The 8th International Workshop on Formal Aspects of Security & Trust (FAST2011)
Leuven, Belgium.
September 15-16, 2011

FAST2011 is co-located with
European Symposium on Research in Computer Security (ESORICS 2011)
Leuven, Belgium
12-14 September, 2011



The eighth International Workshop on Formal Aspects of Security and Trust (FAST2011) aims at continuing the successful efforts of the previous FAST workshops, fostering cooperation among researchers in the areas of security and trust. Computing and network infrastructures have become pervasive, and now support a great deal of economic activity. Thus, society needs suitable security and trust mechanisms. Interactions increasingly span several enterprises and involve loosely structured communities of individuals. Participants in these activities must control interactions with their partners based on trust policies and business logic. Trust-based decisions effectively determine the security goals for shared information and for access to sensitive or valuable resources. FAST focuses on the formal models of security and trust that are needed to state goals and policies for these interactions. We also seek new and innovative techniques for establishing consequences of these formal models. Implementation approaches for such techniques are also welcome.



Title/Abstract Submission: 15 June 2011
Paper submission: 19 June 2011
Author Notification: 30 July 2011

Pre-proceedings version: 1 September 2011
Workshop: 15-16 September 2011
Post-proceedings version: 1 November 2011
Invited speakers:

·Andrew D. Gordon (Microsoft Research and University of Edinburgh)
·Frank Piessens (KU Leuven)



·Gilles Barthe, IMDEA Software, Spain (co-chair)
·Konstantinos Chatzikokolakis, École Polytechnique, France
·Stephen Chong, Harvard University, USA
·Michael Clarkson, Cornell University, USA
·Ricardo Corin, FaMAF, Universidad Nacional de Córdoba, Argentina
·Cas Cremers, ETH Zurich, Switzerland
·Anupam Datta, Carnegie Mellon University, USA (co-chair)
·Sandro Etalle, TU Eindhoven and Univ. of Twente, Netherlands (co-chair)
·Cedric Fournet, Microsoft Research, UK
·Deepak Garg, Carnegie Mellon University, USA
·Peter Herrmann, NTNU Trondheim, Norway
·Bart Jacobs, Radboud University Nijmegen, Netherlands
·Christian Damsgaard Jensen, Technical University of Denmark, Denmark
·Steve Kremer, LSV, ENS Cachan, CNRS, INRIA, France
·Fabio Martinelli, CNR, Italy
·Fabio Massacci, University of Trento, Italy
·Sjouke Mauw, University of Luxemburg, Luxembourg
·Mogens Nielsen, Aarhus, Denmark
·Mark Ryan, University of Birmingham, UK
·Ron van der Meyden, University of New South Wales, Australia
·Luca Vigano', Universita` di Verona, Italy



·Gilles Barthe, IMDEA Software, Spain
·Anupam Datta, Carnegie Mellon University, USA
·Sandro Etalle, TU Eindhoven and Univ. of Twente



Organizers can be reached at fast-2011'at'

Latest updates about FAST 2011 will be regularly posted to (a mailing list for the scientific community interested in computer security).



Suggested submission topics include, but are not limited to:

·Formal models for security, trust and reputation
·Security protocol design and analysis
·Logics for security and trust
·Trust-based reasoning
·Distributed trust management systems  
·Digital asset protection  
·Data protection  
·Privacy and ID management issues  
·Information flow analysis  
·Language-based security  
·Security and trust aspects in ubiquitous computing  
·Validation/Analysis tools  
·Web/Grid services security/trust/privacy  
·Security and risk assessment  
·Resource and access control  
·Case studies  



We seek papers presenting original contributions. Two types of submissions are possible:

1) short papers, up to 5 pages in LNCS format. 

2) full papers, up to 15 pages in LNCS format.

Submissions should clearly state their category (1 or 2). Author's full name, address, and e-mail must appear on the first page. Short papers as well as full papers will be included in the informal proceedings distributed at the workshop. After the workshop, authors of short papers which are judged mature enough for publication will be invited to submit full papers. These will be reviewed according to the usual refereeing procedures, and accepted papers will be published in the post-proceedings in LNCS. Simultaneous submission of full papers to a journal or conference/workshop with formal proceedings justifies rejection. Short papers at FAST are not formally published, so this restriction does not apply to them. However, related publications and overlapping submissions must be cited explicitly in short papers.

