PROJECT PERIODIC REPORT - avantssar.euavantssar.eu/pdf/deliverables/avantssar-ppr-P2.pdf · 3.1.5...
Transcript of PROJECT PERIODIC REPORT - avantssar.euavantssar.eu/pdf/deliverables/avantssar-ppr-P2.pdf · 3.1.5...
PROJECT PERIODIC REPORT
Grant Agreement number: 216471
Project acronym: AVANTSSAR
Project title: Automated Validation of Trust and Security of Service-oriented Architectures
Funding Scheme: Small/medium-scale focused research project (STREP), Seventh Framework Programme, Theme ICT-1.1.4
Date of latest version of Annex I against which the assessment will be made: 17 / 10 / 07
Periodic report: 1st □ 2nd √ 3rd □
Period covered: from 01 / 01 / 09 to 31 / 12 / 09
Name, title and organisation of the scientific representative of the project's coordinator:
Prof. Luca Vigano` Universita` Degli Studi Di Verona Department of Computer Science Strada le Grazie 15 37134 Verona Italy
Mobile: +39 320 4251233
Tel: +39 0458027070
Fax: +39 0458027068
E-mail: [email protected]
Project website address: www.avantssar.eu
Automated VAlidatioN of Trust and Securityof Service-oriented ARchitectures
FP7-ICT-2007-1, Project No. 216471
www.avantssar.eu
Deliverable D1.4Progress/Assessment Report for Year 2
(Period P2: 01.01.09 — 31.12.09)
AbstractThis Periodic Progress Report covers the second year of the AVANTSSARproject. It consists of a publishable executive summary, of an overview of theproject objectives for the period and of the work progress and the achieve-ments during the period, of the deliverables and milestones, of a summary ofthe project management including an explanation of the use of the resourcesand the corresponding financial statements.
Deliverable detailsDeliverable version: v1.1 Classification: publicDate of delivery: 18.04.2010 (v1.0: 05.02.2010) Due on: 05.02.2010Editors: all Total pages: 165
Project detailsStart date: January 01, 2008 Duration: 36 monthsProject Coordinator: Luca ViganòPartners: UNIVR, ETH Zurich, INRIA, UPS-IRIT, UGDIST, IBM,
OpenTrust, IEAT, SAP, SIEMENS
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 2/165
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 3/165
Contents1 Publishable summary 10
1.1 Project objectives and main expected results . . . . . . . . . . 101.2 Project impact . . . . . . . . . . . . . . . . . . . . . . . . . . 121.3 Achievements and main results so far . . . . . . . . . . . . . . 121.4 Dissemination and use so far . . . . . . . . . . . . . . . . . . . 14
2 Project objectives for the period 15
3 Work progress and achievements during the period 163.1 Work progress and achievements by WP . . . . . . . . . . . . 16
3.1.1 WP2: Modeling trust and security aspects of service-oriented architectures . . . . . . . . . . . . . . . . . . 16
3.1.2 WP3: Automated reasoning techniques . . . . . . . . 183.1.3 WP4: Validation Platform . . . . . . . . . . . . . . . 263.1.4 WP5: Proof of concept . . . . . . . . . . . . . . . . . 283.1.5 WP6: Dissemination and industry migration . . . . . 34
3.2 Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
4 Deliverables and milestones tables 434.1 Deliverables list . . . . . . . . . . . . . . . . . . . . . . . . . . 43
4.1.1 Deliverable D1.4 . . . . . . . . . . . . . . . . . . . . . 454.1.2 Deliverable D2.2 . . . . . . . . . . . . . . . . . . . . . 464.1.3 Deliverable D4.1 . . . . . . . . . . . . . . . . . . . . . 474.1.4 Deliverable D6.1 . . . . . . . . . . . . . . . . . . . . . 48
4.2 Milestones list . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
5 Project Management 515.1 Project Planning and Timetable (GANTT Chart) . . . . . . . 515.2 Project Management and Coordination . . . . . . . . . . . . . 51
5.2.1 Project Meetings . . . . . . . . . . . . . . . . . . . . . 515.2.2 Task-forces . . . . . . . . . . . . . . . . . . . . . . . . 535.2.3 Website . . . . . . . . . . . . . . . . . . . . . . . . . . 535.2.4 Mailing lists . . . . . . . . . . . . . . . . . . . . . . . . 545.2.5 SVN Server . . . . . . . . . . . . . . . . . . . . . . . . 55
5.3 Use of foreground and dissemination activities . . . . . . . . . 555.3.1 Project Workshops and Conferences, Lectures, Tutorials 555.3.2 European and international projects and working groups 56
5.4 Involvement of project participants in scientific events . . . . . 615.5 AVANTSSAR publications and drafts . . . . . . . . . . . . . . 67
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 4/165
5.6 AVANTSSAR theses . . . . . . . . . . . . . . . . . . . . . . . 715.7 AVANTSSAR talks and presentations . . . . . . . . . . . . . . 72
6 Explanation of the use of the resources 796.1 Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 806.2 Explanation of personnel costs, subcontracting and any major
direct costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 956.3 General project meetings . . . . . . . . . . . . . . . . . . . . . 122
6.3.1 First AVANTSSAR Workshop and First Review Meeting1226.3.2 ASLan v.2 Meeting . . . . . . . . . . . . . . . . . . . 1236.3.3 2nd Synchronization Meeting . . . . . . . . . . . . . . 1246.3.4 WP4 Meeting . . . . . . . . . . . . . . . . . . . . . . . 125
6.4 Working meetings . . . . . . . . . . . . . . . . . . . . . . . . . 1266.4.1 Definition and application of a distributed temporal
logic for the analysis of security protocols and services 1266.4.2 Technical meeting on WP5: SAML SSO . . . . . . . . 1276.4.3 Meeting on model-checking for authorization policies . 1286.4.4 Meeting on orchestration work . . . . . . . . . . . . . . 1296.4.5 Working Meeting on WP6.2: SAP NW BPM . . . . . . 1306.4.6 Meeting on secure pseudonymous channels . . . . . . . 1316.4.7 Definition and application of a distributed temporal
logic for the analysis of security protocols and services 1326.4.8 AVANTSSAR technical synchronization meeting onWP4
and WP6 . . . . . . . . . . . . . . . . . . . . . . . . . 1336.4.9 Working Meeting on Dynamic Policies, Services, and
Composition . . . . . . . . . . . . . . . . . . . . . . . . 1346.4.10 Working Meeting on WP2 and WP3 . . . . . . . . . . 1356.4.11 Working Meeting on WP4 and WP5 . . . . . . . . . . 1366.4.12 Working Meeting on WP6.2: SAP NW NGSSO and
SAP NW BPM . . . . . . . . . . . . . . . . . . . . . . 1376.5 Participation to European and scientific events . . . . . . . . . 138
6.5.1 6th ACM Workshop on Formal Methods in SecurityEngineering (FMSE 2008) co-located with ComputerCommunication Security . . . . . . . . . . . . . . . . . 138
6.5.2 ARES’09 . . . . . . . . . . . . . . . . . . . . . . . . . . 1396.5.3 ARSPA-WITS’09 and working meeting at Imperial Col-
lege . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1406.5.4 IWSP 2009, 17th International Workshop on Security
Protocols . . . . . . . . . . . . . . . . . . . . . . . . . 1416.5.5 Future Internet Conference Prague 2009 . . . . . . . . 142
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 5/165
6.5.6 Applied Cryptography and Network Security, 7th In-ternational Conference . . . . . . . . . . . . . . . . . . 143
6.5.7 9th International School on Formal Methods for theDesign of Computer, Communication and Software Sys-tems: Web Services (SFM-09:WS) . . . . . . . . . . . . 144
6.5.8 Cinquièmes Journées Francophones MODÈLES FORMELSde l’INTERACTION (MFI’09) . . . . . . . . . . . . . 145
6.5.9 Conference on Automated Reasoning with Analytic Tableauxand Related Methods (Tableaux) and Workshop onFirst-Order Theorem Proving (FTP) 2009 . . . . . . . 146
6.5.10 Logic Colloquium 2009 . . . . . . . . . . . . . . . . . . 1476.5.11 9th International School on Foundations of Security
Analysis and Design (FOSAD) . . . . . . . . . . . . . . 1486.5.12 6th International Conference on Trust, Privacy and Se-
curity in Digital Business (TrustBus’09) . . . . . . . . 1496.5.13 12th International Information Security Conference 2009
1506.5.14 Summer School on Provable Security . . . . . . . . . . 1516.5.15 ESORICS’09 . . . . . . . . . . . . . . . . . . . . . . . 1526.5.16 4th International Conference on Risks and Security of
Internet and Systems 2009 (CRISIS 2009) . . . . . . . 1536.5.17 Stabilization, Safety, and Security of Distributed Sys-
tems, 11th International Symposium, SSS 2009 . . . . 1546.5.18 FAST’09 . . . . . . . . . . . . . . . . . . . . . . . . . . 1556.5.19 Methods for Modalities (M4M 2009) . . . . . . . . . . 1566.5.20 FIA Stockholm andWorkshop with the SHIELDS Project157
7 Planned work for the next reporting period 158
8 Financial statements – Forms C and Summary financial re-port (signed originals sent in parallel by post) 161
9 Certificates (signed originals sent in parallel by post) 162
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 6/165
List of Figures1 The AVANTSSAR Validation Platform and its usage towards
Enterprise SOA (TS abbreviates Trust and Security). . . . . . 112 The SAML Modeling Environment. . . . . . . . . . . . . . . . 393 The SAML Modeling Environment: pop-up warning. . . . . . 404 The SAML Modeling Environment: validation feature. . . . . 415 GANTT Chart of the AVANTSSAR Project . . . . . . . . . . 52
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 7/165
List of Tables1 Application areas and the related families of problem cases. . . 302 Deliverables . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443 Milestones (and decision points) . . . . . . . . . . . . . . . . . 504 Total resources for Period P2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 815 Total resources for Period P2 (full table, part 1/3). . . . . . . . . . . . . . . . . 826 Total resources for Period P2 (full table, part 2/3). . . . . . . . . . . . . . . . . 837 Total resources for Period P2 (full table, part 3/3). . . . . . . . . . . . . . . . . 848 Resources for Period P2: UNIVR . . . . . . . . . . . . . . . . 859 Resources for Period P2: ETH Zurich . . . . . . . . . . . . . . 8610 Resources for Period P2: INRIA . . . . . . . . . . . . . . . . . 8711 Resources for Period P2: UPS-IRIT . . . . . . . . . . . . . . . 8812 Resources for Period P2: UGDIST . . . . . . . . . . . . . . . 8913 Resources for Period P2: IBM . . . . . . . . . . . . . . . . . . 9014 Resources for Period P2: OpenTrust . . . . . . . . . . . . . . 9115 Resources for Period P2: IEAT . . . . . . . . . . . . . . . . . 9216 Resources for Period P2: SAP . . . . . . . . . . . . . . . . . . 9317 Resources for Period P2: SIEMENS . . . . . . . . . . . . . . . 9418 Total costs for Period P2 . . . . . . . . . . . . . . . . . . . . . 9619 Costs for Period P2: UNIVR . . . . . . . . . . . . . . . . . . . 9720 Costs for Period P2: UNIVR adjustment . . . . . . . . . . . . 9821 Costs for Period P2: UNIVR (details) . . . . . . . . . . . . . . 9922 Costs for Period P2: ETH Zurich . . . . . . . . . . . . . . . . 10023 Costs for Period P2: ETH Zurich (details) . . . . . . . . . . . 10124 Costs for Period P2: INRIA . . . . . . . . . . . . . . . . . . . 10225 Costs for Period P2: INRIA (details) . . . . . . . . . . . . . . 10326 Costs for Period P2: University of Nancy . . . . . . . . . . . . 10427 Costs for Period P2: UPS-IRIT . . . . . . . . . . . . . . . . . 10528 Costs for Period P2: UPS-IRIT (details) . . . . . . . . . . . . 10629 Costs for Period P2: CNRS . . . . . . . . . . . . . . . . . . . 10730 Costs for Period P2: CNRS (details) . . . . . . . . . . . . . . 10831 Costs for Period P2: UGDIST . . . . . . . . . . . . . . . . . . 10932 Costs for Period P2: UGDIST (details) . . . . . . . . . . . . . 11033 Costs for Period P2: IBM . . . . . . . . . . . . . . . . . . . . 11134 Costs for Period P2: IBM (details) . . . . . . . . . . . . . . . 11235 Costs for Period P2: OpenTrust . . . . . . . . . . . . . . . . . 11336 Costs for Period P2: OpenTrust (details) . . . . . . . . . . . . 11437 Costs for Period P2: IEAT . . . . . . . . . . . . . . . . . . . . 11538 Costs for Period P2: IEAT (details) . . . . . . . . . . . . . . . 11639 Costs for Period P2: SAP . . . . . . . . . . . . . . . . . . . . 117
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 8/165
40 Costs for Period P2: SAP adjustment . . . . . . . . . . . . . . 11841 Costs for Period P2: SAP (details) . . . . . . . . . . . . . . . 11942 Costs for Period P2: SIEMENS . . . . . . . . . . . . . . . . . 12043 Costs for Period P2: SIEMENS (details) . . . . . . . . . . . . 12144 Deliverables due in Period P3 . . . . . . . . . . . . . . . . . . 15945 Milestones (and decision points) of Period P2 . . . . . . . . . 160
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 9/165
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 10/165
1 Publishable summary1.1 Project objectives and main expected resultsDriven by rapidly changing requirements and business needs, IT systemsand applications are undergoing a paradigm shift: components are replacedby services distributed over the network, and composed and reconfigureddynamically in a demand-driven way into service-oriented architectures.
Deploying services in future network infrastructures entails a wide rangeof trust and security issues. Solving them is extremely hard since making theservice components trustworthy is not sufficient: composing services leads tonew subtle and dangerous vulnerabilities due to interference between compo-nent services and policies, the shared communication layer, and applicationfunctionality. Thus, one needs validation of both the service components andtheir composition into secure service architectures.
AVANTSSAR proposes a technology for the formal specification and Au-tomated VAlidatioN of Trust and Security of Service-oriented ARchitectures.This technology will include an integrated toolset, the AVANTSSAR Valida-tion Platform, which will be tuned on relevant industrial case studies. Morespecifically, the project will develop:
• ASLan, the first formal language for specifying trust and security prop-erties of services, their associated policies, and their composition intoservice architectures.
• Automated techniques to reason about services, their associated secu-rity policies, and their dynamic composition into secure service archi-tectures.
• The AVANTSSAR Validation Platform, an automated toolset for vali-dating trust and security aspects of service-oriented architectures, de-picted in Figure 1.
• A library of validated composed services and service architectures,proving that the AVANTSSAR technology scales to the envisaged ap-plications.
Migrating project results to industry and disseminating them to standardiza-tion organizations will speed up the development of new network and serviceinfrastructures, enhance their security and robustness, and increase the pub-lic acceptance of emerging IT systems and applications based on them.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 11/165
Vu
lner
ab
ilit
y
: P
oli
cy:
To
ol
inp
ut/
ou
tpu
tP
: T
rust
an
d S
ecu
rity
TS
: C
om
po
sed
Ser
vic
eC
S:
Co
mp
ose
d P
oli
cyC
P:
Ser
vic
eS
insecure
P
Po
licy
Co
mp
ose
d s
ervi
ce/p
oli
cy
CP
CS
Sec
ure
d s
ervi
ce/p
oli
cy
TS
Wra
pp
er
CS
CP
secu
re
Ser
vice
s
feed
ba
ck
BP
MN
+ A
nn
ota
tio
ns
CO
NN
BP
EL
+ A
nn
ota
tio
ns
CO
NN
CO
NNA
nB
CO
NN
EC
TO
R
AS
La
n v
.2
orc
hes
tra
tio
n/
com
po
siti
on
vali
da
tio
np
rob
lem
TS
VA
LID
AT
OR
AS
La
n v
.1.1
AS
La
n v
.1.1
TS
OR
CH
ES
TR
AT
OR
Sp
ecif
ica
tio
n o
f th
e a
vail
ab
le s
ervi
ces
(new
) S
ervi
ce s
pec
ifie
d
TS
Wra
pp
er
Th
e A
VA
NT
SS
AR
Va
lid
ati
on
Pla
tfo
rm
Figu
re1:
The
AVANTSS
AR
Valid
ationPlatform
andits
usag
etowa
rdsE
nterprise
SOA
(TSab
breviatesT
rust
and
Security).
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 12/165
1.2 Project impactThe main impact targets are industry, research institutions, and standardiza-tion bodies working on the design of Web Services and service-oriented archi-tectures, focussing in particular on their trust and security aspects. Since theEuropean Society as a whole will ultimately benefit from the results of theproject (in terms of increased reliability and acceptance of, and confidencein, service-oriented architectures, in particular in e-health, e-government, e-market, etc.), special measures are planned to reach the public.
1.3 Achievements and main results so farAll the project objectives for the second reporting period have been success-fully achieved. The following are the main results we obtained:
Modeling trust and security aspects of service-oriented architecturesWe have defined two versions of the AVANTSSAR Specification Lan-guage (ASLan), which will allow one to formally model trust andsecurity-related aspects of service-oriented architectures to be validatedby the AVANTSSAR Validation Platform. ASLan v.1 (and its exten-sion ASLan v.1.1) supports the formal modeling of trust and security-related aspects of the basic building blocks of service-oriented archi-tectures. ASLan v.2 allows for the formal specification of static ser-vice and policy composition, and it borrows notions from proceduraland objected-oriented programming languages in order to be usableby those who are not an expert in formal protocol/service specifica-tion languages. ASLan v.2 is a more high-level language than ASLanv.1, and the AVANTSSAR Validation Platform accepts as input spec-ifications written in either ASLan v.2 or ASLan v.1/ASLan v.1.1 (inthe former case, the specification is automatically translated into a“platform-internal” ASLan v.1.1 specification), so that the formal val-idation of the input problem can be carried out.
Automated reasoning techniques We have been developing a numberof techniques to automatically reason about services and policies for-mally specified using ASLan. These techniques allow for satisfiabilitychecking of ASLan policies, for model checking of ASLan services withrespect to policies and for compositional reasoning for services and poli-cies. Automated reasoning about a variety of attacker models is alsosupported, as well as a number of abstraction techniques for composedservices and policies.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 13/165
AVANTSSAR Validation Platform We have implemented a prototypeof the AVANTSSAR Validation Platform as a service-oriented archi-tecture. The platform takes as input a policy stating the functionaland security requirements of a goal service and a description of theavailable services (including a specification of their security-relevantbehavior, possibly including the local policies they satisfy) and appliesautomated reasoning techniques in order to build an orchestration ofthe available services that meets the security requirements stated inthe policy. The platform comprises of two main components: the Or-chestrator tries to build an orchestration, i.e. a composition, of theavailable services in a way that is expected (but not yet guaranteed) tosatisfy the input policy; the Validator automatically analyses the vali-dation problem resulting from the Orchestrator output, where a failedvalidation means the existence of vulnerabilities that need to be fixed;otherwise, the composition of the services is guaranteed to be secure,i.e. to meet the input policy.
