, who are working on developing and applying automated reasoning techniques and tools for the formal specification and analysis of security protocols. The first two ARSPA workshops were held as satellite events of the 2nd International Joint Conference on Automated Reasoning (IJCAR'04) and of the 32nd International Colloquium on Automata, Languages and Programming (ICALP'05), respectively. ARSPA then joined forces with the workshop FCS (Foundations of Computer Security): FCS-ARSPA'06 was affiliated with LICS'06, in the context of FLoC'06, and FCS-ARSPA'07 was affiliated with LICS'07 and ICALP'07.

WITS is the official annual workshop organised by the IFIP WG 1.7 on "Theoretical Foundations of Security Analysis and Design", established to promote the investigation on the theoretical foundations of security, discovering and promoting new areas of application of theoretical techniques in computer security and supporting the systematic use of formal techniques in the development of security related applications. This is the eleventh meeting in the series.

In 2008, ARSPA and WITS joined with the workshop on Foundations of Computer Security FCS for a joint workshop FCS-ARSPA-WITS'08 associated with LICS 2008 and CSF 21. In 2009, ARSPA and WITS joined forces for the joint workshop ARSPA-WITS which is associated with ETAPS since then. The aim of ARSPA-WITS'11 is to provide a forum for continued activity in different areas of computer security, bringing computer security researchers in closer contact with the ETAPS community and giving ETAPS attendees an opportunity to talk to experts in computer security, on the one hand, and contribute to bridging the gap between logical methods and computer security foundations, on the other.

We are interested both in new results in theories of computer security and also in more exploratory presentations that examine open questions and raise fundamental concerns about existing theories, as well as in new results on developing and applying automated reasoning techniques and tools for the formal specification and analysis of security protocols. We thus solicit submissions of papers both on mature work and on work in progress. Possible topics include, but are not limited to:

Automated reasoning techniques
Composition issues
Formal specification
Verification methods
Information flow analysis
Language-based security
Logic-based design
Program transformation
Security models
Static analysis
Quantitative and statistical methods
Access control and resource usage control
Availability and denial of service
Covert channels analysis
Anonymity, privacy and confidentiality
Intrusion detection
Preventing malicious code
Mobile code
Trust management
Security policies
Security protocols

Instructions for authors

All submissions will be peer-reviewed. Authors of accepted papers must guarantee that their paper will be presented at the workshop. To preserve ARSPA-WITS's tradition of being an open forum, authors may decide whether they would like a revised version of a paper to appear in the post-proceedings. Authors should clearly state at time of submission whether a paper is intended for presentation only or also for publication: this should be stated at the end of the abstract of the paper. Papers for presentation only may substantially overlap other (cited) work of the authors. This choice will not affect the selection procedure in any other way.

Submissions should be at most 16 page long excluding references and appendices with a total length not exceeding 20 pages. Manuscripts should be written in the Springer LNCS style available at the URL If your paper does not fit into this page limit, please contact the Program Chairs before submitting your paper.

Authors are invited to submit their papers electronically, as portable document format (pdf) or postscript (ps); please, do not send files formatted for work processing packages (e.g., Microsoft Word or Wordperfect files). The only mechanism for paper submissions is via the electronic submission web-site powered by EasyChair.

The post-proceedings of the workshop will be published by in the series.

Important dates

Program Committee

Additional Information

Further information about registration, travel, and venue can be found at the website of ETAPS'11.

The workshop is supported by the AVANTSSAR Project.