Paolo Modesti

Paolo Modesti
Teesside University · Department of Computing

PhD in Computer Science
I am interested in working with motivated PhD students who have strong interest in Cybersecurity and Computer Science

About

23
Publications
3,603
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
92
Citations
Introduction
I am a Senior Lecturer in Cybersecurity at Teesside University, UK. My main research interests are languages and tools for security, applied formal methods for security, focusing on specification language design, modelling and verification of security protocols and generation of security protocols implementations.

Publications

Publications (23)
Article
Full-text available
Designing distributed protocols is complex and requires actions at very different levels: from the design of an interaction flow supporting the desired application-specific guarantees to the selection of the most appropriate network-level protection mechanisms. To tame this complexity, we propose AnBx, a formal protocol specification language based...
Conference Paper
Full-text available
The AnBx compiler is a tool for automatic generation of Java implementations of security protocols specified in a simple and abstract model that can be formally verified. In our model-driven development approach, protocols are described in AnBx, an extension of the Alice & Bob notation. Along with the synthesis of consistency checks, the tool analy...
Conference Paper
To counteract the lack of competition and innovation in the financial services industry, the EU has issued the Second Payment Services Directive (PSD2) encouraging account servicing payment service providers to share data. The UK, similarly to other European countries, has promoted a standard API for data sharing: the Open Banking Standard. We pres...
Article
Full-text available
As the number of software vulnerabilities discovered increases, the industry is facing difficulties to find specialists to cover the vacancies for security software developers. Considering relevant teaching and learning theories, along with existing approaches in software security education , we present the pedagogic rationale and the concrete impl...
Article
Full-text available
The Payment Protocol standard BIP70, specifying how payments in Bitcoin are performed by merchants and customers, is supported by the largest payment processors and most widely-used wallets. The protocol has been shown to be vulnerable to refund attacks due to lack of authentication of the refund addresses. In this paper, we give the first formal m...
Article
Full-text available
The rapid advancement of internet technologies has dramatically increased the number of connected devices. This has created a huge attack surface that requires the deployment of effective and practical countermeasures to protect network infrastructures from the harm that cyber-attacks can cause. Hence, there is an absolute need to differentiate bou...
Preprint
Full-text available
The Payment Protocol standard BIP70, specifying how payments in Bitcoin are performed by merchants and customers, is supported by the largest payment processors and most widely-used wallets. The protocol has been shown to be vulnerable to refund attacks due to lack of authentication of the refund addresses. In this paper, we give the first formal m...
Article
Mobile applications are extremely popular with many higher education institutions offering courses to prepare new developers sought by the software industry. However, teaching and assessing mobile application development poses specific challenges due to the complexity of real-world programming languages and environments. In this work, we present a...
Preprint
Full-text available
To counteract the lack of competition and innovation in the financial services industry, the EU has issued the Second Payment Services Directive (PSD2) encouraging account servicing payment service providers to share data. The UK, similarly to other European countries, has promoted a standard API for data sharing:~the Open Banking Standard. We pres...
Article
Full-text available
The EMVCo (EMV® is a registered trademark or trademark of EMVCo, LLC in the US and other countries.) organisation (i.e. MasterCard, Visa, etc.) protocols facilitate worldwide interoperability of secure electronic payments. Despite recent advances, it has proved difficult for academia to provide an acceptable solution to construction of secure appli...
Conference Paper
Full-text available
Security protocols are critical components for the construction of secure and dependable distributed applications, but their implementation is challenging and error prone. Therefore, tools for formal modelling and analysis of security protocols can be potentially very useful to support software engineers. However, despite such tools having been ava...
Conference Paper
Full-text available
The specification of security protocols with high-level programming abstractions, suited for security analysis and verification, has been advocated by the formal methods for security research community. Based on these principles of application design, we developed a tutorial to introduce undergraduate students to the foundations of security program...
Article
Full-text available
Designing distributed protocols is complex and requires actions at very different levels: from the design of an interaction flow supporting the desired application-specific guarantees to the selection of the most appropriate network-level protection mechanisms. To tame this complexity, we propose AnBx, a formal protocol specification language based...
Technical Report
This deliverable summarizes the security evaluation of the FutureID project not only for the whole project but also for some of its selected parts. In particular, we performed this evaluation, based on the security requirements specified in D22.2 at three levels: reference architecture, implementation, and pilots. The overall approach of the evalua...
Conference Paper
Full-text available
We integrate, and improve upon, prior relative soundness results of two kinds. The first kind are typing results showing that any security protocol that fulfils a number of sufficient conditions has an attack if it has a well-typed attack. The second kind considers the parallel composition of protocols, showing that when running two protocols in pa...
Technical Report
Full-text available
Designing distributed protocols is complex and requires actions at very different levels: from the design of an interaction flow supporting the desired application-specific guarantees, to the selection of the most appropriate network-level protection mechanisms. To tame this complexity, we propose AnBx, a formal protocol specification language base...
Conference Paper
Full-text available
The implementation of security protocols is challenging and error-prone. A model-driven development approach allows the automatic generation of an application, from a simpler and abstract model that can be formally verified. Our AnBx compiler is a tool for automatic generation of Java code of security protocols specified in the Alice&Bob notation....
Conference Paper
Full-text available
The implementation of security protocols is challenging and error-prone. A model-driven development approach allows the automatic generation of an application, from a simpler and abstract model that can be formally verified. Our AnBx compiler is a tool for automatic generation of Java code of security protocols specified in the Alice&Bob notation....
Technical Report
The implementation of security protocols is challenging and error-prone, as experience has proved that even widely used and heavily tested protocols like TLS and SSH need to be patched every year due to low-level implementation bugs. A model-driven development approach allows automatic generation of an application, from a simpler and abstract model...
Thesis
Full-text available
AnBx is an extension of the Alice & Bob notation for protocol narrations to serve as a specification language for a purely declarative modelling of distributed protocols. AnBx is built around a set of communication and data abstractions which provide primitive support for the high-level security guarantees, and help shield from the details of the u...
Conference Paper
Full-text available
We formally analyze the Secure Vehicle Communication system developed by the EU-project SeVeCom, using the AIF framework which is based on a novel set-abstraction technique. The model involves the hardware security modules (HSMs) of a number of cars, a certification authority, and the protocols executed between them. Each participant stores a datab...
Conference Paper
Full-text available
Designing distributed protocols is challenging, as it requires actions at very different levels: from the choice of network-level mechanisms to protect the exchange of sensitive data, to the definition of structured interaction patterns to convey application-specific guarantees. Current security infrastructures provide very limited support for the...

Network

Cited By

Projects