Proof of concept We have begun the selection and formalization of industry-relevant problem cases as ASLan specifications and their validationusing the verification tools developed within the project.We have formalized 6 case studies and validated 13 problem cases,thus covering all proposed areas and a large majority of the targetedproblem cases. This evaluation phase has been instrumental in severalrespects. In terms of formalization we have confirmed the suitability ofour specification language and refined several choices. For validationand orchestration, we have tested the new features incorporated intothe tools, notably the handling of policies and dynamicity. In terms ofperformance, the tools have successfully handled all case studies, someof which were quite large; however, some verification problems havetested the limits of the tool set; these have required manual adaptationof the model or have been handled only by some of the tools. Con-sequently, we are undertaking optimizations both of the ASLan v.2 toASLan v.1.1 translator and of the back-ends.
Dissemination and industry migration Dissemination and migration ofthe project results into the scientific community, standardization orga-nizations and industry is well underway. In particular, contacts withcore business units at the industrial partners of AVANTSSAR havebeen been consolidated and a number of valuable migration activitieshave been carried out: the application of AVANTSSAR to formally an-alyze the SAP NetWeaver SAML Next Generation Single Sign On ser-
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 14/165
vices; the exploitation of AVANTSSAR technology to formally analyzesecurity-critical aspects of business processes within the SA; NetWeaverBPM product solution; the application of AVANTSSAR languages andtechniques to service-oriented architectures developed at IBM; integra-tion of AVANTSSAR technology into the service-oriented applicationsdeveloped at OpenTrust.
1.4 Dissemination and use so farAVANTSSAR represents an unprecedented effort to apply automated valida-tion methods to trust and security aspects of service-oriented architecturescomprising of composed services, and it has therefore been generating quitea large interest in both academia and industry. Dissemination and use offoreground thus have a high priority and we have planned appropriate mea-sures to ensure an effective and timely dissemination of the project resultsto potential users, both at the European level and world-wide.
During the second year, the project participants produced 30 papers pub-lished or currently in print about the project’s foreground (amounting to 49papers since the start of the project), and 7 more papers are currently submit-ted. Further papers are in preparation. Foreground and other informationrelated to AVANTSSAR have been presented in 45 (87 in total) talks, pre-sentations and demos by project participants. Moreover, AVANTSSAR hassupported or been involved in, through the participants, 40 (74 in total)scientific events about topics directly related to the project.
More information (including project details, deliverables, publications,software, news, press-kits and a demo video of the vulnerability of the SAML-based Single Sign-On service for Google Apps that we discovered in the courseof the first project year) is available at
www.avantssar.eu
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 15/165
2 Project objectives for the periodThe technical objectives of the project in the second reporting period were:
• Definition of Version 2 of the AVANTSSAR Specification Language(ASLan v.2) for the specification of security-sensitive service-orientedarchitectures, the associated security policies, and their trust and se-curity properties. In particular, ASLan v.2 should allow for the formalspecification of static service and policy composition.
• The development of techniques for satisfiability checking of ASLan poli-cies, for model checking of service-oriented architectures with respectto policies, for the analysis of web service security under different at-tacker models, for compositional reasoning for services and policies,and for the validation of composed services and policies with the helpof different abstraction approaches.
• Design and prototypical implementation of the AVANTSSAR Valida-tion Platform v. 1.
• Formalization of industry-relevant problem cases as ASLan specifica-tions and their validation using the verification tools developed withinthe project.
• Dissemination and migration of the project results into the scientificcommunity, industry and standardization bodies. In particular, in thesecond reporting period, the project should start the the migration ofits technologies to the industrial development environments of IBM,OpenTrust and SAP.
As illustrated in the following sections in more detail, these objectiveshave been fully achieved.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 16/165
3 Work progress and achievements during theperiod
3.1 Work progress and achievements by WP3.1.1 WP2: Modeling trust and security aspects of service-oriented
architectures
Workpackage Objective The objective is the definition of the syntaxand semantics of the AVANTSSAR Specification Language (ASLan), whichwill allow one to formally model trust and security-related aspects of service-oriented architectures to be validated by the AVANTSSAR Validation Plat-form.
Workpackage AchievementsWP2.1 Atomic services and non-composed policies This subworkpack-
age is dedicated to the definition of ASLan v.1, which allows for spec-ification of atomic services and non-composable policies. The work onthis subworkpackage has finished in the first year of the project (seeDeliverable D2.1 [AVA08b]).
WP2.2 Static service and policy composition The objective of this sub-workpackage consists in extending ASLan so to allow for static com-position of services and policies. The extended version of ASLan, i.e.ASLan v.2, borrows notions from procedural and objected-oriented pro-gramming languages in order to be usable by those who are not expertin formal protocol/service specification languages.The following features of ASLan v.2 are in particular useful in formallymodeling static services and policy compositions:
• Control flow constructs (e.g. while and if). These allow for spec-ifying services in a concise manner using concepts familiar to mostprogrammers.
• Modularity via the notion of an entity. This allows for specify-ing services separately, and instantiating them multiple times orcomposing them with other services. Moreover, modularity helpsin localizing policies to individual services, and precisely mappingout their trust relations.
• Annotated channels. These provide an intuitive notation for ex-pressing properties of communication channels that are used bothas service assumptions and service goals.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 17/165
ASLan v.2 is translated to ASLan v.1.1, which is in turn an extension ofASLan v.1. The translation defines the semantics of ASLan v.2. ASLanv.1.1 consists in a number of technical improvements over ASLan v.1.In particular, it introduces the notion of macro steps which allows forabstracting from internal computations of honest services.
WP2.3 Dynamic service and policy composition The objective of thissubworkpackage is to further extend ASLan capability of expressingstatic composition of services and policies to dynamic composition.The work on this subworkpackage has recently started and the result-ing language ASLan v.3 will be described in deliverable D2.3. In orderto simplify terminology and ease the use of the AVANTSSAR Platform,we will deploy the languages with the following simple names:
• the lower-level specification language (currently ASLan v.1/ASLanv.1.1) will be simply called ASLan,
• the higher-level specification language (currently ASLan v.2/ASLanv.3) will be simply called ASLan++.
Dynamic service composition in the context of AVANTSSAR refers tothe situation where the services choose their partners at run time, andtherefore the composition of services is not fixed a priori. The typicaldynamic binding scenario envisioned, e.g., in the Universal Descrip-tion, Discovery and Integration (UDDI) standard [Con] would be aninstance of dynamic composition of services: Web servers announcetheir services and their interface requirements on a service broker, andthen clients can look up the broker’s directory in order to determinewhich of the services advertised there satisfy their policies. After thisservice discovery phase, clients would bind to suitable (if any) serviceproviders. The AVANTSSAR Platform can be used to validate the se-curity requirements of service providers, their clients, and the channelsconnecting them, determined in such dynamic scenarios.Dynamic policies in the context of AVANTSSAR refer to the situa-tion where security policies that govern services and their compositiondepend on the state of the services, and can therefore change whilethe services evolve. For instance, in the context of administrativeRBAC [Cra05], Alice may have the role user in a state S, and upgradeto role manager in the next state S ′, due to some conditions (e.g. theadministrator decides that since all the managers are on vacation instate S ′, Alice should take the manager role). The authorization rights
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 18/165
of Alice correspondingly evolve when moving from S to S ′. The poli-cies governing the system in S is therefore different from those in S ′.The AVANTSSAR Platform can be used to validate the security re-quirements of services and their policies, determined in such dynamicscenarios.
3.1.2 WP3: Automated reasoning techniques
Workpackage Objective The objective is the development of reasoningtechniques and of theoretical results that will be implemented in WP4 in theAVANTSSAR Validation Platform. These techniques will focus on the logicsand models defined using the ASLan language developed in WP2.
Workpackage Achievements
WP3.1 Satisfiability of ASLan policies. Policies have been consideredat several levels:
Trust negotiation and access control. We have continued the workon the logical modeling of access control systems. Our emphasisthis year was on the expression of different kinds of delegation ina distributed environment. We have also formalized trust negotia-tion as a functionality that can be called by agents before enteringa task or executing an action. These advances are part of Marwael Houri’s PhD Thesis (partially funded by AVANTSSAR) andhave been published in [9, 10].Moreover, in the manuscript [35] Mounira Kourjieh and YannickChevalier have investigated conditions under which the entailmentproblems for ASLan-like sets of clauses are decidable. They pro-pose an ordered saturation procedure similar to the one in [BG01]though with less restriction on the possible orderings such that,whenever it terminates, it outputs a set of clauses for the groundentailment problems, and thus the problem of deciding whether atransition is applicable in ASLan, is decidable.
Request message analysis and response synthesis. Given the spec-ification of a communication scenario between two or more peersone would like to know, first, whether this scenario is imple-mentable, and second find the specification of a secure implemen-tation. The first problem was treated in [CMR08] to obtain ex-ecutable Web Services Orchestration scenarios. The second wasconsidered in the context of security protocol compilation as the
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 19/165
problem of interpreting Alice and Bob specifications and was ad-dressed independently by [24] and [17]. In contrast to previousapproaches to defining a formal language based on Alice and Bobnotation, these works define the semantics with respect to an ar-bitrary algebraic theory of the cryptographic primitives. In fact,both works essentially arrive at equivalent definitions of a formalAnB language (although the presentation differs). Note that, dueto the generality, this semantics comprises some problems thatare undecidable for arbitrary algebraic theories. [24] shows thatthese problems are solvable for the theories of exponentiation andexclusive or, while [17] gives a more general account and relatesthe decision problems to static equivalence so that existing resultscan be used. [24] is the basis of the AnB language that IBM usesas an ISSL (see also description of WP6), while the orchestratoris based on the methods of [17].
Resolution of structural constraints. We have extended in [16] thework of [CMR08] to take into account the properties of the orches-trated services and ordering constraints between different actions.In this work the, structural constraints are implemented by certifi-cates sent and received along the messages, and the orchestrationproblem is entirely based on the payload of the messages and cer-tificates.We have also considered a more traditional approach to orchestra-tion in which the services are abstracted as conditional commu-nicating automata. In this setting, the orchestration problem isparameterized both by the communication model and the relationbetween the goal service and the orchestrated one.We have considered the standard relations between the goal andthe orchestrated service, i.e., trace inclusion, trace equivalence,simulation and bisimulation. For each of these relations, we havestudied the decidability of the orchestration problem when theport size is unbounded. Besides the decidability results obtained[39], we have proposed three variants of the initial model: a simpli-fied version in [BCF07, BCDP08], with bounded ports and asyn-chronous communications in [BCF08b, BCF08a, 12, 11], and withsynchronous communications [13]. In the latter case, we haveadditionally considered Quality of Service constraints in the or-chestration.
Negotiation Strategies UNIVR [33] has recently begun working onthe formalization and implementation of strategies for meaning
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 20/165
negotiation, the general process with which two agents reach anagreement about the meaning of a set of terms: each agent dis-cusses with the other one her viewpoint by exhibiting it in anactual set of constraints on the meaning of the negotiated terms.Such an approach will have a direct application to the case whereagents negotiate policies without the help of a broker/mediator.
WP3.2 Model-checking of ASLan services with respect to policies.
Bounded model checking. We have developed a bounded model-checking technique for ASLan. We have extended the techniquedescribed in [ACC07, AC08], providing support for model checkingof LTL formulae as described in [BCCZ99]. We have also extendedthe SAT encoding technique for supporting the Horn clauses.We have also evaluated the use of the action language C that allowsfor a natural and concise modeling of processes and the associatedsecurity policies [4]. In particular, C provides a rich and naturalspecification framework for the formal specification of processesand the associated security policy by supporting a wide varietyof features, e.g., noninertial and exogenous facts, nondetermin-ism, indirected and conditional effects, implicit preconditions. [4]shows that the use of C greatly simplifies the specification stepoffering a rich and concise way to model desired features of busi-ness processes under authorization constraints. As a result, wewill evaluate extensions of ASLan to enhance its expressivenesstowards some key features of C. The extensions of the languagewill be then supported by bounded model checking techniques forthe automatic analysis of the resulting specification.
Logic-based Validation of Service Oriented Applications. Thespecification of distributed service-oriented applications spans sev-eral levels of abstractions encompassing their workflow and accesscontrol policies. These levels may interact in subtle ways andidentifying a suitable language able to describe this interplay isa difficult task. Even more so, the verification of formal modelsfeaturing both levels and their interplay; almost all of the avail-able works in the literature address at most one level at a time andsometimes using coarse abstractions. For example, the verificationof the workflows specified in BPEL is done by using (extensionsof) Petri nets where the data manipulations are abstracted away.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 21/165
To overcome these problems, in [14, 31], we propose a declara-tive two-level framework for the formal specification of SOA ap-plications in the context of a first-order temporal logic extendedwith theories. This provides a rich and uniform framework wherecomplex systems can be naturally specified and it is possible toidentify conditions which are sufficient for the automated analy-sis of specifications. For example, we were able to characterizethe decidability of the symbolic execution of some classes of SOAapplications, which is interesting for the scenario validation anddebugging. We have started developing a tool (eventually to beintegrated into the AVANTSSAR Platform) that integrates state-of-the-art automated reasoning technologies in order to providesupport for the mechanization of this framework. In future work,we will study techniques to approximate the logic programmingsemantics (especially, negation as failure) of policy languages inour purely declarative framework and investigate ways to adaptexisting techniques for the synthesis of invariants which will beuseful both to the workflow and policy level.
WP3.3 Attacker models. We have extended and refined the standard Dolev-Yao attacker of security protocol analysis in order to capture new as-pects of web service security:
Hierarchy of compromising attackers. In the first project year,we developed a hierarchy of compromising attackers in a sym-bolic framework. In the second year, we built on this frameworkby exploring the relation between our attacker models in the sym-bolic, possibilistic setting (as used within our project) and theircomputational counterparts from the cryptographic, probabilis-tic setting. This has clarified the relation between attackers fromboth settings, revealing subtle differences that had previously goneunnoticed and revealed many missed cased in published crypto-graphic proofs. The new insights can help to improve the guar-antees provided by the AVANTSSAR Platform, and make theirrelation to cryptographic proofs explicit.
Multi-attacker. In the first year of the project, we formalized a newthreat model, referred to as the General Attacker (GA), which fea-tures each protocol participant as a potential Dolev-Yao attackerwho does not necessarily collude or share knowledge with anyoneelse. During the second year, we have refined this concept andwe have devised a variant of it, referred to as the Multi-Attacker
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 22/165
(MA), which differs from GA in preventing each protocol partici-pant from colluding or sharing knowledge with anyone else.As in GA, also in MA it is meaningful to continue the analysis ofa protocol after an attack is mounted. This can assess whetheradditional attacks can be mounted either by the same attackeror by different attackers. Even novel scenarios whereby principalsattack each other become possible. A significant scenario is thatof retaliation, where an attack is followed by a counterattack.The work has been consolidated on the NSPK protocol and ex-perimented on the SAML-based SSO for Google Apps use caseto have some evidence of the scalability of the approach. Thisresearch topic led to two publications [7, 8].
Guessing attacks. Continuing work started in the first project year,we have formalized a calculus to model guessing attacks. Thecentral concept is to view cryptographic functions as oracles thatcan be used either off-line, if known by the adversary, or on-line, byemploying protocol participants for this purpose. Oracles can beeither observed or controlled by the adversary, giving rise to severalcases when an attacker can guess, formalized in a guessing lemma,which also gives bounds on the number of oracle accesses neededfor guessing. The guessing rules can be used in reasoning togetherwith standard Dolev-Yao intruder rules. We have modeled ourguessing rules in ASLan as supplementary transition steps thatcan be added to any model, and have successfully substantiatedknown guessing attacks on protocols such as Anderson-Lomas,MS-CHAP and NTLM. Moreover, for an ATM system modeledafter a real case we have both reproduced known guessing attacksand found new ones.
Attacker on Access Control Systems. We have considered a vari-ant of the standard Dolev-Yao intruder model specialized for theanalysis of the security of the trust negotiation mechanisms. Theseresults will soon be reported on in a paper.
Communication channels. Continuing our work on pseudonymoussecure channels [25, 26], we have both considered their integrationinto the specification languages ASLan v.2 and AnB (see WP6)and into the model-checking methods. The latter is relativelystraightforward, since the channels are expressed using standardASLan v.2/ASLan v.1 constructs that the tools already support.The work on compositional reasoning for channels is describedbelow.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 23/165
Zero Knowledge Proofs. Further progress has been made on theformalization and model-checking systems that use zero knowl-edge proofs as a cryptographic primitive (like the Identity Mixercase study). In particular, we can avoid the non-trivial algebraicreasoning required by existing work, and also we can handle rela-tions on credential attributes [37].
WP3.4 Compositional reasoning for services and policies.
Channels for Compositional Reasoning. A central concept in ser-vice-oriented architectures is to consider a stack of services orprotocols, i.e., a vertical composition. For instance, one may runan application over a secure connection established using TLS. Infact, in many cases one side (e.g. a client respectively its browser)is not authenticated, and we may rely on an additional layer (e.g.,a password protocol or a third party like in Kerberos or single-sign-on systems) to provide the client authentication.The idea of compositional verification is that instead of verifying acomplex composed system, we verify properties of its componentsindividually and infer by a compositionality theorem that theircomposition preserves their properties. Practically, this allowsus to verify complex systems that could not be verified as wholebut where the individual components are sufficiently simple toverify. Moreover, conceptually, we get more general verificationresults: e.g. one may verify that an application satisfies certainproperties, provided that it is run over a secure channel. Thisresult is independent of the concrete protocol that realizes thesecure channel (e.g., TLS). Vice-versa, we may verify that TLSprovides a secure channel, independent of the application that isrun over it.The ongoing work on channels [25, 26] provides a very useful in-terface for this kind of compositional reasoning. In particular, forseveral kinds of channels, we have defined what it means that aprotocol or service assumes such a channel, and what it meansthat it provides such a channel. By the compositionality theoremwe have proven, any protocol or service that provides a channelcan be “plugged in” into a protocol that assumes this kind of chan-nel. This applies to authentic, confidential and secure channels,as well as their “pseudonymous” counter-parts that are generatedwhen one side is not authenticated (e.g. in TLS without clientauthentication). We are currently working at extensions of the
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 24/165
channel concept (including replay-protection and generalized ex-change methods), and at identifying different sufficient conditionsto satisfy the assumptions of our compositionality theorem.
Observational Equivalence Expressing security properties as obser-vational equivalence properties is particularly suitable for compo-sitional reasoning: one wants to prove that a service or protocol isequivalent to a secure abstraction in any environment. When es-tablished, the observational equivalence allows for the replacementof e.g., a transport protocol by an ideal protocol that has the sameproperties (e.g., authentication, anonymity, . . . ) We have investi-gated a new symbolic method to decide the equivalence of servicesin the presence of a hostile environment. This equivalence gener-alizes static equivalence by allowing for active intruders. Whilewe have so far only considered subterm equational theories, weare currently working on an extensions to a more general class.
WP3.5 Abstraction techniques for composed services and policies.
Data and Control Abstraction. As part of the development of anew module of the OFMC analysis tool, we are currently extendinga popular method to abstract verification of security protocols onwhich for instance also ProVerif and TA4SP are based (see forinstance [Bla01, BHKO04, CLC03]). These techniques involvetwo kinds of abstractions:
• Abstraction from concrete data: we partition the, in general,infinite set of data into finitely many equivalence classes andcompute on the equivalence classes.
• Control Abstraction: we disregard the temporal structure in-duced by the state transition system and rather consider theset of reachable facts, i.e. facts that true in some reachablestate.
Under certain conditions, both abstractions are sound in the sensethat if the original system has an attack then so has the abstractone, but vice-versa, there can be false positives, i.e. attacks tothe abstract system when the original system is safe. In the worstcase, we may this be unable to verify a correct system with thesemethods.We contribute to the abstract verification idea in several regards:
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 25/165
• We use a CEGAR approach, i.e. an automatic refinement ofthe data abstraction when a counter-example is found, basedon the concrete counter-example.
• We use the verification result, an abstract fixed-point thatover-approximates all possible behaviors of the system to builda machine-checkable security proof (see below for details).
• We are currently working on new forms of abstraction that arebetter suited for the verification of web-services, i.e. when thesystem is not a linear exchange of messages as in most securityprotocols.
Generating Machine-Checkable Proofs. When using complex ver-ification tools with advanced methods as in AVANTSSAR, there isof course a significant risk of bugs in the implementations or spec-ifications that fail to meet the subtle assumptions of the employedmethods. It is thus easily possible that an incorrect system is acci-dentally “verified” by an automated tool due to the bug. Our ideais that in case of the abstract fixed-point verification with OFMC,we obtain an finite representation of (an over-approximation of)the possible behavior of the system. We can use this as a basisto produce an actual proof with respect to the original model ofthe system that is to be verified and this proof can be checked bya “neutral” proof checker. IBM and SAP have designed such aproof generation method and implemented a prototype based onOFMC and the theorem prover Isabelle [15]. The key ideas are asfollows:
• Each concrete data item of the reference model is labeled withthe abstract data item that is used in the abstract verificationtechnique (and thus in the computed fixed-point). Note thatthis is a mere annotation that does not change the referencemodel.
• We can define the concretization of the computed (abstract)fixedpoint as the set of all traces T′ that can be built fromfacts of the fixedpoint and replacing each abstract data itemwith any concrete item that is abstracted accordingly.
• We show that T ⊆ T′ for the set of traces T induced by thereference model by showing that T′ is closed under each of theinductive rules that define T.
If the proof is accepted by Isabelle, we can thus be sure that thereference model satisfies the specified properties, provided that
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 26/165
the Isabelle core is correctly implemented, but we do no longerrely on the correctness of any tools and applicability of particularmethods.
Planned Work for Next Period An important effort will be devoted toextending the automated reasoning techniques (and validation back-ends) to cover more general LTL properties. In order to be able toreason on ASLan v.2 specifications, this means also to define propersemantics for policy rules (syntactically expressed as Horn Clauses)and proper analysis techniques. Orchestration techniques should beenhanced in order to capture more general workflows and to be able tobacktrack if some solution is not secure (as detected during the valida-tion phase).
3.1.3 WP4: Validation Platform
Workpackage Objective The objective of this workpackage is to pro-vide a collection of tools implementing the techniques developed in WP2 andWP3. These tools will be integrated in the AVANTSSAR Platform, an auto-matic composition and security analysis platform for Web Services and theirsecurity policies.
Workpackage Achievements
WP4.1 The TS Orchestrator. The TS Orchestrator (Orchestrator, forshort) tries to build an orchestration, i.e. a composition, of the availableservices in a way that is expected (but not yet guaranteed) to satisfythe input policy.The Orchestrator takes as input an ASLan v.1.1 file with a specificationof the available services and either a specification of the client or apartial specification of the goal. It produces as output an ASLan v.1.1file with the specification of the available services, a full specificationof the goal, and a specification of the client (a putative one, if it wasnot given as input).The general idea is to represent the available services and the clientservice as protocol roles. The intruder with Dolev-Yao capabilities, whohas a full control over the network, will play the role of an orchestrator:he tries to lead the given transition system from its initial state to a finalaccepting one. That is why final states are encoded as attack states(the point of view of the intruder). If he succeeds that means that he
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 27/165
is able to satisfy all client’s requests having only initial knowledge ofthe goal service and being able to invoke the available services.In order to check whether the attack state can be reached, we haveemployed a version of the back-end CL-AtSe: the result is a tracecontaining the sequence of messages sent and received by the intruder.From the trace we then extract an executable ASLan v.1.1 specificationof the goal service.
WP4.2 The TS Validator. The TS Validator (Validator, for short) takesas input an orchestration and a security goal formally specified inASLan v.1.1, and automatically checks whether the orchestration meetsthe security goal. If this is the case, then the ASLan v.1.1 specificationof the validated orchestration is given as output, otherwise a counterex-ample is sent back to the Orchestrator.Currently, the functionality of the Validator is supported by the fol-lowing back-ends, which have been improved and extended to providesupport to the ASLan v.1.1 language:
• CL-AtSe (developed and maintained by INRIA),• OFMC (developed and maintained by IBM), and• SATMC (developed and maintained by UGDIST)
WP4.3 Platform Integration. We have developed and implemented thefirst prototype of the AVANTSSAR Validation Platform. A schemaof the platform is presented in Figure 1. The platform takes as in-put a policy stating the functional and security requirements of a goalservice and a description of the available services (including a specifi-cation of their security-relevant behavior, possibly including the localpolicies they satisfy) and aims at building an orchestration of the avail-able services that meet the security requirements stated in the policy.The main components of the platform are the TS Orchestrator and theTS Validator described in the previous subworkpackages. The schemaof Figure 1 refines that given in the Description of Work as it explic-itly includes a connectors layer, i.e. a layer of software modules thatcarry out the translation from application-level specification languages(e.g. BPEL) into the ASLan v.1.1 language (and vice versa). TheASLan v.1.1 language, which was defined in Deliverable D2.1 (“Re-quirements for modelling and ASLan v.1” [AVA08b]), is the input andoutput format of the logical level of the platform. During the secondyear, we focused on this level of the platform. The aspects related to
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 28/165
the connectors layer (i.e. the translation from a high-level language intoASLan v.1.1) will be tackled during the last year.The AVANTSSAR Platform is implemented as a service-oriented ar-chitecture (SOA), where each component service is offered as a WebService. The platform service is hosted by UGDIST and the orches-trator service is hosted by INRIA. We provide three different instancesof the validator service, each of them leveraging a different back-end,developed in WP4.2. In particular, OFMC, CL-AtSe, and SATMC arehosted by UNIVR, INRIA, and UGDIST, respectively.
Planned Work for Next Period The assessment of the AVANTSSAR Plat-form (within WP5.4) against the validation problems will provide valu-able feedback on the usability, effectiveness, and efficiency of the toolswe have been developing in WP4. An important effort will be devotedto integrating in the final version of the platform the improvement ofthe reasoning techniques developed and automated in WP3 and WP4,as result of the assessment phase. During the second year of the projectwe mainly focused on the logical level on which the platform operates.The definition of the connectors to the application level will be ex-plicitly addressed in the Industry Migration workpackage WP6, whichtakes current industrial best practice languages and models into ac-count. The outcome of this work will be integrated in the final versionof the platform. As future work, we plan to fix the current limita-tions of the platform that we have briefly described here and in D4.1.In particular, we will integrate into the Orchestrator the function forgenerating the TS Wrappers.
3.1.4 WP5: Proof of concept
Workpackage Objective The role of WP5 is to select and formalize abroad spectrum of industry-relevant problem cases as ASLan v.1.1/ASLanv.2 specifications and then to validate these specifications using the AVANTS-SAR Validation Platform. This proof of concept approach will provide abenchmark on which we employ and evaluate the concepts, methodologies,techniques, and tools developed in WP2, WP3, and WP4.
Workpackage AchievementsWP 5.1 - Definition of the relevant problem cases. The work on this
subworkpackage has been done mostly in the first year of the project(see Deliverable D5.1 [AVA08c]). A broad collection of industrial rele-vant SOA trust and security problem cases have been extracted from
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 29/165
various application scenarios from strategic application areas includinge-business, e-government, and e-health.
WP 5.2 - Formalization of the problem cases & WP 5.3 - Valida-tion of the problem cases & WP 5.4 - Assessment.The work on formalization and validation of the problem cases has con-tinued with the modeling of the selected cases studies in ASLan v.1.1and ASLan v.2 and with their validation via the AVANTSSAR Vali-dation Platform. Details can be found in Deliverables D2.1 [AVA08b],D2.2 [AVA09b] and D4.1 [AVA09a].Table 1 summarizes the results of the first assessment of the AVANTS-SAR Validation Platform. 6 case studies were formalized and 13 prob-lem cases validated as part of the deployment of the first version of theAVANTSSAR validation platform. Details are provided hereafter forthe problem cases emerging from the selected application scenarios.
E-Business - Banking Services: Loan Origination Process Aversion of the loan origination process (LOP) has been used for the as-sessment of the first version of the AVANTSSAR validation platform.This case study offers the possibility to focus on workflow security as-pects to verify the ability of the platform to spot unexpected behaviorsin the interplay between the workflow and the access control policies.This case study has been formalized in ASLan v.1.1 and validated withSATMC.The LOP describes a bank’s evaluation of a customer’s request for aloan. The access control policy managing the execution of the processtasks that we consider is based on RBAC enhanced with delegation.In addition to delegation of permission which is supported in the LOPversion presented in Deliverable D4.1 [AVA09a], we now support bothdelegation of permissions and delegation of execution [GMM05].The security aspects we have focused on during this year are dataconfidentiality, separation of duty, and binding of duty.Data confidentiality amounts to requiring that sensible data can be ac-cessed only by authorized users. In this context, the validation phaseis used to ensure that some given principals cannot access some confi-dential data. The so-called “forbidden principals” can be users or roles;the latter express the fact that no user having those roles must be ableto access the specified confidential data.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 30/165
Table 1: Application areas and the related families of problem cases.Legend:of means no formalization has been done yet.f v means formalization has been done.of means orchestration is successful, which implies formalization.f v means verification has been done, which implies formalization.fov means both orchestration and verification, which implies formalization.
Areas Scenarios Families of Problem Cases
Fede
ratio
nAutho
rizationPo
licies
Accou
ntab
ility
TrustMan
agem
ent
Workfl
owSecu
rity
Privacy
App
licationDataPr
otectio
n
Com
mun
icationSe
curit
y
E-Business in general f v f v f v of f v f v f v ofBanking Services f v of of f v of f v ofSW Distribution Services of of of ofAnonymous Shopping f v f v f v
E-Government in general of f v of of fov of fov f vCitizen and Service Portals of f v of of fov of f v f vDocument Exchange Procedures f v of of fov of of
E-Health in general1 f v of f v of of of f vPersonal Health Information of of of of of of
1This includes the SAML SSO scenario, described below, which can be used rather universally.
Separation of duty (SoD) and binding of duty (BoD) are the most com-mon application-level properties that business processes must complywith in order to mitigate business frauds. SoD (respectively, BoD)requires that some critical tasks are executed by different agents (re-spectively, by the same agent).The analysis performed with the AVANTSSAR Validation Platform al-lows one to identify behaviors of the access control policy in places that
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 31/165
are not easy to find without tool support. For instance, delegation mayallow to circumvent the security measures ensuring data confidentiality.The analysis of the LOP is fully supported by SATMC, which is ableto detect violation to the security properties considered. The othertools, OFMC and CL-AtSe, currently support the analysis of a frag-ment of the specification and work is going on to support the wholespecification.
E-Business - Anonymous Shopping: Identity Mixer The Iden-tity Mixer case studies complement the variety of web services that weconsider in AVANTSSAR. The system itself is of interest to the projectas it offers privacy-friendly technology for a broad scope of areas ofservices, such eGovernment, eHealth and the like. For validation, theparticular challenges lie in the use of zero-knowledge proofs as buildingblocks, the privacy goals, and compositionality of the Identity Mixersystem itself.We have formalized two scenarios in ASLan v.2; details of the formal-ization and the rationale behind it are given in [37]. The first scenario isan anonymous shopping scenario where a buyer must prove to be over18 years old by a zero-knowledge proof over its electronic passport. Nomore information than this is revealed to the electronic store (like theactual birthdate or the user’s name). Also, the buyer must store hisreal name in a verifiable encryption: the buyer can check that the en-crypted message is encrypted for a third party and contains the buyer’sreal name from the passport. This allows us to achieve accountability:if anything goes wrong (e.g., the buyer does not pay) the trusted thirdparty can revoke the privacy of the buyer.This scenario addresses the problem cases privacy and accountability.For privacy, we limit ourselves to standard secrecy goals here, i.e. theintruder cannot obtain data from a credential he does not own, but wedo not consider more advanced goals like unlinkability. For account-ability, we verify that (1) after every transaction, the shop has sufficientevidence from which the trusted third party can reveal the real name ofthe shopper (2) this evidence indeed proves the action of the shopper(i.e., it cannot be forged by a malicious shop for instance).The second scenario extends the first one by a frequent customer bonussystem that involves a party vouching for (properties) of a user in aprivacy-friendly way. This scenario addresses the problem case “Fed-eration”. This scenario exists in a first formalization, but has not yet
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 32/165
been extensively tested with the validation tools yet. For this reason,we marked only “formalized” for Federation in the table.
E-Government - Citizen and Service Portals: Car Registra-tion The main focus for the validation work on the Car RegistrationProcess has been the interplay of workflow and access control policies.The workflow orchestration is generated abstracting away from policies,while the validation is performed taking them fully into account. Wehave formalized this case study in ASLan v.1.1 by refining an initialdescription specified in ASLan v.2.The scenario involves a citizen sending a car registration request; this ishandled by an employee on behalf of the registration office, and involvesstorage in a central repository. Access permissions are determined byrole-based local policies and several certificates.The specification of these policies is inspired by the DKAL policy de-scription language. We employ both general rules related to certificates,knowledge and trust, and specific rules describing the local policy ofthe registration office. They are expressed as Horn clauses and thusevaluated locally in every state of the scenario execution.For the abstract model with access control embedded directly into thetransition rules, all three back-ends find an orchestration scenario thatleads to a successful registration. SATMC handles the full model withpolicies as Horn clauses. For the resulting orchestrated system, wevalidate several security properties, e.g., that the documents are secretfor anyone who cannot read the repository, and the documents storedin the repository are consistent, with correct signatures.
E-Government - Document Exchange Procedures: Digital Con-tract Signing This case study, detailed in Deliverable D4.1, has beenmodeled in ASLan v.1.1 assuming two signers and one Business Por-tal. The orchestration problem was to generate a Security Server entityfrom the specification. The tool has been able to obtain a satisfying re-sult in less than 5 seconds working time. The properties to validate thatwere proposed by OpenTrust seem to be guaranteed by the synthetizedSecurity Server, however due to combinatorial explosion CL-AtSe, atool used to validate it, did not finish in reasonable time (36 days, andstill working). An alternative security property was defined, that issecrecy of the contract to sign. In this setting, CL-AtSe has found anattack on this property in a few seconds.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 33/165
E-Government - Document Exchange Procedures: Public Bid-ding The Public Bidding has been modeled in ASLan v.2, and thenhas been translated to ASLan v.1.1. A particular feature of this casestudy pertains to various list manipulation operations performed bythe participants. The ASLan v.1.1 model had to be simplified (man-ually) in order to reduce the complexity of the model resulting fromthese features. The simplified model has been automatically validatedwith respect to a number of security and functional requirements, andthe AVANTSSAR Orchestrator has been used to generate the desiredbehavior of a bidder entity.
E-Health in general: SAML SSO The work on SAML SSO hasprogressed in the second year of the project. The entire SAML webbrowser SSO profile (see [OAS05b, Section 4.1] for more information)has been formalized in ASLan v.1.1 and validated with SATMC.2
In the scenario supported by the web browser SSO profile, a web usereither accesses a resource at a Service Provider (SP-initiated SSO),or accesses an Identity Provider such that the service provider anddesired resource are understood or implicit (IdP-initiated SSO). Theweb user authenticates (or has already authenticated) to the identityprovider, which then produces an authentication assertion (possiblywith input from the service provider) and the service provider consumesthe assertion to establish a security context for the web user.Both SP-initiated and IdP-initiated SSO can be used in combinationwith the artifact resolution protocol that provides a mechanism bywhich SAML protocol messages can be transported in a SAML bindingby reference instead of by value. The SAML web browser SSO profileis a standardized, open, and interoperable solution. In that respect,it offers a significant number of configuration options that allow thissolution to be applicable in a multitude of environments. This is whySSO solution providers, e.g., SAP, adopt SAML SSO.Besides interoperability, that is a must for nowadays industrial compa-nies running a SOA business model, security is another critical enabler.As a matter of fact, design/development decisions and chosen configu-ration options do have an impact on security.We have formally specified and validated industrial relevant scenar-ios where the SAML SSO services are employed according to the SP-
2Abstract properties of communication channels are so far expressed as predicates thatare currently not supported by the other back-ends.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 34/165
initiated and IdP-initiated SSO protocols with and without artifactresolution. Around 30 formal specifications capturing these scenariosand the variety of interactions and configuration options have beenwritten and then analyzed.A strange behavior has been discovered on the SAML AuthenticationProtocol used in the SP-initiated SSO interaction where a client mightbe redirected to another SP obtaining a resource he/she never asked.It is not clear whether this strange behavior is a flaw or a desired oneas this depends on the expected security properties of the protocolthat are not fully specified. Interestingly, when combined with lackof sanitization on the RelayState, a URL-encoded parameter oftenused in SAML to carry the original resource requested by the client,this strange behavior has serious consequences as a cross-site scripting(XSS) attack can be mounted by a malicious service provider to stealclient’s session cookies.SAML-based SSO for Google Apps was suffering from this exploitation.Google has been promptly contacted and it fixed the issue by sanitizingthe RelayState. Preliminary results indicate that other adopters of theSAML SSO solution may suffer from the very same issue.The work will proceed during the last year of the project to clarifythese points.
3.1.5 WP6: Dissemination and industry migration
Workpackage Objective This workpackage aims at the disseminationand migration of the project results into the scientific community, industryand standardization bodies.
Workpackage achievementsWP 6.1 - Dissemination. Dissemination activities are described, together
with the use of foreground, in Section 5.
WP 6.2 - Migration to industrial development environments. Con-siderable effort has been devoted to this sub-workpackage in the secondyear of the project.
Industry migration at SAP. Contacts with core business unitsat SAP, the major industrial player active in this sub-workpackage,have been consolidated and two valuable migration activities have beencarried out:
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 35/165
NW-NGSSO: application of AVANTSSAR to formally analyze theSAP NetWeaver SAML Next Generation Single Sign On services.The results obtained by formally analyzing the OASIS SAML 2.0SSO and the SAML-based SSO offered by Google (see [ACC+08])received strong interest at SAP NetWeaver Security and Iden-tity Management (SAP NW SIM). An industry migration activ-ity has been carried out in that context where the AVANTSSARtechnology has been employed to perform a formal analysis ofSAML-based SSO solution that SAP NW SIM has designed anddeveloped. The analysis has focused on the most relevant profile ofSAML for SAP, the SAML web browser SSO profile (see [OAS05b,Section 4.1] for more information).The solution designed and developed at SAP SIM for SAP NetWea-ver Application Server (SAP NW AS) and SAP NetWeaver Iden-tity Management (SAP NW IdM) employes all the features of theIdP Lite and SP Lite operation modes as described in [OAS05a].3In there, clients can consume services by means of either the SP-initiated or the IdP-initiated SSO profiles where artifact resolutioncan be used between SPs and IdPs.In this industry migration initiative, we have exploited the AVANT-SSAR technology to formally analyze SAP-relevant scenarios wherethe SAML-based NW NG SSO services are employed. In our anal-ysis, we wrote more than 50 formal specifications capturing thesescenarios, the variety of configuration options, and the SAP inter-nal design and implementation choices. The analysis conductedwith AVANTSSAR shows that the SAP NW NG SSO services areindeed well designed. In this respect it is worth to be mentionedthat the strange behavior discovered on the SAML AuthenticationProtocol does not have serious exploitations in the SAML-basedNW NG SSO solution as field sanitizations are properly executedand as cookies are in place to mitigate the risk of undesired redi-rections from one service provider to another.All in all, safe and unsafe service compositions and configurationshave been identified by our detailed analysis that can be used bySAP in setting-up the NW NGSSO services on customer produc-tion systems.
3SAP NW IdM 7.2 successfully passed the Liberty SAML2 Interoperability Tests. Seethe press release at http://www.projectliberty.org/news_events/press_releases/entrust_ibm_microsoft_novell_ping_identity_sap_and_siemens_pass_liberty_alliance_saml_2_0_interoperability_testing for more details.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 36/165
This industry migration initiative is likely to be continued in 2010.A set of interesting future directions have been identified such asanalysis of Single Log Out (SLO) profile, analysis of a compositionof SSO, SLO and a STS (Security Token Service). Discussion withSAP SIM on this matter is taking place right now.
NW-BPM: exploitation of AVANTSSAR technology to formally ana-lyze security-critical aspects of business processes within the SAPNetWeaver BPM product solution. More in detail, the SAP teamin AVANTSSAR proposes an eclipse plug-in extension for SAPNetWeaver BPM (NW BPM) through the design and develop-ment of a security validator plug-in that enables a business processmodeler to easily specify the security goals one wishes to validate.The model-checking verification plug-in is instrumented by a for-mal analysis to ensure, at design time, that a business processachieves its security/compliance desiderata. The tool proposesa push-button technology, featuring an accessible user interface,to bridge the gap between business process modeling languagesand formal method specifications. An automated extraction andcompilation of security-relevant requirements of the process modelhas been realized. An invocation of the SATMC back-end systemcomputes the analysis. As a result, the violation of the securityproperties (if any) are shown in a graphical way to easily enablethe modeler to take counter-measures. Preliminary results havebeen obtained on the Loan Origination Process case study witha few security goals. For the sake of confidentiality, an integra-tion in the SAP existing environment (NetWeaver BPM) will bedemonstrated during the second year review and the results willbe published in the deliverable D6.2.3 (“Migration to industrialdevelopment environment: Lessons learned and best practices”)with a restricted access. This migration activity is likely to becontinued in 2010, with the capture and the analysis of other se-curity relevant aspects of business processes (e.g., invocation andconsumption of remote services) and the assessment of the scala-bility on more complex industrial processes.
Industry migration at IBM.
AnB. As an industrially suited-specification language, IBM has de-veloped AnB, a formal specification language based on Alice andBob notation which is easy to use without a background in for-
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 37/165
mal methods. The novel features as compared to other AnB stylelanguages are the following:
• A formal semantics that allows for the interpretation of AnBspecifications with respect to an algebraic theory (this wasdeveloped independently by [24] and [17], see description ofWP 3.1).
• The support for the notation for secure and pseudonymouschannels [25].
• The support for non-interactive zero-knowledge proofs as a(black-box) specification primitive [37].
Contact with other researchers at IBM that are considering thesecurity of services and protocols and received positive feedback:the language and tool support seems indeed useful and is accessiblewithout expertise in formal logic and model checking. Also theirsuggestions for further extensions are invaluable for continuingthis line of work.
CARL. A new line of work related to Identity Mixer, the case-study ofIBM is pursued in collaboration with the EU-Project PrimeLife:we have devised the new specification language CARL for credent-ial-based access control [34]. The novel aspect of this language isthe ability to specify policies in a privacy friendly way, in particu-lar the minimum amount of information that needs to be revealed(including revealing to third parties). The language is technol-ogy neutral, however, so that established technologies (like X.509certificates) can be used which do not necessarily ensure the levelof privacy that Identity Mixer does (i.e. revealing more informa-tion than required). In relation to AVANTSSAR, we have deviseda formal semantics for this language which is of course a pre-requisite for formal verification of CARL-based systems. We havebegun designing a mapping from CARL specifications to the Iden-tity Mixer technology [37]; this gives a new form of compositionalreasoning, using the Identity Mixer protocols as building blocksof privacy friendly service-oriented architectures.
Industry migration at OpenTrust. OpenTrust was scheduled toperform work on WP 6.2 in 2009 but temporarily postponed the projectwork when the employee responsible for the project left the company.OpenTrust hired a new person to manage the project at the close of2009.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 38/165
In 2010, OpenTrust will resume its work on WP 6.2 by developing away to implement advanced business processes, such as those dealingwith security policies, and will develop a ready-to-use OpenTrust SPISecurity Server client-side process template. OpenTrust will accom-plish this, in part, by using and improving third-party tools, such asa Business Process Management plug-in, possibly extended. The toolselection may be based open source plug-ins, such as JBoss jBPM orBonita Open Source BPM.The primary purpose of the secured advanced business process projectis to produce a enhanced proof record for document exchange proce-dures. Eventually, OpenTrust’s work will allow users to do the fol-lowing: script a process using a BPM modeler; translate the process toASLan v.1.1 so that it can be validated by the AVANTSSAR Validator,use the AVANTSSAR Validator to validate the process, output processvalidation results that prove the process has been tested and validated,and insert the process validation results into the proof records createdby the OpenTrust SPI Security Server, if required.
WP 6.3 - Migration to standardization bodies. Although the work inthis sub-workpackage was not supposed to start before month 24, amigration activity towards the OASIS standardization group has al-ready been initiated in the first year of the project (modeling of theSP-initiated SAML SSO profile without artifact resolution) and hasprogressed over the second year where the entire SAML web browserSSO profile has been thoroughly studied in preparation for SAML SSOstandardization activities at OASIS.4.Always in this context a SAML Modelling Environment (SAML ME)has been developed as a Java application at SAP Research. The pur-pose was to investigate how AVANTSSAR technology could be ex-ploited to mitigate the risk of deploying flawed SAML services such asthe SAML-based SAML SSO for Google Apps [ACC+08].Though well documented and specified, the OASIS SAML securitystandard is written in natural language that is sometime subject tointerpretation. When several configuration options, profiles, protocols,bindings, exceptions, and recommendations are discussed in differentbut interconnected documents, it may become difficult to establishwhen this and that message fields are mandatory in this and that pro-files and which ones not. The technical overview document provided
4http://saml.xml.org/saml-specifications
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 39/165
Figure 2: The SAML Modeling Environment.
by OASIS SAML as an addendum non-official document tries to in-crease clarity in this respect and, in our humble opinion, indeed doesit. Still something went wrong when Google designed and developedits SAML-based SSO services.Our SAML ME prototype mocks industrial applications built to deploySAML Federated environments (see Figure 2), but features
• a graphical user interface interconnected with a rule engine check-ing that the decided configuration options are coherent with theOASIS SAML specification, and
• a security validation process where the configured federated envi-ronment is formally analysed through the AVANTSSAR Valida-tion Platform.
For instance, if a modeler creates in the SAML ME an identity providerservice and decides to remove the InResponseTo field in the authentica-tion assertion, a message pops-up to warn the modeler that InResponseTois mandatory in the SSO profile (see Figure 3). Notice that the mod-eller may even have good reasons to remove that field. For instance, amodeller may decide to prevent a Denial of Service pitfall by deselect-ing, in the authentication request, the ID field that a service provider is
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 40/165
Figure 3: The SAML Modeling Environment: pop-up warning.
supposed to freshly generate and store upon a client request. But whichare the consequences? In our SAML ME prototype we can instrumenta formal analysis through the AVANTSSAR Validation Platform thatestablish whether this decision can be source of security flaws in theoverall federated environment (see Figure 4).All in all, our SAML ME prototype (i) faithfully captures SAML 2.0 tomitigate the risk of ambiguity that may occur due to different interpre-tation of the specifications and (ii) mitigates, by means of automatedformal analysis, the risk of deploying flawed SAML 2.0 services.A demo about this prototype will be presented at the review meeting.We plan to approach OASIS SAML to openly discuss all these, in ourhumble opinion, interesting points. This will be the main activity that
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 41/165
Figure 4: The SAML Modeling Environment: validation feature.
will take place in the last year of the project.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 42/165
3.2 ResourcesAs discussed in detail in Section 6, the resources and corresponding costs areall inline with what planned and estimated in the Description of Work, sono deviations have occurred and no countermeasures were required.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 43/165
4 Deliverables and milestones tables4.1 Deliverables listAs shown in Table 2, the workplan of the project comprises 25 deliverables,3 of which were due in Period P2 in addition to Deliverable D6.1, whichspans the overall lifetime of the project and is of type “O” as it comprises theactivation and maintenance of the AVANTSSARWebsite and the publicationof the package of the AVANTSSAR Platform.
The two deliverables D1.4 (this deliverable) and D2.2 are of nature Report(R), while Deliverable D4.1 is of type “R&P” as it describes the developmentand prototypical implementation of the first version of the AVANTSSARValidation Platform. The dissemination level is indicated using the standardcodes, where PU = Public.
As shown in Table 2, the 4 deliverables due in Period 2 have been deliv-ered in a timely fashion, considering the fact that D1.4 has been merged (inaccordance with the Project Officer) with this report.
Brief descriptions of the individual deliverables are given in the Deliver-able Summary Sheets in the following pages.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 44/165
Table2:
Deliverab
les
Del.
no.
Deliverab
lena
me
WP
no.
Lead
bene
ficiary
Nature
Dissemination
level
Deliveryda
tefrom
Ann
exI
(projmon
th)
Delivered
Yes/N
oActua
l/Fo
recast
deliv
eryda
teCom
ments
D1.4
Prog
ress/A
ssessm
ent
Rep
ortforYe
ar2
1UNIV
RR
PU12
(31.12.09)
Yes
D1.4ha
sbeenmerged
(inaccordan
cewith
the
Project
Officer)
with
this
repo
rtD2.2
ASL
anv.2with
static
servicea
ndpo
licycom-
posit
ion
2ET
HZu
rich
RPU
18(30.06.09)
Yes
30.06.09
D4.1
AVANTSS
AR
Valid
a-tio
nPlatform
v.1
4UGDIST
R&P
PU24
(31.12.09)
Yes
30.12.09
D6.1
AVANTSS
AR
Websit
ean
dPa
ckag
e6
UNIV
RO
PU1–
36Ye
sThe
website
isbe
ing
upda
tedregu
larly
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 45/165
4.1.1 Deliverable D1.4DELIVERABLE SUMMARY SHEET
Project Number: FP7-ICT-2007-1, Project No. 216471Project Acronym: AVANTSSARTitle: Automated VAlidatioN of Trust and Security of Service-oriented AR-chitecturesDeliverable no: D1.4Title: First Progress/Assessment Report (now: Progress/Assessment Reportfor Year 2 (Period P2: 01.01.09 — 31.12.09))Due date: 31.01.2010Delivery Date: 31.01.2010Short Description: Deliverable D1.4 has been merged (in accordance with theProject Officer) with this Periodic Progress Report, which covers the first yearof the AVANTSSAR project. It consists of a publishable executive summary,of an overview of the project objectives for the period and of the work progressand the achievements during the period, of the deliverables and milestones,of a summary of the project management including an explanation of the useof the resources and the corresponding financial statements.Partners contributed: allMade available to: public
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 46/165
4.1.2 Deliverable D2.2DELIVERABLE SUMMARY SHEET
Project Number: FP7-ICT-2007-1, Project No. 216471Project Acronym: AVANTSSARTitle: Automated VAlidatioN of Trust and Security of Service-oriented AR-chitecturesDeliverable no: D2.2Title: ASLan v.2 with static service and policy compositionDue date: 30.06.09Delivery Date: 30.06.09Short Description: Deliverable 2.2 describes ASLan v.2, the second version ofthe ASLan language for specifying security-sensitive service-oriented archi-tectures, the associated security policies, and their trust and security prop-erties. In particular, ASLan v.2 allows for the formal specification of staticservice and policy composition. ASLan v.2 borrows notions from proceduraland objected-oriented programming languages in order to be usable by thosewho are not an expert in formal protocol/service specification languages. Thefollowing features of ASLan v.2 are in particular useful in formally modellingstatic services and policy compositions:
• Control flow constructs (e.g. while and if). These allow for specifyingservices in a concise manner using concepts familiar to most program-mers.
• Modularity via the notion of an entity. This allows for specifyingservices separately, and instantiating them multiple times or composingthem with other services. Moreover, modularity helps in localizingpolicies to individual services, and precisely mapping out their trustrelations.
• Annotated channels. These provide an intuitive notation for expressingproperties of communication channels, that are used both as serviceassumptions and service goals.
The new features of ASLan v.2 are put into practice by formalizing a selectionof problem cases taken from Deliverable D5.1.Partners contributed: UNIVR, ETH Zurich, UGDIST, IBM, IEAT, SAP,SIEMENS (principal editors). INRIA, UPS-IRIT, OpenTrust (secondaryeditors)Made available to: public
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 47/165
4.1.3 Deliverable D4.1DELIVERABLE SUMMARY SHEET
Project Number: FP7-ICT-2007-1, Project No. 216471Project Acronym: AVANTSSARTitle: Automated VAlidatioN of Trust and Security of Service-oriented AR-chitecturesDeliverable no: D4.1Title: AVANTSSAR Validation Platform v.1Due date: 31.12.09Delivery Date: 30.12.09Short Description: This deliverable describes the development and prototyp-ical implementation of the AVANTSSAR Validation Platform, which we haveimplemented as a service-oriented architecture. The platform takes as inputa policy stating the functional and security requirements of a goal serviceand a description of the available services (including a specification of theirsecurity-relevant behavior, possibly including the local policies they satisfy)and aims at building an orchestration of the available services that meet thesecurity requirements stated in the policy.The main components of the platform are the TS Orchestrator and the TSValidator. The TS Orchestrator tries to build an orchestration, i.e. a com-position, of the available services in a way that is expected (but not yetguaranteed) to satisfy the input policy. The TS Validator automaticallyanalyses the validation problem resulting from the TS Orchestrator output.Failed validation means the existence of vulnerabilities that need to be fixed;otherwise, the composition of the services is guaranteed to be secure, i.e. tomeet the input policy.We also describe the experimental results obtained by running the platformagainst a selection of problem cases taken from Deliverable D5.1 [AVA08c]formally specified in ASLan.The main features that will be included in the next version of the platformare highlighted.
Partners contributed: UNIVR, ETH Zurich, INRIA, UPS-IRIT, UGDIST,IBM, IEAT (principal editors). OpenTrust, SAP, SIEMENS (secondary ed-itors)Made available to: public
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 48/165
4.1.4 Deliverable D6.1DELIVERABLE SUMMARY SHEET
Project Number: FP7-ICT-2007-1, Project No. 216471Project Acronym: AVANTSSARTitle: Automated VAlidatioN of Trust and Security of Service-oriented AR-chitecturesDeliverable no: D6.1Title: AVANTSSAR Website and packageDue date: 01.01.08 – 31.12.10Delivery Date: ongoingShort Description: The website (www.avantssar.eu) is active and updatedregularly. The AVANTSSAR package is in preparation.Partners contributed: allMade available to: public
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 49/165
4.2 Milestones listThe project comprises 6 major milestones, which provide its major deci-sion points, and which are synchronized with the 6 project meetings. The2 milestones of Period P2 are shown in Table 3. Both have been achievedas verified during the second synchronization meeting (month 18) for MS3,and on month 24 (in particular, at the delivery of D4.1) and while writingthis periodic progress report in preparation for the second review meeting(at month 26) for MS4.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 50/165
Table3:
Mile
ston
es(and
decisio
npo
ints)
Mile
ston
eno
.Mile
ston
ena
me
WPsno
’s.
Lead
bene
ficiary
Deliveryda
tefrom
Ann
exI
(projmon
th)
Achieved
Yes/N
oActua
l/Fo
recast
deliv
eryda
teCom
ments
MS3
ASL
anv.2
(static
ally
compo
sed
services
and
policies),
Valid
a-tor
and
Orchestrator
prototyp
es,
and
First
form
alisa
tion
ofprob
-lem
cases
2,4,
5UGDIST
mon
th18
(secon
dsyn-
chronizatio
nmeetin
g)
Yes
mon
th6
MS4
Reasoning
techniqu
esfor
ASL
anv.2
spec-
ificatio
ns,
Platform
prototyp
e,Assess-
ment
v.2,
ASL
anfor
indu
stry
1,3,
4,5
UPS
-IRIT
mon
th24
(sec-
ond
review
meetin
g)
Yes
mon
th24
(and
mon
th26
)The
achievem
ent
ofthe
mile
ston
eha
sbe
enverifi
edon
mon
th24
(inpa
rticular,
atthe
deliv
ery
ofD4.1)
and
while
writ
ing
this
perio
dicprog
ress
repo
rtin
preparation
forthesecond
review
meetin
g(at
mon
th26).
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 51/165
5 Project Management5.1 Project Planning and Timetable (GANTT Chart)AGANTT chart showing the scheduling of the workpackages and the progressmade is given in Figure 5: it depicts the timelines of the single workpack-ages and their sub-workpackages, as well as the 7 planned project meetings(a kick-off meeting, 3 synchronization meetings attended by all consortiumpartners, and 3 project review meetings) and the principal additional meet-ings that took place in period P2. This chart is the updated version of theoriginal chart given in the Description of Work (Annex I) and of the chartgiven in Deliverable D1.3 “Deliverable 1.3: Progress/Assessment Report forYear 1” [AVA08a].
5.2 Project Management and CoordinationProject management during the second project period was unproblematic.No problems occurred and thus no deviations from the planned deliverablesand milestones were necessary, except for the minor, natural, adjustments tothe timetable — for the delivery of the deliverables and achievement of themilestones — described in the previous section (all carried out in accordancewith the Project Officer). Given the complexity of the technical objectives,particular attention has been paid to the coordination of the activities andcommunication between project partners.
5.2.1 Project Meetings
Project meetings have played (and will play) a pivotal role in the coordinationand synchronization of activities among the partners, as they have fosteredcommunication between the beneficiaries and synergies and cross-fertilizationof approaches and results.
The meetings of Period P2 are listed in Section 6, specifying venues,dates, and participants, along with costs that the participants incurred to.For readability, we have divided them into three categories:
• General project meetings, which include the planned project meetingsas well as other meetings organized for the Consortium to discuss andwork on specific workpackages and deliverables,
• Working meetings, which are small to medium size meetings betweenproject participants to work on specific project topics.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 52/165
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
���������������������������������������������
WP
3.2
Mod
.−C
h. P
. w.r
.t. S
.
WP
3.3
Atta
cker
Mod
els
WP
3.4
Com
p. R
eas.
for
S.&
P.
WP
3.5
Abs
. for
Com
p. S
.&P
.
WP
4.1
TS
Orc
hest
rato
r
WP
4.2
TS
Val
idat
or
WP
4.3
Pla
tform
Inte
grat
ion
WP
5.1
Def
. Pb.
Cas
es
WP
5.2
For
m. P
b. C
ases
WP
5.3
Val
. Pb.
Cas
es
WP
5.4
Ass
essm
ent
WP
6.1
Dis
sem
inat
ion
WP
6.2
Mig
ratio
n in
dust
ry
WP
6.3
Mig
ratio
n S
tand
. Org
.
WP
2.2
WP
2.3
WP
2.1
WP
2
WP
6
WP
5
WP
5.3
WP
5.1
WP
5.2
WP
4
WP
4.1
WP
4.2
WP
4.3
43
21
56
78
910
1112
1314
1516
1718
1920
2122
2324
2526
2728
2930
3132
3334
3635
Mon
th
kick
−of
f mee
ting
WP
1
WP
5: P
roof
of
conc
ept
WP
2: M
odel
ling
trus
t an
d se
curi
ty a
spec
ts o
f SO
A
WP
4: T
he A
VA
NT
SSA
R v
alid
atio
n pl
atfo
rm
WP
3 W
P3:
Aut
omat
ed r
easo
ning
tec
hniq
ues
WP
6: D
isse
min
atio
n an
d in
dust
ry m
igra
tion
WP
6.1
WP
6.2
WP
6.3
WP
5.4
final
rev
iew
mee
ting
Pro
ject
man
agem
ent
1st r
evie
w m
eetin
g
1st m
odel
ing
mee
ting
2nd
mod
elin
g m
eetin
g
1st s
ync
mee
ting
WP
3&W
P4
mee
ting
WP
2&W
P3
mee
ting
WP
2&W
P3
mee
ting
2nd
sync
mee
ting
3rd
sync
mee
ting
WP
2 m
eetin
gW
P4
mee
ting
2nd
revi
ew m
eetin
g
proj
ect w
orks
hop
mee
ting
Gen
eral
mee
ting
and
2nd
Pro
gres
s so
far
WP
3.2
WP
3.3
WP
3.4
WP
3.5
WP
3.1
WP
2.1
Initi
al A
SLa
n
WP
2.2
Ext
ende
d A
SLa
n
WP
2.3
Fin
al A
SLa
n
WP
2: M
od. T
&S
of S
OA
WP
3: A
uto.
rea
s. t
echn
.W
P4:
AV
AN
TSS
AR
Val
. P.
WP
5: P
roof
of
conc
ept
WP
6: D
iss.
and
ind.
mig
r.W
P1:
Pro
ject
Man
agem
ent
WP
3.1
Sat
. of A
SLA
N P
.
Figure 5: GANTT Chart of the AVANTSSAR Project
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 53/165
• Participation to European and scientific events, which list participationto conferences and other events for the dissemination of the projectresults, including events organized by the European Commission.
In addition to these physical meetings, a number of “unscheduled” virtualmeetings have been organized regularly with the help of the SAP ConnectPortal, an audio and web conferencing system that provides a virtual meetingroom where participants can share files and work on them in real time. Thesemeetings have proved to be a very useful (and cost-effective) means of sharinginformation, discussing research issues, and preparing project material. Wewill thus use the portal to hold virtual meetings on a regular basis until theend of the project.
5.2.2 Task-forces
The formation of task-forces (comprising experts from all the partners) hasbeen a very effective coordination measure to tackle well-defined, criticaltechnical issues, such as the definition of the ASLan and of the ISSLs, as wellas the implementation and assessment of the first version of the AVANTS-SAR Validation Platform.
5.2.3 Website
The website of the AVANTSSAR project is
www.avantssar.eu
and includes:
• A general introduction to the project: the objectives, the expectedresults, the milestones, the detailed description of the consortium andits coordinates within the Seventh Framework Programme.
• Publications originated from the project, both in the scientific commu-nity and in the general press.
• A subpage about the AVANTSSAR Platform.
• Links to the forerunner projects AVISPA and AVISS.
• A number of relevant links: other projects, institutions and companiesthat are related to AVANTSSAR.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 54/165
• An internal protected section, containing contact details, internal mail-ing lists, details about the meetings (slides, notes and so on) and othertemporary technical information needed by the consortium.
• A protected section containing the deliverables and other documentsfor the European Commission.
• Links to events taking place in the context of the project: meetings,conferences, and workshops.
• News about the AVANTSSAR project, including, for instance, linksto articles and a demo-video about the serious vulnerability of theSAML-based Single Sign-On Service offered by the informatics giantGoogle [ACC+08] that we discovered.
Besides for the website, communication and information exchange amongthe members of the project is enforced via a carefully organized and main-tained central repository and a number of dynamically created mailing lists.
5.2.4 Mailing lists
The following mailing lists have proved to be very useful means of exchangingideas and coordinating activities:
• [email protected] is devoted to
– the exchange information between the partners,– the organization of consortium-wide editorial activities such as the
writing of a deliverable, as well as– general announcements such as organizing a project meeting or
advertising a new project publication.
This mailing list comprises all the scientists from the partner groups.
• [email protected] is devoted to the discussion be-tween all the site leaders.
• [email protected] is devoted to the discussion of ad-ministrative, financial, and management issues. This mailing list in-cludes all the site leaders plus a restricted number of senior researchersand administration staff.
• [email protected] is the address of the administrators of theproject website, namely the members of UNIVR, with the support ofmembers of UGDIST.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 55/165
5.2.5 SVN Server
The use of a SVN (Subversion) Server has proved to be a fundamental in-strument for the management and sharing of project data. SVN allows forthe concurrent management of (different versions of) files and it proved veryvaluable for the project: software and documents (e.g. deliverables and publi-cations) are now routinely and effectively managed, shared and jointly editedvia SVN by the AVANTSSAR personnel.
5.3 Use of foreground and dissemination activities5.3.1 Project Workshops and Conferences, Lectures, Tutorials
The second project workshop took place in Verona, Italy, on January 14 and15, 2010, in conjunction with the regular project synchronization meeting.Participants from all project partners presented summaries of their achieve-ments during the second reporting period. (The workshop was originallyplanned for 2009 but has been co-located with the synchronization meetingto minimize costs and maximize attendance.)
As described in more detail in Deliverable D1.2 “Basic Dissemination andUse Plan”, a final Project Workshop is scheduled for 2010 and will be open toexternal participants (co-located with a one-day “Dissemination Workshop”).
Additionally, the members of AVANTSSAR have been playing (and willplay) an active role in the organization of a number of scientific events.Subsection 5.4 lists the events that took place, or whose organization hasbegun, during the second reporting period. In particular, AVANTSSARsupports the ARSPA workshop series:
• ARSPA is a series of workshops on Automated Reasoning for SecurityProtocol Analysis that was started during the AVISPA project (thepredecessor of AVANTSSAR) and that will be carried on in the context,and with the support, of AVANTSSAR.
• ARSPA-WITS’09: in 2009, ARSPA has again joined forces with theWITS workshop, in the context of the ETAPS 2009 conference (22-29March, 2009, York, UK). The co-chairs of ARSPA-WITS’09 were Pier-paolo Degano (of the University of Pisa, and of the Sensoria project)and Luca Viganò of UNIVR. More information is available on theproject’s website http://www.avantssar.eu/arspa-wits09/
• ARSPA-WITS’10: in 2010, ARSPA again joins forces with the WITSworkshop, in the context of the ETAPS 2010 conference (Paphos, Cyprus,March 27-28, 2010). The co-chairs of ARSPA-WITS’09 are Alessandro
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 56/165
Armando of UGDIST and Gavin Lowe (Oxford University). More in-formation is available on the project’s website http://www.avantssar.eu/arspa-wits10/
Moreover, we have been presenting our work at international conferencesand forums on computer security, software architectures, and automated rea-soning, as illustrated by the AVANTSSAR publications and talks listed inthe Subsection 5.5 and Subsection 5.7.
The industrial partners have also been carrying out local dissemination,and the whole consortium has been involved in clustering and standardiza-tion activities. These activities are described in quite some detail in De-liverable D1.2 “Basic Dissemination and Use Plan”, so here we only brieflyindicate some projects and organizations relevant to the on-going work (atinternational or national level) and with which information exchange mightbe beneficial.
5.3.2 European and international projects and working groups
Members of the AVANTSSAR consortium participate in (or are in close con-tact with the initiators and members of) several related European and inter-national projects and working groups, including:
• COST Action IC0901: Rich-Model Toolkit – An Infrastructure for Re-liable Computer Systems (Nov. 2009 – Oct. 2013). The action isrelevant through its design of language with rich modeling features,and through its work on decision procedures, including SAT checking.From the AVANTSSAR project, Marius Minea is representing Roma-nia as Management Committee member for Romania, and AlessandroArmando is partipating from Italy.
• DEPLOY: Industrial deployment of system engineering methods pro-viding high dependability and productivity. FP7 project, Feb 2008 –Jan 2012, http://www.deploy-project.eu/index.html.The Deploy project concerns developing critical systems by refinementusing the Event-B formalism. The main focus is on embedded systems,but the project will also explore security aspects of such systems. ETHZurich is the focal point for the security activities and can serve as ahub for collaboration here. Point of contact for Deploy: David Basin.
• IFIP WG 1.7 Theoretical Foundations of Security Analysis and Design,http://www.dsi.unive.it/IFIPWG1_7/. Luca Viganò of UNIVR is amember of the working group.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 57/165
• MASTER: Managing Assurance, Security and Trust for sERvices. FP7project, Feb 2008 – Jan 2011, http://www.master-fp7.eu/index.php.
• PrimeLife: Bringing sustainable privacy and identity management tofuture networks and services. FP7 project, Mar 2008 – Feb 2011, http://www.primelife.eu.The PrimeLife project is related in several regards. First of all, PrimeLife is concerned with improving privacy-friendly technologies suchas IBM’s Identity Mixer, which is one of the major case studies inAVANTSSAR. We already have a close collaboration between thesetwo projects at the IBM site. In particular, we discuss our formal-ization of the Identity Mixer directly with its developers. Moreover,PrimeLife is also related to questions of access control policies andtheir composition. The privacy-friendly credential-based access controllanguage CARL has been developed in collaboration of AVANTSSARand PrimeLife at IBM (see WP 6 description).
• R4eGov: Towards e-Administration in the large. FP6 project, Mar2006 – Feb 2009, http://www.r4egov.eu.
• SENSORIA: Software Engineering for Service-Oriented Overlay Com-puters, FP6 project, Sep 2005 – Aug 2009, http://www.sensoria-ist.eu. Luca Viganò of UNIVR acted as an associated researcher of theSensoria project.
• SPOCS: Simple Procedures Online for Crossborder Services. Siemensparticipates in the FP7 e-government project SPOCS, CIP-ICT PSP-2008-2 no238935, http://www.eu-spocs.eu/, started in June 2009.Among others, SPOCS specifies the security architecture for prototyp-ical service portal implementations related to the EU Services Directive.SIEMENS is going to formalize and verify the security architecture us-ing the AVANTSSAR toolset, whereby valuable feedback is anticipatedin both directions between the projects.
• WASP: Wirelessly Accessible Sensor Populations. FP6 project, Sep2006 – Feb 2010, http://www.wasp-project.org.
Luca Viganò of UNIVR and Volkmar Lotz and Alessandro Sorniotti ofSAP represented AVANTSSAR and presented the project at the BLED con-ference “Towards a European approach to the Future Internet”, held in Bled,Slovenia, March 30 – April 2, 2008.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 58/165
Some of the members of the AVANTSSAR team, including ETH Zurich,INRIA, SAP, SIEMENS, and UNIVR also participate, at different levels,in the activities of the European Research Consortium in Informatics andMathematics (ERCIM), in particular, ERCIM’s Working Group on Securityand Trust Management, which aims at steering the research of ERCIM in-stitutions on a series of activities (e.g., research projects, workshops, dissem-ination of knowledge) for fostering the European research and developmenton security, trust and privacy in ICT. These are among the main issues ofcurrent and future research efforts for “security in Europe” (cf., for exam-ple, http://www.cordis.lu/security). We thus expect that the results ofAVANTSSAR will be beneficial for this ERCIM WG, which will in turn pro-vide a major forum for the peer-evaluation and dissemination of our results.
France
• INRIA: ACCESS is an INRIA ARC project that has started in 2010between Lille, Saclay and Nancy. ACCESS is concerned with the se-curity and access control for Web data exchange. It aims at definingautomatic verification methods for checking properties of access con-trol policies (ACP) for XML, like consistency and for the comparisonof ACPs. Formal tools from tree automata theory will be applied forthis purpose.
• UPS-IRIT: Philippe Balbiani is the leader of ARA SSIA COPS. Lilacis also part of the ROSACE (Robots et systèmes, auto-adaptatifs, com-municants et embarqués) project, which aims at studying and develop-ing means to design, specify, implement and deploy a set of mobile au-tonomous communicating and cooperating robots with well-establishedproperties particularly in terms of safety, self-healability, ability toachieve a set of missions and self-adaptation in a dynamic environment.The project is focused on the associated software (models, algorithmsand systems). We propose to address in a systematic and convergentapproach the robotics software levels and the specific constraints im-posed to the middleware level corresponding to the real-time embeddedsystems as well as network and inter-communication level management.ROSACE will bring together a strong research consortium composedof research teams from three laboratories (CERT-ONERA, IRIT andLAAS-CNRS) for making real progress in this area: an active and cen-tral object - namely a fleet of cooperative robots - is critical for keepingthe difficult and ambitious scientific and technical work well groundedin relevant realities and well focused on actual needs.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 59/165
Germany SIEMENS participates to:• BITKOM AK (working group) SOA Technologies,
http://www.bitkom.org/de/themen_gremien/18151.aspx
• CAST workshops on SOA Security,http://www.cast-forum.de/workshops/infos/103
• TeleTrusT project group SOA Security, http://teletrust.de
Italy• UNIVR participates to the PRIN’07 project “SOFT—Tecniche formali
orientate alla sicurezza”, Sep 2008 – Aug 2010.
• UGDIST coordinates the PRIN’07 project “Integrating automated rea-soning in model checking: towards push-button formal verification oflarge-scale and infinite-state systems”, Sep 2008 – Aug 2010.
Romania• Practical Formal Verification Using Automated Reasoning and Model
Checking. INTAS research grant 8144, Sep 2006 – May 2009, http://www.risc.uni-linz.ac.at/projects/intas
• CONQUERS: Continuous Quality Evaluation and Restructuring of Soft-ware. Romanian national research grant, Oct 2007 – Sep 2010, http://loose.upt.ro/conquers . Relevant to AVANTSSAR is a task onextraction and composition of component and service interfaces.
• IEAT has won a 20-month Romanian national grant (2009–2010) sup-plementing FP7 participation in AVANTSSAR. This grant allows IEATto provide additional person-months to the project and to finance partof the participation in AVANTSSAR project meetings and conferences.
Switzerland• ETH Zurich is involved in the project VerSePro (funded by the Swiss
National Science Foundation SNSF) together with the Ecole Polytech-nique Federale de Lausanne EPFL. This 4-year project, which startedin the autumn of 2005, aims at the development and verification ofsecurity and privacy protocols for wireless networks. We thus expectthat it will be possible to re-use in AVANTSSAR some of the techniquesdeveloped in VerSePro and vice versa. Point of contact for VerSePro:David Basin.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 60/165
• ETH Zurich is involved in the project ComposeSec (funded by theHasler Foundation). This 3-year project, which started in September2007, aims at analyzing complex protocol suites or services built bycombining networked components. The goal of this project is to developeffective compositional methods, with accompanying tool support, totackle this problem. This includes foundational work on bridging thegap between currently used security protocol models and high-levelanalysis models of composed services. Point of contact for ComposeSec:Cas Cremers.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 61/165
5.4 Involvement of project participants in scientific eventsScientific events sponsored by AVANTSSAR
1. ARSPAWorkshop series on Automated Reasoning for Security Protocol Analy-sis.Several project participants, rotating yearly.
2. ARSPA-WITS’09Joint Workshop on “Automated Reasoning for Security Protocol Anal-ysis and Issues in the Theory of Security”, affiliated with ETAPS 2009.York, UK, March 28 and 29, 2009.Luca Viganò (UNIVR) co-chair.Luca Compagna (SAP) and Sebastian Mödersheim (IBM) PC mem-bers.
3. Special issue of the Journal of Automated Reasoning on “ComputerSecurity: Foundations and Automated Reasoning” in connection withthe “Joint Workshop on Foundations of Computer Security, AutomatedReasoning for Security Protocol Analysis and Issues in the Theory ofSecurity” (FCS-ARSPA-WITS’08).Luca Viganò (UNIVR) co-editor.
4. ARSPA-WITS’10Joint Workshop on “Automated Reasoning for Security Protocol Anal-ysis and Issues in the Theory of Security”, affiliated with ETAPS 2010.Paphos, Cyprus, March 27 and 28, 2010.Alessandro Armando (UGDIST) co-chair.Luca Viganò (UNIVR), Cas Cremers (ETH Zurich), Michael Rusi-nowitch (INRIA), Yannick Chevalier (UPS-IRIT), Sebastian Möder-sheim (IBM), Luca Compagna (SAP) and Jorge Cuellar (SIEMENS)PC members.
Other scientific events
5. FCSWorkshop series on the Foundations of Computer Security.Luca Viganò (UNIVR) chair of the Steering Committee.
6. FCS’09Workshop on Foundations of Computer Security (Affiliated with LICS’09).Los Angeles, California, USA, August 10, 2009.Luca Viganò (UNIVR) and Cas Cremers (ETH Zurich) PC members.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 62/165
7. ADDCT’09Workshop on Automated Deduction: Decidability, Complexity, Tractabil-ity (Affiliated with CADE-22).McGill University, Montreal, Canada, August 2–7, 2009.Luca Viganò and Silvio Ranise (UNIVR) PC members.
8. ARES’09International Dependability Conference.Fukuoka, Japan, March 16–19 2009.Luca Viganò (UNIVR) PC member.
9. ESORICS’0914th European Symposium on Research in Computer Security.Saint Malo France, September 21–25, 2009.Luca Viganò (UNIVR) and David Basin (ETH Zurich) PC members.
10. FIS’09The Second Future Internet Symposium.Berlin, Germany, September 1–3, 2009Luca Viganò (UNIVR) and Alessandro Armando (UGDIST) PC mem-bers.
11. FMWS’09Second International Workshop on Formal Methods for Wireless Sys-tems (Satellite workshop of CONCUR 2009).Bologna, Italy, September 1–4, 2009.Luca Viganò (UNIVR) PC member.
12. SECREYPT’09International Conference on Security and Cryptography.Milan, Italy, July 7–10, 2009.Luca Viganò (UNIVR) PC member.
13. SECURWARE’09The Third International Conference on Emerging Security Information,Systems and Technologies.Athens/Glyfada, Greece, June 18–23, 2009.Luca Viganò (UNIVR) PC member.
14. STM’095th International Workshop on Security and Trust Management (Inconjunction with ESORICS’09).
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 63/165
Saint Malo France, September 24–25, 2009.Luca Viganò (UNIVR) and Cas Cremers (ETH Zurich) PC members.
15. AVOCSWorkshop on Automated Verification of Critical Systems.Swansea University, UK, 23-25 September 2009.Silvio Ranise (UNIVR) PC member.
16. AVOCSWorkshop on Automated Verification of Critical Systems.University of Düsseldorf, Germany, 20-23 September 2010.Silvio Ranise (UNIVR) PC member.
17. PAARFLoC/IJCAR’10 Workshop on Practical Aspects of Automated Rea-soning.Edinburgh, UK, July 2010.Silvio Ranise (UNIVR) PC member.
18. FroCoSInternational Symposium on Frontiers of Combining Systems.Trento, Italy, September 16–18, 2009.Silvio Ranise (UNIVR) PC member.
19. SMTInternational Workshop on Satisfiability Modulo Theories (affiliatedwith CADE 2009).McGill University, Montreal, Canada, August 2–3, 2009.Silvio Ranise (UNIVR) PC member.
20. FTPInternational Workshop on First-Order Theorem Proving (co-locatedwith TABLEAUX 2009).University of Oslo, Norway, July 6–7 2009Silvio Ranise (UNIVR) PC member.Michael Rusinowitch (INRIA) PC member.
21. SAC’0924th ACM Symposium on Appplied ComputingHonolulu, USA, March 8–12, 2009. David Basin (ETH Zurich) PCmember.
22. ASIACCS’094th ASIA Computer and Communication Security Conference
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 64/165
Sidney, Australia, March 2009.David Basin (ETH Zurich) PC member.
23. iNetSec’09Workshop on Open Research Problems in Network Security.Zurich, Switzerland, April 2009.David Basin (ETH Zurich) PC member.
24. WiSec’092nd ACM Conference on Wireless Network Security.Zurich, Switzerland, May 2009.David Basin (ETH Zurich) Conference Chair.
25. SecReT’094th International Workshop on Security and Rewriting Techniques.New York, USA, July 2009.David Basin (ETH Zurich) PC member.
26. EUROPKI’09The sixth European PKI Workshop.Pisa, Italy, September 9-11, 2009.Cas Cremers (ETH Zurich) PC member.
27. SAC SVT 2010Software Verification and Testing Track at the ACM Symposium onApplied Computing.Lausanne, Switzerland, March 22-26, 2010.Mohammad Torabi Dashti (ETH Zurich) PC member.
28. ASIACCS’10ACM Symposium on Information, Computer and Communications Se-curity (ASIACCS).Beijing, China, March 2010.David Basin (ETH Zurich) Program Chair.Michael Rusinowitch (INRIA) PC member.
29. CADE22nd International Conference on Automated Deduction.McGill University, Montreal, Canada, August 2–7, 2009Michael Rusinowitch (INRIA) PC member
30. CRISISThe 4th International Conference on Risks and Security of Internet
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 65/165
and Systems 2009 (IEEE technical co-sponsorship in cooperation withACM SIGSAC Supported by SEE).Toulouse, France October 19–22, 2009.Michael Rusinowitch (INRIA) PC member
31. SARSSI’09Conférence sur la sécurité des architectures réseaux et des systèmesd’information.Luchon, France, June 22–26, 2009.Michael Rusinowitch (INRIA) PC member
32. 1st Luxembourg Day on Security and Reliability.University Campus Kirchberg, Luxembourg city, Luxembourg, Febru-ary 10, 2009.Michael Rusinowitch (INRIA) PC member
33. ASE201025th IEEE/ACM International Conference on Automated Software En-gineering.Antwerp, Belgium, September 20–24, 2010.Alessandro Armando (UGDIST), PC member
34. IJCAR 20105th International Joint Conference on Automated Reasoning.Edinburgh, Scotland, July 16–19, 2010.Alessandro Armando (UGDIST), PC member
35. AISC 201010th International Conference on Artificial Intelligence and SymbolicComputation.Paris, France, July 5–6, 2010.Alessandro Armando (UGDIST), PC member
36. Secret 2010Workshop on Security and Rewriting Techniques.Port Jefferson, New York, USA, July 10–11, 2009.Yannick Chevalier (UPS-IRIT), PC member
37. ARES 2010The Fifth International Conference on Availability, Reliability and Se-curity.Krakow,Poland, February 15–18, 2010.Sebastian Mödersheim (IBM), PC member
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 66/165
38. FM’0916th International Symposium on Formal Methods.Eindhoven, the Netherlands, November 2–6, 2009.Jorge Cuellar (SIEMENS), Marius Minea (IEAT) PC members.
39. SAC SEC 2009Security Track at the ACM Symposium on Applied Computing.Honolulu, USA, March 8–12, 2009. Giampaolo Bella and Luca Com-pagna (SAP) co-chairs.
40. SAC SEC 2010Security Track at the ACM Symposium on Applied Computing.Lausanne, Switzerland, March 22–26, 2010. Luca Compagna and Alessan-dro Sorniotti (SAP) co-chairs. Cas Cremers (ETH Zurich) PC member.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 67/165
5.5 AVANTSSAR publications and draftsDuring the second year, the project participants produced 30 papers pub-lished or currently in print about the project’s foreground, thus amountingto 49 papers since the start of the project. Moreover, 7 more papers are cur-rently submitted and further papers are in preparation. Last but not least,4 PhD theses have been completed on AVANTSSAR research.
AVANTSSAR publications
[1] H. Abdelnur, T. Avanesov, M. Rusinowitch, and R. State. AbusingSIP Authentication. Journal of Information Assurance and Security,4(4):311-318, 2009.
[2] S. Anantharaman, H. Lin, C. Lynch, P. Narendran, and M. Rusinow-itch. Unification modulo homomorphic encryption. In Proceedings ofFrontiers of Combining Systems, 7th International Symposium, FroCoS2009., LNCS 5749. Springer-Verlag, 2009.
[3] A. Armando, R. Carbone, and L. Compagna. LTL Model Checkingfor Security Protocols. Journal of Applied Non-Classical Logics, specialissue on “Logic and Information Security”, vol. 19/4, pp. 403-429, 2009.
[4] A. Armando, E. Giunchiglia, and S. E. Ponta. Formal specificationand automatic analysis of business processes under authorization con-straints: An action-based approach. In G. Pernul, S. Fischer-Huebner,and C. Lambrinoudakis, editors, TrustBus’09: Proceedings of the 6th In-ternational Conference on Trust, Privacy and Security in Digital Busi-ness, pages 63–72, 2009. Springer-Verlag.
[5] A. Armando and S. E. Ponta. Model Checking of Security-sensitiveBusiness Processes. In P. Degano and J. Guttman, editors, Proceedingsof the 6th International Workshop on Formal Aspects in Security andTrust (FAST2009). Springer-Verlag. To appear.
[6] C. Arora and M. Turuani. Validating integrity for the ephemerizer’s pro-tocol with CL-atse. Papers Issued from the 2005-2008 French-JapaneseCollaboration, LNCS 5458, pages 21-32. Springer-Verlag, 2009.
[7] W. Arsac, G. Bella, X. Chantry, and L. Compagna. Attacking EachOther. In 17th International Workshop on Security Protocols (IWSP2009), LNCS. Springer-Verlag, 2009.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 68/165
[8] W. Arsac, G. Bella, X. Chantry, and L. Compagna. Validating SecurityProtocols under the General Attacker. In Joint Workshop on AutomatedReasoning for Security Protocol Analysis and Issues in the Theory ofSecurity (ARSPA-WITS 2009), ENTCS. Elsevier-Science, 2009.
[9] P. Balbiani, Y. Chevalier, and M. el Houri. Approche logique pour lescontraintes de contrôle d’accès dans les services web. Presented at theInforsid/SDEC 2009 workshop, 2009.
[10] P. Balbiani, Y. Chevalier, and M. el Houri. A logical framework forreasoning about policies with trust negotiations and workflows in a dis-tributed environment. Proceedings of the 4th International Conferenceon Risks and Security of Internet and Systems (Crisis’2009), 2009.
[11] P. Balbiani, F. Cheikh, and G. Feuillade. Résultats de complexité pourle problème de la composition d’agents. Cinquièmes Journées Franco-phones Modèles Formels de l’Interaction (MFI 09), to appear.
[12] P. Balbiani, F. Cheikh, and G. Feuillade. Controller/orchestrator syn-thesis via filtration. Methods for Modalities (M4M 2009), ElectronicNotes in Theoretical Computer Science, to appear.
[13] P. Balbiani, F. Cheikh, P.-C. Héam, and O. Kouchnarenko. Compositionof services with constraints. Formal Aspects of Component Software,Electronic Notes in Theoretical Computer Science, to appear.
[14] M. Barletta, S. Ranise, and L. Viganò. Verifying the Inter-play of Authorization Policies and Workflow in Service-Oriented Ar-chitectures. In Proceedings of the 2009 International Symposiumon Secure Computing (SecureCom 2009), Volume 3 of 2009 In-ternational Conference on Computational Science and Engineering(CSE 2009), pages 289–299. IEEE Computer Society Press, 2009.http://doi.ieeecomputersociety.org/10.1109/CSE.2009.172.
[15] A. Brucker and S. Mödersheim. Integrating Automated and InteractiveProtocol Verification. In P. Degano and J. Guttman, editors, Proceedingsof the 6th International Workshop on Formal Aspects in Security andTrust (FAST2009). Springer-Verlag. To appear.
[16] Y. Chevalier, M.A. Mekki, and M. Rusinowitch. Orchestration undersecurity constraints. In P. Degano and J. Guttman, editors, Proceedingsof the 6th International Workshop on Formal Aspects in Security andTrust (FAST2009). Springer-Verlag. To appear.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 69/165
[17] Y. Chevalier and M. Rusinowitch. Compiling and securing cryptographicprotocols. CoRR, abs/0910.5099, to appear.
[18] N. Chridi, M. Turuani, and M. Rusinowitch. Decidable Analysis for aClass of Cryptographic Group Protocols with Unbounded Lists. In Pro-ceedings of the 22nd IEEE Computer Security Foundations Symposium(CSF’09), pages 277-289. IEEE Computer Society, 2009.
[19] L. Compagna, U. Flegel, and V. Lotz. Towards Validating SecurityProtocol Deployment in the Wild. In SAPSE 2009. IEEE ComputerSociety Press, 2009.
[20] B. Groza and M. Minea. A calculus to detect guessing attacks. In Pro-ceedings of the 12th International Conference on Information Security,LNCS 5735, pages 59–67. Springer-Verlag, 2009.
[21] B. Groza and M. Minea. A formal approach for automated reasoningabout off-line and undetectable on-line guessing (short paper). In Pro-ceedings of the 14th International Conference on Financial Cryptographyand Data Security, LNCS. Springer-Verlag, to appear.
[22] A. Imine, A. Cherif, and M. Rusinowitch. A Flexible Access ControlModel for Distributed Collaborative Editors. In Secure Data Manage-ment, 6th VLDB Workshop, SDM 2009, LNCS 5776, pages 89–106,Springer-Verlag, 2009.
[23] S. Mauw, S. Radomirović, and M. Torabi Dashti. Minimal messagecomplexity of asynchronous multi-party contract signing. In Proceedingsof the 22nd IEEE Computer Security Foundations Symposium (CSF’09),pages 13–25. IEEE Computer Society, 2009.
[24] S. Mödersheim. Algebraic Properties in Alice and Bob Notation. InProceedings of Ares 2009. IEEE Computer Society, 2009. Extendedversion available as IBM Research Report RZ3709.
[25] S. Mödersheim and L. Viganò. Secure Pseudonymous Channels. InProceedings of Esorics’09, LNCS 5789, pages 337–354. Springer-Verlag,2009. Extended version: Technical Report RZ3724, IBM Zurich Re-search Lab, 2009, domino.research.ibm.com/library/cyberdig.nsf.
[26] S. Mödersheim and L. Viganò. The Open-Source Fixed-Point ModelChecker for Symbolic Analysis of Security Protocols. In FOSAD2008/2009, LNCS 5705, pages 166–194. Springer-Verlag, 2009.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 70/165
[27] S. Mödersheim, L. Viganò, and D. Basin. Constraint Differentiation:Search-Space Reduction for the Constraint-Based Analysis of SecurityProtocols. Journal of Computer Security, (to appear).
[28] S. Ranise. Towards Verification of Security-Aware Transaction E-services, 2009. In Proceedings of International Workshop on First-OrderTheorem Proving, Oslo, Norway, July 6-7 2009.
[29] C. Rudolph, L. Compagna, R. Carbone, A. Muñoz, and J. Repp. Ver-ification of S&D Solutions for Network Communications and Devices.In G. Spanoudakis, A. M. Gomez, and S. Kokolakis, editors, Securityand Dependability for Ambient Intelligence, volume 45 of Advances inInformation Security, pages 143–164. Springer, 2009.
[30] M. Torabi Dashti. Optimistic fair exchange using trusted devices. In Pro-ceedings of the 11th International Symposium on Stabilization, Safety,and Security of Distributed Systems (SSS 2009). Springer-Verlag, 2009.
AVANTSSAR drafts
[31] M. Barletta, S. Ranise, and L. Viganò. A Declarative Two-Level Frame-work to Specify and Verify Workflow and Authorization Policies inService-Oriented Architectures. 2009. Draft, submitted to a journal.
[32] D. Basin and C. Cremers. From Dolev-Yao to Strong Adaptive Corrup-tion: Analyzing Security in the Presence of Compromising Adversaries,2009. Draft, submitted.
[33] E. Burato, M. Cristani, and L. Viganò. A Deduction System for MeaningNegotiation. 2009. Draft, submitted.
[34] J. Camenisch, S. Mödersheim, G. Neven, F.-S. Preiss, and D. Sommer. ACredential-Based Access Control Requirements Language. 2009. Draft,available as IBM Research Report RZ3748.
[35] Y. Chevalier and M. Kourjieh. Decidability of Ground Entailment Prob-lems for Order Saturated Sets of Clauses. 2009. Draft, available as IRITResearch Report IRIT/RR–2010-3–FR.
[36] A. Masini, L. Viganò, and M. Volpe. Labeled Natural Deduction fora Bundled Branching Temporal Logic. 2009. Draft, submitted to ajournal.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 71/165
[37] S. Mödersheim and D. Sommer. A Formal Model of Identity Mixer.2009. Draft, available as IBM Research Report RZ3749.
5.6 AVANTSSAR theses
[38] R. Carbone. LTL Model-Checking for Security Protocols. Univer-sità degli Studi di Genova, Italy - 2009. http://ai-lab.it/carbone/Phd-thesis/
[39] F. Cheikh. Composition de services: algorithmes et complexité. PhDthesis, Université de Toulouse, Toulouse, France, 2009.
[40] N. Chridi. Contributions à la vérification automatique de protocoles degroupes Université Henri Poincaré - Nancy 1, September 2009. http://tel.archives-ouvertes.fr/tel-00417290/en/
[41] M. Kourjieh. Logical analysis and verification of cryptographic proto-cols. PhD thesis, Université de Toulouse, France, 2009.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 72/165
5.7 AVANTSSAR talks and presentations1. Secure pseudonymous channels
Luca Viganò (UNIVR)Presentation of [25] at the Center for Logic and Computation of the In-stituto Superior Tecnico, Lisbon, Portugal, January 23, 2009. (Alreadylisted in D1.3 [AVA08a].)
2. La sicurezza informatica: attacchi e soluzioniLuca Viganò (UNIVR)Invited talk, including a project presentation, at “Infinita...mente” (aweekend of science and arts, http://www.infinitamente.univr.it/),Verona, Italy, January 31 and February 1, 2009. (Already listed inD1.3 [AVA08a].)
3. Secure pseudonymous channelsLuca Viganò (UNIVR)Invited talk in theWorkshoplet on Formal Methods for Security, Padova,Italy, March 12, 2009.
4. Secure pseudonymous channelsLuca Viganò (UNIVR)Presentation of [25] at the Department of Informatics and Mathemat-ics, Technical University of Denmark, Copenhagen, Denmark, April 2,2009.
5. Validation methodologiesLuca Viganò (UNIVR)Invited keynote at the FIA Prague Trust and Identity Session “IdentityProvisioning in service platforms”, Future Internet Conference, Prague,Czech Republic, May 12, 2009.
6. Verifying the Interplay of Authorization Policies and Workflow in Service-Oriented ArchitecturesLuca Viganò (UNIVR)Presentation of [14] at the Center for Logic and Computation of theInstituto Superior Tecnico, Lisbon, Portugal, July 10, 2009.
7. On-the-Fly Model Checking of Security Protocols and Web ServicesLuca Viganò (UNIVR)Invited lecture at the 9th International School on Foundations of Secu-rity Analysis and Design (FOSAD), Centro Universitario Residenzialedi Bertinoro, FC, Italy, August 29 – September 04, 2009.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 73/165
8. Verso la validazione automatica della sicurezza delle architetture ori-entate ai serviziLuca Viganò (UNIVR)Faculty of Sciences of the University of Verona, Verona, Italy, Septem-ber 23, 2009.
9. Automated Validation of Trust and Security of Service-oriented Archi-tecturesLuca Viganò (UNIVR)Invited talk at the ZISC Colloquium, Zurich Information Security Cen-ter (ZISC), Zurich, Switzerland, November 24, 2009.
10. Verifying the Interplay of Authorization Policies and Workflow in Service-Oriented ArchitecturesMichele Barletta (UNIVR).Presentation of [14] at the 9th International School on Foundations ofSecurity Analysis and Design (FOSAD), Centro Universitario Residen-ziale di Bertinoro, FC, Italy, September 04, 2009.
11. Towards Verification of Security-Aware Transaction E-servicesSilvio Ranise (UNIVR)International Workshop on First-Order Theorem Proving, Oslo, Nor-way, July 6–7 2009.Presentation of [28].
12. Verifying the Interplay of Authorization Policies and Workflow in Service-Oriented ArchitecturesSilvio Ranise (UNIVR)International Symposium on Secure Computing (SecureCom 2009),Vancouver, Canada, August 29–31.Presentation of [14].
13. Verifying the Interplay of Authorization Policies and Workflow in Service-Oriented ArchitecturesSilvio Ranise (UNIVR)Microsoft Research, Redmond, WA, USA, September 01.Invited presentation of [14].
14. Optimistic fair exchange using trusted devicesMohammad Torabi Dashti (ETH Zurich)11th International Symposium on Stabilization, Safety, and Security ofDistributed Systems (SSS 2009), Lyon, France, November 3–6, 2009.Presentation of [30]
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 74/165
15. From Dolev-Yao to Strong Adaptive Corruption: Analyzing Security inthe Presence of Compromising AdversariesCas Cremers (ETH Zurich)Invited talk at the Security Seminar at VERIMAG, Grenoble, France,February 10, 2009.
16. From Dolev-Yao to Strong Adaptive Corruption: Analyzing Security inthe Presence of Compromising AdversariesCas Cremers (ETH Zurich)Invited talk in theWorkshoplet on Formal Methods for Security, Padova,Italy, March 12, 2009.
17. Cryptographic protocols as Building Blocks: From the Man-in-the-Middleattack to Compositional Symbolic AnalysisCas Cremers (ETH Zurich)Invited talk at the LSV Seminar, ENS Cachan, Paris, France, March31, 2009.
18. Session-state Reveal is stronger than Ephemeral Key Reveal: Attackingthe NAXOS Authenticated Key Exchange protocolCas Cremers (ETH Zurich)ACNS’09, Paris, France, June 2, 2009.
19. Formalizing and analyzing compromising adversariesCas Cremers (ETH Zurich)Invited talk at the Information Security seminar at Royal HollowayUniversity of London, November 12, 2009.