Follow this link to submit your paper through Easychair system



As done for the previous issues of FAST, the post-proceedings of the workshop will be published in LNCS. A special journal issue is also planned.




The programme is the following:

Thursday 15/9/2011

09:00 - 10:00 Invited speaker

·Frank Piessens (KU Leuven). Security and privacy mechanisms for the Web: model-based design and analysis.

10:00 - 10:30 Security API (1)
·Sibylle Froeschle and Nils Sommer. Concepts and Proofs for Configuring PKCS#11

10:30 - 11:00 Coffee Break

11:00 - 12:30 Protocol Analysis
·Ben Smyth, Mark Ryan and Liqun Chen. Formal analysis of anonymity in Direct Anonymous Attestation schemes
·Ricardo Corin and Felipe Andres Manzano. Concurrent Efficient Symbolic Execution for Analysing Cryptographic Protocol Implementations (Short Paper)
·Thomas Gibson-Robinson and Gavin Lowe. Analysing Applications Layered on Unilaterally Authenticating Protocols

12:30 - 14:00 Lunch

14:00 - 15:30 Information Flow
·Arnaud Fontaine, Samuel Hym and Isabelle Simplot-Ryl. Verifiable control flow policies for Java bytecode
·Luciano Bello and Eduardo Bonelli. On-the-fly inlining of dynamic dependency monitors for secure information flow
·Robert Grabowski, Martin Hofmann and Keqin Li. Type-Based Enforcement of Secure Programming Guidelines -- Code Injection Prevention at SAP

15:30 - 16:00 Coffee Break

16:00 - 18:00 Foundations
· Mario S. Alvim, Miguel E. Andres, Konstantinos Chatzikokolakis, Pierpaolo Degano and Catuscia Palamidessi. Differential Privacy: on the trade-off between Utility and Information Leakage
·Barbara Espinoza and Geoffrey Smith. Min-Entropy Leakage of Channels in Cascade
·Richard Gay, Heiko Mantel and Barbara Sprick. Service Automata
·Mohammad Torabi Dashti, Yanjing Wang and Jan Cederquist. Risk balance in optimistic non-repudiation protocols

Friday 16/9/2011

09:00 - 10:00 Invited speaker
·Andrew Gordon (Microsoft Research). Verifying Cryptographic Code in C: Some Experience and the Csec Challenge (joint work with Mihhail Aizatulin, Francois Dupressoir and Jan Juerjens)

10:00 - 10:30 Security API (2)
·Riccardo Focardi and Flaminia Luccio. Secure recharge of disposable RFID tickets

10:30 - 11:00 Coffee Break

11:00 - 12:30 Trust Management and Access Control
·Simon Foley and Samane Abdi. Avoiding Delegation Subterfuge using Linked Local Permission Names
·Timothy Hinrichs, William C. Garrison Iii, Adam J. Lee, Skip Saunders and John Mitchell. TBA: A Hybrid of Logic and Extensional Access Control Systems.
·Prasad Naldurg, Ranjita Bhagwan and Tathagata Das. Understanding policy intent and misconfigurations from implementations: Consistency and Convergence (Short Paper)

12:30 - 14:00 Lunch

14:00 - 15:30 Protocol Verification and Testing
·Sebastian Mödersheim. Diffie-Hellman without Difficulty
·Behnam Sattarzadeh and Mehran S. Fallah. Is Cryptyc Able to Detect Insider Attacks?
·Kuzman Katkalov, Kurt Stenzel, Marian Borek, Nina Moebius and Wolfgang Reif. Model-Driven Testing of Security Protocols with SecureMDD (Short Paper)

15:30 - 16:00 Coffee Break + END



To register to FAST 2011 please follow the link:

The registration fee is 380 euro , 280 euro for students. Early bird (before the 15th of August 2011) gives a reduction of 100 euro. For the accommodation, please visit: