Nazim Benaissa's scientific contributions

Publications (9)

Conference Paper
We consider the refinement-based process for the development of security protocols. Our approach is based on the Event B refinement, which makes proofs easier and which makes the design process faithfull to the structure of the protocol as the designer thinks of it. We introduce the notion of mechanism related to a given security property; a mechan...
Article
The presence of big scale networks in our modern society is affecting our usual practice, which as a result is generating the need to introduce a more and more important level of remote security services. We address in this thesis the problem of security protocols composition, we focus in particular on cryptographic protocols as well as access cont...
Thesis
De nos jours, la présence de réseaux à grande échelle dans notre société bouleverse nos habitudes avec l'apparition de nouveaux services distants avec des besoins en matière de sécurité de plus en plus important. Nous abordons dans cette thèse la problématique de la composition des protocoles de sécurité, nous nous focalisons notamment sur les prot...
Article
De nos jours, la présence de réseaux à grande échelle dans notre société bouleverse nos habitudes avec l'apparition de nouveaux services distants avec des besoins en matière de sécurité de plus en plus important. Nous abordons dans cette thèse la problématique de la composition des protocoles de sécurité, nous nous focalisons notamment sur les prot...
Conference Paper
We consider the proof-based development of cryptographic protocols satisfying security properties. For instance, the model of Dolev-Yao provides a way to integrate a description of possible attacks, when designing a protocol. We use existing protocols and want to provide a systematic way to prove but also to design cryptographic protocols; moreover...
Article
Full-text available
Notre travail se situe dans le cadre du développement incrémental prouvé de systèmes distribués communiquant par des canaux non fiables, en particulier des protocoles de communication utilisés dans les porte-monnaie électroniques. L'approche B événementielle est mise en application sur une étude de cas réputée du Grand Challenge et appelée Mondex....
Conference Paper
We address the proof-based development of (system) models satisfying a security policy. The security policy is expressed in a model called OrBAC, which allows one to state permissions and prohibitions on actions and activities and belongs to the family of role-based access control formalisms. The main question is to validate the link between the se...

Citations

... Plusieurs systèmes ont été modélisés en utilisant la méthode Event-B, et son application touche des domaines de nature différente. Ce formalisme a été utilisé pour la modélisation de nombreux problèmes et systèmes, tels que les algorithmes distribués [16], les systèmes multi-agents [137], la sécurité et en particulier, les protocoles d'authentification, d'établissement des clefs, et d'accès [34], les protocoles de population [189], le pacemaker [234], . . . et dans bien d'autres travaux. ...
... Event-B modelling language is supporting our methodological proposal suggesting proof-based guidelines. The main objective is to facilitate the correct-by-construction approach for designing distributed algorithms [Reh09,BM09,Mér09] by combining local computing models [CM10,CM07c] and Event-B models [Abr10] to get benefits of both models. In fact, local computation models provide an abstraction of distributed computations, which can be expressed in Event-B; they provide a graphical complement for Event-B models and Event-B models provide a framework for expressing correctness with respect to safety properties. ...
... Formal system specification refinement has been investigated for some time initially for system refinement in the specification language Z [11] but a dedicated security refinement has not been formalised for some time [31]. The idea to refine a system specification for security has been already addressed in B [5], [35]. The former combines the refinement of B with system security policies given in Organisation based Access Control (OrBAC) and presents a generic example of a system development. ...
... This method allows for formal verification of security properties through translation of the spi-calculus specifications to a format that can be verified by ProVerif prior to code generation. -In 1993 and in 2009, Bieber et al. [18] and Benaissa et al. [12] respectively proposed an approach to analyze the security of cryptographic protocols using the Event-B framework. To the best of our knowledge, they partly implement the Dolev-Yao model as a library for the internal verifier of Event-B, allowing them to specify lemmas describing security properties to be proven such as secrecy and authentication. ...
... Our development can be combined with the already realized models of Benaïssa [3,4] that deal with the key establishment properties for the preparation phase. His works deal with the authentication properties, as well as the key establishment goals combined with the attacker's knowledge. ...
... • vérification et simulation, [12] propose un inventaire exhaustif des différentes méthodes de CA, la thèse [54] s'intéresseà des composantes, telles que l'administration des politiques de CA, non traitées dans ce document, de même la thèse [42] s'intéresseà des concepts tels que le contrôle d'interface qui ne sont pas traités dans ce document et la thèse [62] présente uneétude des méthodes de validation des modèles de politiques de CA. • la permission de réaliser l'action A par P A, ...