20. Validating Integrity for the Ephemerizer’s Protocol with CL-AtseMathieu Turuani (INRIA)1st Luxembourg Day on Security and Reliability. Luxembourg, Febru-ary 10, 2009.
21. Decidable Analysis for a Class of Cryptographic Group Protocols withUnbounded ListsNajah Chridi (INRIA)22nd IEEE Computer Security Foundations Symposium. Port Jeffer-son. July 8-10. Presentation of [18].
22. A Flexible Access Control Model for Distributed Collaborative EditorsAsma Cherif (INRIA)Secure Data Management, 6th VLDB Workshop, SDM 2009. Lyon,August 28. Presentation of [22].
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 75/165
23. Orchestration under security constraints.Mohamed Anis Mekki (INRIA)6th International Workshop on Formal Aspects in Security and Trust(FAST2009). Eindhoven, the Netherlands, November 5–6, 2009.Presentation of [5].
24. Master Courses on Security of Web Services.and Master Courses on Security of Networks and Services.Laurent Vigneron (INRIA, Nancy 2) Fall 2009. University of Nancy,France.
25. Approche logique pour les contraintes de contrôle d’accès dans les ser-vices WebMarwa El Houri (UPS-IRIT)1er atelier sur les droits d’accès à des services et des données définisdans un environnement collaboratif (SDEC 2009). Toulouse, May 2009.Presentation of [9].
26. A logical framework for reasoning about policies with trust negotiationsand workflows in a distributed environmentMarwa El Houri (UPS-IRIT)4th International Conference on Risks and Security of Internet andSystems (CRiSIS 2009). Toulouse, October 2009.Presentation of [10].
27. Résultats de complexité pour le problème de la composition d’agentsGuillaume Feuillade (UPS-IRIT)5èmes journées francophones sur les modèles formels de l’interaction(MFI 2009). Lannion, June 2009.Presentation of [11].
28. Controller/orchestrator synthesis via filtrationGuillaume Feuillade (UPS-IRIT)Methods for Modalities (M4M 2009). Copenhagen, November 2009.Presentation of [12].
29. Formal Analysis of SAML 2.0 Web Browser Single Sign-On: Breakingthe SAML-based Single Sign-On for Google AppsAlessandro Armando (UGDIST)Invited Talk at Center for Information Technology - IRST, FondazioneBruno Kessler, Trento, March 2, 2009.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 76/165
30. Formal Specification and Automatic Analysis of Business Processes un-der Authorization Constraints: an Action-based Approach.Serena Elisa Ponta (UGDIST)6th International Conference on Trust, Privacy and Security in DigitalBusiness (TrustBus’09). Linz, Austria, August 31–September 4, 2009.Presentation of [4].
31. Model Checking of Security-sensitive Business Processes.Serena Elisa Ponta (UGDIST)6th International Workshop on Formal Aspects in Security and Trust(FAST2009). Eindhoven, the Netherlands, November 5–6, 2009.Presentation of [5].
32. Algebraic Properties in Alice and Bob NotationSebastian Mödersheim (IBM)4th International Conference on Availability, Reliability and Security(ARES), Fukuoka, Japan, March 16th - 19th, 2009.Presentation of [24]
33. Secure Pseudonymous ChannelsSebastian Mödersheim (IBM)14th European Symposium on Research in Computer Security (ES-ORICS), Saint Malo, France, September 21–23, 2009.Presentation of [25]
34. Integrating Automated and Interactive Protocol VerificationSebastian Mödersheim (IBM) (with Achim Brucker (SAP))6th International Workshop on Formal Aspects in Security and Trust(FAST), Eindhoven, the Netherlands, November 5–6, 2009.Presentation of [15].
35. A calculus to detect guessing attacksMarius Minea (IEAT)12th International Conference on Information Security, Pisa, Italy, Septem-ber 7–9, 2009.Presentation of [20].
36. Validating Security Protocols under the General AttackerXavier Chantry (SAP)Joint Workshop on Automated Reasoning for Security Protocol Anal-ysis and Issues in the Theory of Security (ARSPA-WITS 2009, March28-29, 2009, York, UK.Presentation of [8].
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 77/165
37. Attacking Each OtherXavier Chantry (SAP)17th International Workshop on Security Protocols (IWSP 2009), April1-3, 2009, Cambridge, UK.Presentation of [7].
38. AVANTSSAR Demo on Trust and Security of Internet of Services (IoS)Alessandro Sorniotti (SAP)The Future of the Internet Conference (FIA Prague), May 11-13, 2009,Prague, Czech Republic.Demo of the discovery of the serious vulnerability to SAML-based SSOfor Google Apps.
39. Avantssar Industry Migration: NW SAML NGSSO - Initial set of re-sults of 2009 collaborationLuca Compagna (SAP)SAP AG - NW SIM, June 16, 2009, Virtual talk.The initial set of results have been discussed with the SAP SteeringCommittee and Experts Group (people selected from SAP NW Secu-rity and Identity Management).
40. Avantssar Industry Migration: NW BPM - security validator plugin -interim result of 2009 collaborationWihem Arsac (SAP)NetWeaver BPM transfering activity review, September 28, 2009, Wall-dorf, Germany.The interim results have been discussed with the SAP NetWeaver BPMtransfering committee (people selected from SAP NW Business ProcessManagement).
41. Model Checking (security-annotated) Business Processes in SAP NetWeaverBPMWihem Arsac (SAP)Security Week at SAP LABS France, November 23-27, 2009, SophiaAntipolis, France.
42. Avantssar Industry Migration: NW SAML NGSSO - results of 2009collaboration and next stepsLuca Compagna (SAP)SAP AG - NW SIM, November 26, 2009, Walldorf, Germany.The final results achieved in 2009 and next steps have been discussedwith the SAP Steering Committee and Experts Group (people selectedfrom SAP NW Security and Identity Management).
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 78/165
43. Avantssar Industry Migration: NW BPM - our security validator pluginLuca Compagna (SAP)SAP AG - NW BPM, November 27, 2009, Walldorf, Germany.Presentation of the pre-final results achieved to core people of SAPNetWeaver BPM.
44. Avantssar Industry Migration: NW BPM - our security validator pluginWihem Arsac (SAP)SAP AG - Sales Montpellier, December 14, 2009, Virtual talk.Presentation of our security validator plugin to SAP Sales. This workmay be showed in the future to events targeting SAP customers.
45. Avantssar Industry Migration: NW BPM - security validator plugin -result of 2009 collaboration and next stepsWihem Arsac (SAP)NetWeaver BPM transfering activity review, December 15, 2009, Wall-dorf, Germany.The final results achieved in 2009 and next steps have been discussedwith the SAP NetWeaver BPM transfering committee (people selectedfrom SAP NW Business Process Management).
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 79/165
6 Explanation of the use of the resourcesThe following pages detail the resources and the cost breakdown (including alist of the meetings and related expenses). The resources and correspondingcosts are all inline with what planned and estimated in the Description ofWork.
We begin by detailing the resources, then provide explanations of person-nel costs, subcontracting and any major direct costs, and conclude by listingthe costs for the meetings (grouped as “General project meetings”, “Workingmeetings” and “Participation to European and scientific events”).
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 80/165
6.1 ResourcesThe tables Table 4 – Table 7 summarize the total resources for Period P2.Progress overview sheets for the beneficiaries, detailing the resources, aregiven in tables Table 8 – Table 17.
Some remarks:
• The additional effort by UNIVR on WP5 is due to the fact that juniorresearchers were hired to work on the project, which resulted in thework being carried out with an effort higher than originally plannedbut within the foreseen overall costs. Therefore, this deviation withrespect to the initial estimate has marginal impact on the resources.
• Considering the effort annual average, IRIT’s effort for 2009 was around4 person-months more than expected. This effort increase is related tothe completion of their PhD by two of our students. The impact isnonetheless marginal, because of the cost structure, on the overall costfor the IRIT partner.
• The additional effort by UGDIST on WP2 is due to the fact that juniorresearchers were hired to work on the project, which resulted in thework being carried out with an effort higher than originally plannedbut within the foreseen overall costs. Therefore, this deviation withrespect to the initial estimate has marginal impact on the resources.
• IEAT’s effort for 2009 was 3 person-months less than planned, dueto a leave of absence taken by a PhD student at the beginning ofthe year. For 2010, IEAT will employ part-time an additional PhDand a Master’s student, for work on WP4 (tool support) and WP5(modelling), resulting in additional person-months to the project at noextra cost.
• The reduced effort by SAP is due to the fact that a number of seniorresearchers were hired to work on the project, which resulted in thework being carried out with an effort lower than originally planned butwithin the foreseen overall costs. Therefore, this deviation with respectto the initial estimate has marginal impact on the resources.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 81/165
Table4:
Totalresou
rces
forPe
riodP2
WP
/Task
Sta
rtE
nd
Sta
rtE
nd
Est
To
tal
Act
P1
Act
P2
Act
P1+
P2
Rem
ain
ing
effort
Pro
ject
Man
ag
em
en
tW
P 1
136
136
22.0
05.4
87.1
312.6
19.3
9
Pro
ject C
oord
inatio
nW
P 1
.11
36
1
5.2
50.9
42.1
33.0
7
Pro
ject M
eetin
gs
WP
1.2
136
1
9.3
03.0
02.1
15.1
1
Pro
ject A
dm
inis
tratio
nW
P 1
.31
36
1
7.4
51.5
42.8
94.4
3
Mo
delin
g t
rust
an
d s
ecu
rity
asp
ects
…W
P 2
130
130
99.0
038.7
252.2
590.9
78.0
3
Initi
al v
ers
ion o
f A
SLan…
WP
2.1
19
19
37.5
035.5
76.2
241.7
9
Ext
ended v
ers
ion o
f A
SLan…
WP
2.2
10
18
10
32.7
53.1
545.3
348.4
8
Fin
al v
ers
ion o
f A
SLan…
WP
2.3
19
30
28.7
50.0
00.7
00.7
0
Au
tom
ate
d r
easo
nin
g t
ech
niq
ues
WP
31
36
1
154.0
047.9
460.9
5108.8
945.1
1
Satis
fiabili
ty o
f A
SLan p
olic
ies
WP
3.1
130
1
45.9
810.0
817.6
627.7
4
Model c
heckin
g o
f A
SLan s
erv
ices…
WP
3.2
632
6
33.6
66.7
917.7
224.5
1
Attacker
models
WP
3.3
110
110
35.7
027.9
414.9
142.8
5
Com
posi
tional r
easo
nin
g f
or
serv
ices
…W
P 3
.46
34
6
26.6
62.7
28.7
311.4
5
Abst
ractio
n techniq
ues…
WP
3.5
934
9
12.0
00.4
11.9
32.3
4
Th
e A
VA
NT
SS
AR
Valid
ati
on
Pla
tfo
rmW
P 4
136
136
110.0
010.9
942.0
453.0
356.9
7
The T
S O
rchest
rato
rW
P 4
.16
30
6
35.5
07.1
98.6
015.7
9
The T
S V
alid
ato
rW
P 4
.26
30
6
52.7
53.5
015.3
618.8
6
Pla
tform
inte
gra
tion
WP
4.3
630
6
21.7
50.3
018.0
818.3
8
Pro
of
of
co
ncep
tW
P 5
136
136
109.0
045.8
941.9
087.7
921.2
1
Definiti
on o
f th
e r
ele
vant pro
ble
m c
ase
sW
P 5
.11
61
619.5
027.8
40.5
528.3
9
Form
alis
atio
n o
f th
e p
roble
m c
ase
sW
P 5
.23
30
3
48.5
016.0
525.8
441.8
9
Valid
atio
n o
f th
e p
roble
m c
ase
sW
P 5
.39
36
9
24.0
02.0
09.8
511.8
5
Ass
ess
ment
WP
5.4
936
9
17.0
00.0
05.6
65.6
6
Dis
sem
inati
on
an
d in
du
str
y m
igra
tio
nW
P 6
136
136
96.0
018.8
122.4
341.2
454.7
6
Dis
sem
inatio
nW
P 6
.11
36
1
37.0
04.7
511.4
816.2
3
Mig
ratio
n to in
dust
rial d
eve
lopm
ent env
WP
6.2
136
1
51.0
013.7
68.9
522.7
1
Mig
ratio
n to s
tandard
isatio
n b
odie
sW
P 6
.325
36
4
8.0
00.3
02.0
02.3
0
590.0
0167.8
4226.7
0394.5
4195.4
6
To
tal
AV
AN
TS
SA
R
Pla
nn
ed
Date
Actu
al D
ate
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 82/165
Table5:
Totalr
esou
rces
forPe
riodP2
(fulltable,
part
1/3)
P1
P2
P3
P1
P2
P3
P1
P2
P3
WP
/Task
Sta
rtE
nd
Sta
rtE
nd
Act
Act
Act
Est
Act
Act
Act
Act
Est
Act
Act
Act
Act
Est
Act
Pro
ject
Man
ag
em
en
tW
P 1
136
136
2.7
64.5
40.0
013.0
07.3
00.3
00.3
00.0
01.0
00.6
00.3
00.3
00.0
01.0
00.6
0
Pro
ject C
oord
inatio
nW
P 1
.11
36
1
0.9
42.1
20.0
05.0
03.0
60.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
0
Pro
ject M
eetin
gs
WP
1.2
136
1
1.1
80.6
20.0
04.0
01.8
00.2
00.2
00.0
00.7
00.4
00.2
00.2
00.0
00.7
00.4
0
Pro
ject A
dm
inis
tratio
nW
P 1
.31
36
1
0.6
41.8
00.0
04.0
02.4
40.1
00.1
00.0
00.3
00.2
00.1
00.1
00.0
00.3
00.2
0
Mo
delin
g t
rust
an
d s
ecu
rity
asp
ects
…W
P 2
130
130
1.8
59.4
20.0
015.0
011.2
710.0
010.0
00.0
020.0
020.0
02.0
02.0
00.0
05.0
04.0
0
Initi
al v
ers
ion o
f A
SLan…
WP
2.1
19
19
1.7
00.0
00.0
05.0
01.7
09.0
01.0
00.0
07.0
010.0
02.0
00.0
00.0
01.0
02.0
0
Ext
ended v
ers
ion o
f A
SLan…
WP
2.2
10
18
10
0.1
58.7
20.0
05.0
08.8
71.0
09.0
00.0
07.0
010.0
00.0
02.0
00.0
02.0
02.0
0
Fin
al v
ers
ion o
f A
SLan…
WP
2.3
19
30
0.0
00.7
00.0
05.0
00.7
00.0
00.0
00.0
06.0
00.0
00.0
00.0
00.0
02.0
00.0
0
Au
tom
ate
d r
easo
nin
g t
ech
niq
ues
WP
31
36
1
6.4
610.0
10.0
020.0
016.4
74.0
08.0
00.0
026.0
012.0
09.7
07.3
00.0
023.0
017.0
0
Satis
fiabili
ty o
f A
SLan p
olic
ies
WP
3.1
130
1
0.6
02.2
30.0
08.0
02.8
30.0
00.0
00.0
02.0
00.0
01.7
01.3
00.0
08.0
03.0
0
Model c
heckin
g o
f A
SLan s
erv
ices…
WP
3.2
632
6
0.7
91.3
20.0
03.0
02.1
11.0
03.0
00.0
07.0
04.0
00.0
06.0
00.0
03.0
06.0
0
Attacker
models
WP
3.3
110
110
3.7
13.1
20.0
03.0
06.8
32.5
02.0
00.0
08.0
04.5
08.0
00.0
00.0
010.0
08.0
0
Com
posi
tional r
easo
nin
g f
or
serv
ices
…W
P 3
.46
34
6
1.2
22.5
60.0
03.0
03.7
80.5
03.0
00.0
09.0
03.5
00.0
00.0
00.0
02.0
00.0
0
Abst
ractio
n techniq
ues…
WP
3.5
934
9
0.1
40.7
80.0
03.0
00.9
20.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
0
Th
e A
VA
NT
SS
AR
Valid
ati
on
Pla
tfo
rmW
P 4
136
136
0.1
96.1
70.0
012.0
06.3
60.0
03.0
00.0
013.0
03.0
07.0
07.0
00.0
019.0
014.0
0
The T
S O
rchest
rato
rW
P 4
.16
30
6
0.1
90.6
20.0
05.0
00.8
10.0
01.0
00.0
02.0
01.0
07.0
06.0
00.0
011.0
013.0
0
The T
S V
alid
ato
rW
P 4
.26
30
6
0.0
02.4
30.0
07.0
02.4
30.0
02.0
00.0
010.0
02.0
00.0
00.0
00.0
08.0
00.0
0
Pla
tform
inte
gra
tion
WP
4.3
630
6
0.0
03.1
20.0
00.0
03.1
20.0
00.0
00.0
01.0
00.0
00.0
01.0
00.0
00.0
01.0
0
Pro
of
of
co
ncep
tW
P 5
136
136
7.6
46.8
60.0
05.0
014.5
03.7
04.7
00.0
07.0
08.4
02.0
02.0
00.0
06.0
04.0
0
Definiti
on o
f th
e r
ele
vant pro
ble
m c
ase
sW
P 5
.11
61
66.4
10.5
50.0
01.0
06.9
61.0
00.0
00.0
02.0
01.0
00.0
00.0
00.0
00.0
00.0
0
Form
alis
atio
n o
f th
e p
roble
m c
ase
sW
P 5
.23
30
3
1.2
34.7
60.0
02.0
05.9
92.7
04.0
00.0
02.0
06.7
01.0
01.0
00.0
03.0
02.0
0
Valid
atio
n o
f th
e p
roble
m c
ase
sW
P 5
.39
36
9
0.0
01.5
50.0
01.0
01.5
50.0
00.7
00.0
02.0
00.7
01.0
01.0
00.0
03.0
02.0
0
Ass
ess
ment
WP
5.4
936
9
0.0
01.4
60.0
01.0
01.4
60.0
00.0
00.0
01.0
00.0
00.0
00.0
00.0
00.0
00.0
0
Dis
sem
inati
on
an
d in
du
str
y m
igra
tio
nW
P 6
136
136
1.7
53.2
80.0
08.0
05.0
30.0
00.0
00.0
05.0
00.0
00.0
02.2
70.0
05.0
02.2
7
Dis
sem
inatio
nW
P 6
.11
36
1
1.7
52.9
60.0
06.0
04.7
10.0
00.0
00.0
03.0
00.0
00.0
02.2
70.0
04.0
02.2
7
Mig
ratio
n to in
dust
rial d
eve
lopm
ent env
WP
6.2
136
1
0.0
00.3
20.0
01.0
00.3
20.0
00.0
00.0
01.0
00.0
00.0
00.0
00.0
01.0
00.0
0
Mig
ratio
n to s
tandard
isatio
n b
odie
sW
P 6
.325
36
4
0.0
00.0
00.0
01.0
00.0
00.0
00.0
00.0
01.0
00.0
00.0
00.0
00.0
00.0
00.0
0
20.6
540.2
80.0
073.0
060.9
318.0
026.0
00.0
072.0
044.0
021.0
020.8
70.0
059.0
041.8
7
UN
IVR
ET
H Z
uri
ch
INR
IA
Pla
nn
ed
Date
Actu
al
Date
To
tal
To
tal
To
tal
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 83/165
Table6:
Totalr
esou
rces
forPe
riodP2
(fulltable,
part
2/3)
P1
P2
P3
P1
P2
P3
P1
P2
P3
P1
P2
P3
WP
/Task
Sta
rtE
nd
Sta
rtE
nd
Act
Act
Act
Est
Act
Act
Act
Act
Est
Act
Act
Act
Act
Est
Act
Act
Act
Act
Est
Act
Pro
ject
Man
ag
em
en
tW
P 1
136
136
0.2
50.2
50.0
01.0
00.5
00.5
00.0
00.0
01.0
00.5
00.3
00.6
50.0
01.0
00.9
50.4
00.3
00.0
01.2
00.7
0
Pro
ject
Coord
ination
WP
1.1
136
1
0.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
10.0
00.2
50.0
10.0
00.0
00.0
00.0
00.0
0
Pro
ject
Meetings
WP
1.2
136
1
0.2
50.2
50.0
00.7
00.5
00.0
00.0
00.0
00.3
00.0
00.3
00.2
50.0
00.5
00.5
50.4
00.1
00.0
00.7
00.5
0
Pro
ject
Adm
inis
tration
WP
1.3
136
1
0.0
00.0
00.0
00.3
00.0
00.5
00.0
00.0
00.7
00.5
00.0
00.3
90.0
00.2
50.3
90.0
00.2
00.0
00.5
00.2
0
Mo
delin
g t
rust
an
d s
ecu
rity
asp
ects
…W
P 2
130
130
4.7
84.4
00.0
08.0
09.1
82.0
013.0
00.0
05.0
015.0
03.9
52.1
20.0
06.0
06.0
70.4
00.6
00.0
03.0
01.0
0
Initia
l vers
ion o
f A
SLan…
WP
2.1
19
19
4.7
80.0
00.0
04.0
04.7
82.0
00.0
00.0
02.0
02.0
03.9
50.7
20.0
02.0
04.6
70.4
00.0
00.0
01.5
00.4
0
Ext
ended v
ers
ion o
f A
SLan…
WP
2.2
10
18
10
0.0
04.4
00.0
02.0
04.4
00.0
013.0
00.0
02.0
013.0
00.0
01.4
00.0
02.0
01.4
00.0
00.6
00.0
00.7
50.6
0
Fin
al vers
ion o
f A
SLan…
WP
2.3
19
30
0.0
00.0
00.0
02.0
00.0
00.0
00.0
00.0
01.0
00.0
00.0
00.0
00.0
02.0
00.0
00.0
00.0
00.0
00.7
50.0
0
Au
tom
ate
d r
easo
nin
g t
ech
niq
ues
WP
31
36
1
10.7
816.1
30.0
024.0
026.9
16.5
08.5
00.0
020.0
015.0
02.1
82.3
20.0
014.0
04.5
00.2
00.1
00.0
00.8
00.3
0
Satisfiabili
ty o
f A
SLan p
olic
ies
WP
3.1
130
1
7.7
814.1
30.0
016.0
021.9
10.0
00.0
00.0
04.0
00.0
00.0
00.0
00.0
02.0
00.0
00.0
00.0
00.0
00.3
20.0
0
Model checkin
g o
f A
SLan s
erv
ices…
WP
3.2
632
6
1.0
00.0
00.0
06.0
01.0
03.0
06.0
00.0
06.0
09.0
00.0
00.0
00.0
02.0
00.0
00.0
00.1
00.0
00.1
60.1
0
Att
acker
models
WP
3.3
110
110
1.0
00.0
00.0
00.0
01.0
03.5
02.5
00.0
05.0
06.0
01.9
10.0
00.0
02.0
01.9
10.2
00.0
00.0
00.1
60.2
0
Com
positio
nal re
asonin
g for
serv
ices …
WP
3.4
634
6
1.0
02.0
00.0
02.0
03.0
00.0
00.0
00.0
03.0
00.0
00.0
01.1
70.0
02.0
01.1
70.0
00.0
00.0
00.1
60.0
0
Abstr
action t
echniq
ues…
WP
3.5
934
9
0.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
02.0
00.0
00.2
71.1
50.0
06.0
01.4
20.0
00.0
00.0
00.0
00.0
0
Th
e A
VA
NT
SS
AR
Valid
ati
on
Pla
tfo
rmW
P 4
136
136
0.0
01.1
50.0
012.0
01.1
53.0
015.0
00.0
024.0
018.0
00.0
03.3
60.0
08.0
03.3
60.0
00.4
00.0
02.0
00.4
0
The T
S O
rchestr
ato
rW
P 4
.16
30
6
0.0
00.5
80.0
010.0
00.5
80.0
00.0
00.0
04.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
00.4
00.0
00.7
50.4
0
The T
S V
alid
ato
rW
P 4
.26
30
6
0.0
00.5
70.0
00.0
00.5
73.0
03.0
00.0
010.0
06.0
00.0
03.3
60.0
06.0
03.3
60.0
00.0
00.0
01.0
00.0
0
Pla
tform
inte
gra
tion
WP
4.3
630
6
0.0
00.0
00.0
02.0
00.0
00.0
012.0
00.0
010.0
012.0
00.0
00.0
00.0
02.0
00.0
00.0
00.0
00.0
00.2
50.0
0
Pro
of
of
co
ncep
tW
P 5
136
136
1.5
00.4
00.0
02.0
01.9
04.0
00.0
00.0
05.0
04.0
03.5
51.2
00.0
06.0
04.7
52.1
00.2
00.0
07.0
02.3
0
Definitio
n o
f th
e r
ele
vant
pro
ble
m c
ases
WP
5.1
16
16
0.5
00.0
00.0
00.0
00.5
00.0
00.0
00.0
00.0
00.0
03.3
30.0
00.0
01.0
03.3
32.1
00.0
00.0
01.0
02.1
0
Form
alis
ation o
f th
e p
roble
m c
ases
WP
5.2
330
3
1.0
00.4
00.0
01.0
01.4
03.0
00.0
00.0
02.0
03.0
00.2
21.2
00.0
02.0
01.4
20.0
00.2
00.0
03.0
00.2
0
Valid
ation o
f th
e p
roble
m c
ases
WP
5.3
936
9
0.0
00.0
00.0
01.0
00.0
01.0
00.0
00.0
02.0
01.0
00.0
00.0
00.0
02.0
00.0
00.0
00.0
00.0
02.0
00.0
0
Assessm
ent
WP
5.4
936
9
0.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
01.0
00.0
00.0
00.0
00.0
01.0
00.0
00.0
00.0
00.0
01.0
00.0
0
Dis
sem
inati
on
an
d in
du
str
y m
igra
tio
nW
P 6
136
136
0.0
00.3
70.0
05.0
00.3
70.5
01.0
00.0
05.0
01.5
01.4
72.2
80.0
05.0
03.7
54.4
00.4
00.0
017.0
04.8
0
Dis
sem
ination
WP
6.1
136
1
0.0
00.3
70.0
04.0
00.3
70.5
01.0
00.0
02.0
01.5
00.7
12.2
80.0
04.0
02.9
90.0
00.0
00.0
00.0
00.0
0
Mig
ration t
o industr
ial develo
pm
ent
env
WP
6.2
136
1
0.0
00.0
00.0
01.0
00.0
00.0
00.0
00.0
02.0
00.0
00.7
60.0
00.0
01.0
00.7
64.4
00.4
00.0
017.0
04.8
0
Mig
ration t
o s
tandard
isation b
odie
sW
P 6
.325
36
4
0.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
01.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
0
17.3
122.7
00.0
052.0
040.0
116.5
037.5
00.0
060.0
054.0
011.4
611.9
30.0
040.0
023.3
97.5
02.0
00.0
031.0
09.5
0
UG
DIS
TIB
MO
pen
Tru
st
UP
S I
RIT
Pla
nn
ed
Date
Actu
al
Date
To
tal
To
tal
To
tal
To
tal
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 84/165
Table7:
Totalr
esou
rces
forPe
riodP2
(fulltable,
part
3/3)
P1
P2
P3
P1
P2
P3
P1
P2
P3
P1
P2
P3
WP
/Task
Sta
rtE
nd
Sta
rtE
nd
Act
Act
Act
Est
Act
Act
Act
Act
Est
Act
Act
Act
Act
Est
Act
Act
Act
Act
Est
Act
Pro
ject
Man
ag
em
en
tW
P 1
136
136
0.3
00.4
00.0
01.0
00.7
00.0
70.0
90.0
01.0
00.1
60.3
00.3
00.0
01.0
00.6
05.4
87.1
30.0
022.2
012.6
1
Pro
ject
Coord
ination
WP
1.1
136
1
0.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
00.9
42.1
30.0
05.2
53.0
7
Pro
ject
Meetings
WP
1.2
136
1
0.2
00.2
00.0
00.7
00.4
00.0
70.0
90.0
00.5
00.1
60.2
00.2
00.0
00.7
00.4
03.0
02.1
10.0
09.5
05.1
1
Pro
ject
Adm
inis
tration
WP
1.3
136
1
0.1
00.2
00.0
00.3
00.3
00.0
00.0
00.0
00.5
00.0
00.1
00.1
00.0
00.3
00.2
01.5
42.8
90.0
07.4
54.4
3
Mo
delin
g t
rust
an
d s
ecu
rity
asp
ects
…W
P 2
130
130
1.5
02.0
00.0
09.0
03.5
06.1
42.2
10.0
016.0
08.3
56.1
06.5
00.0
012.0
012.6
038.7
252.2
50.0
099.0
090.9
7
Initia
l vers
ion o
f A
SLan…
WP
2.1
19
19
1.5
00.0
00.0
03.0
01.5
06.1
40.0
00.0
06.0
06.1
44.1
04.5
00.0
06.0
08.6
035.5
76.2
20.0
037.5
041.7
9
Ext
ended v
ers
ion o
f A
SLan…
WP
2.2
10
18
10
0.0
02.0
00.0
03.0
02.0
00.0
02.2
10.0
05.0
02.2
12.0
02.0
00.0
04.0
04.0
03.1
545.3
30.0
032.7
548.4
8
Fin
al vers
ion o
f A
SLan…
WP
2.3
19
30
0.0
00.0
00.0
03.0
00.0
00.0
00.0
00.0
05.0
00.0
00.0
00.0
00.0
02.0
00.0
00.0
00.7
00.0
028.7
50.7
0
Au
tom
ate
d r
easo
nin
g t
ech
niq
ues
WP
31
36
1
4.1
06.5
00.0
015.0
010.6
04.0
20.3
90.0
08.0
04.4
10.0
01.7
00.0
03.0
01.7
047.9
460.9
50.0
0153.8
0108.8
9
Satisfiabili
ty o
f A
SLan p
olic
ies
WP
3.1
130
1
0.0
00.0
00.0
04.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
01.5
00.0
010.0
817.6
60.0
045.8
227.7
4
Model checkin
g o
f A
SLan s
erv
ices…
WP
3.2
632
6
1.0
00.0
00.0
03.0
01.0
00.0
00.3
00.0
03.0
00.3
00.0
01.0
00.0
00.5
01.0
06.7
917.7
20.0
033.6
624.5
1
Att
acker
models
WP
3.3
110
110
3.1
06.5
00.0
03.0
09.6
04.0
20.0
90.0
04.0
04.1
10.0
00.7
00.0
00.5
00.7
027.9
414.9
10.0
035.6
642.8
5
Com
positio
nal re
asonin
g for
serv
ices …
WP
3.4
634
6
0.0
00.0
00.0
05.0
00.0
00.0
00.0
00.0
00.5
00.0
00.0
00.0
00.0
00.0
00.0
02.7
28.7
30.0
026.6
611.4
5
Abstr
action t
echniq
ues…
WP
3.5
934
9
0.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
00.5
00.0
00.0
00.0
00.0
00.5
00.0
00.4
11.9
30.0
012.0
02.3
4
Th
e A
VA
NT
SS
AR
Valid
ati
on
Pla
tfo
rmW
P 4
136
136
0.0
02.0
00.0
06.0
02.0
00.5
03.9
60.0
012.0
04.4
60.3
00.0
00.0
01.0
00.3
010.9
942.0
40.0
0109.0
053.0
3
The T
S O
rchestr
ato
rW
P 4
.16
30
6
0.0
00.0
00.0
02.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
00.0
07.1
98.6
00.0
034.7
515.7
9
The T
S V
alid
ato
rW
P 4
.26
30
6
0.0
02.0
00.0
04.0
02.0
00.5
02.0
00.0
06.0
02.5
00.0
00.0
00.0
00.5
00.0
03.5
015.3
60.0
052.5
018.8
6
Pla
tform
inte
gra
tion
WP
4.3
630
6
0.0
00.0
00.0
00.0
00.0
00.0
01.9
60.0
06.0
01.9
60.3
00.0
00.0
00.5
00.3
00.3
018.0
80.0
021.7
518.3
8
Pro
of
of
co
ncep
tW
P 5
136
136
1.5
01.1
00.0
08.0
02.4
011.5
09.1
80.0
030.0
017.6
88.4
014.8
00.0
028.0
022.2
045.8
941.9
00.0
0104.0
087.7
9
Definitio
n o
f th
e r
ele
vant
pro
ble
m c
ases
WP
5.1
16
16
1.0
00.0
00.0
01.0
01.0
06.0
00.0
00.0
06.0
06.0
07.5
00.0
00.0
07.5
07.5
027.8
40.5
50.0
019.5
028.3
9
Form
alis
ation o
f th
e p
roble
m c
ases
WP
5.2
330
3
0.5
00.3
00.0
03.0
00.8
05.5
04.1
80.0
013.0
09.6
80.9
09.8
00.0
015.5
010.7
016.0
525.8
40.0
046.5
041.8
9
Valid
ation o
f th
e p
roble
m c
ases
WP
5.3
936
9
0.0
00.6
00.0
03.0
00.6
00.0
02.0
00.0
04.0
02.0
00.0
04.0
00.0
03.0
04.0
02.0
09.8
50.0
023.0
011.8
5
Assessm
ent
WP
5.4
936
9
0.0
00.2
00.0
01.0
00.2
00.0
03.0
00.0
07.0
03.0
00.0
01.0
00.0
02.0
01.0
00.0
05.6
60.0
015.0
05.6
6
Dis
sem
inati
on
an
d in
du
str
y m
igra
tio
nW
P 6
136
136
0.6
01.0
00.0
04.0
01.6
09.2
910.9
30.0
036.0
020.2
20.8
00.9
00.0
012.0
01.7
018.8
122.4
30.0
0102.0
041.2
4
Dis
sem
ination
WP
6.1
136
1
0.0
01.0
00.0
03.0
01.0
01.2
91.0
00.0
04.0
02.2
90.5
00.6
00.0
07.0
01.1
04.7
511.4
80.0
037.0
016.2
3
Mig
ration t
o industr
ial develo
pm
ent
env
WP
6.2
136
1
0.6
00.0
00.0
01.0
00.6
08.0
07.9
30.0
032.0
015.9
30.0
00.3
00.0
00.0
00.3
013.7
68.9
50.0
057.0
022.7
1
Mig
ration t
o s
tandard
isation b
odie
sW
P 6
.325
36
4
0.0
00.0
00.0
00.0
00.0
00.0
02.0
00.0
00.0
02.0
00.3
00.0
00.0
05.0
00.3
00.3
02.0
00.0
08.0
02.3
0
8.0
013.0
00.0
043.0
020.8
031.5
226.7
60.0
0103.0
055.2
815.9
024.2
00.0
057.0
039.1
0167.8
4226.7
00.0
0590.0
0394.5
4
IEA
TS
AP
SIE
ME
NS
AV
AN
TS
SA
R
Pla
nn
ed
Date
Actu
al
Date
To
tal
To
tal
To
tal
To
tal
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 85/165
Table 8: Resources for Period P2: UNIVR
Estimated
Effort
Cumulative
Effort
Remaining
EffortWP Whole Project Start End Start End Period P1 Period P2 Period P3 Since start
Project Management WP 1 13.00 1 36 1 2.76 4.54 0.00 7.30 5.70
Project Coordination WP 1.1 5.00 1 36 1 0.94 2.12 0.00 3.06
Project Meetings WP 1.2 4.00 1 36 1 1.18 0.62 0.00 1.80
Project Administration WP 1.3 4.00 1 36 1 0.64 1.80 0.00 2.44
Modeling trust and security aspects… WP 2 15.00 1 30 1 1.85 9.42 0.00 11.27 3.73
Initial version of ASLan… WP 2.1 5.00 1 9 1 9 1.70 0.00 0.00 1.70
Extended version of ASLan… WP 2.2 5.00 10 18 10 18 0.15 8.72 0.00 8.87
Final version of ASLan… WP 2.3 5.00 19 30 19 0.00 0.70 0.00 0.70
Automated reasoning techniques WP 3 20.00 1 36 1 6.46 10.01 0.00 16.47 3.53
Satisfiability of ASLan policies WP 3.1 8.00 1 30 1 0.60 2.23 0.00 2.83
Model checking of ASLan services… WP 3.2 3.00 6 32 6 0.79 1.32 0.00 2.11
Attacker models WP 3.3 3.00 1 10 1 10 3.71 3.12 0.00 6.83
Compositional reasoning for services … WP 3.4 3.00 6 34 6 1.22 2.56 0.00 3.78
Abstraction techniques… WP 3.5 3.00 9 34 9 0.14 0.78 0.00 0.92
The AVANTSSAR Validation Platform WP 4 12.00 1 36 1 0.19 6.17 0.00 6.36 5.64
The TS Orchestrator WP 4.1 5.00 6 30 6 0.19 0.62 0.00 0.81
The TS Validator WP 4.2 7.00 6 30 6 0.00 2.43 0.00 2.43
Platform integration WP 4.3 0.00 6 30 6 0.00 3.12 0.00 3.12
Proof of concept WP 5 5.00 1 36 1 7.64 8.32 0.00 15.96 -10.96
Definition of the relevant problem cases WP 5.1 1.00 1 6 1 6 6.41 0.55 0.00 6.96
Formalisation of the problem cases WP 5.2 2.00 3 30 3 1.23 4.76 0.00 5.99
Validation of the problem cases WP 5.3 1.00 9 36 9 0.00 1.55 0.00 1.55
Assessment WP 5.4 1.00 9 36 9 0.00 1.46 0.00 1.46
Dissemination and industry migration WP 6 8.00 1 36 1 1.75 3.28 0.00 5.03 2.97
Dissemination WP 6.1 6.00 1 36 1 1.75 2.96 0.00 4.71
Migration to industrial development env WP 6.2 1.00 1 36 1 0.00 0.32 0.00 0.32
Migration to standardisation bodies WP 6.3 1.00 25 36 0.00 0.00 0.00 0.00
73.00 20.65 41.74 0.00 62.39 10.61
One person-month is 140 person-hours
PROGRESS OVERVIEW SHEET (Periods P1 and P2)
Beneficiary 1: UNIVR
Planned DateActual
DateActual Effort
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 86/165
Table 9: Resources for Period P2: ETH Zurich
Estimated
Effort
Cumulative
Effort
Remaining
Effort
WP Whole Project Start End Start End Period P1 Period P2 Period P3 Since start
Project Management WP 1 1.00 1 36 1 0.30 0.30 0.00 0.60 0.40
Project Coordination WP 1.1 0.00 1 36 1 0.00 0.00 0.00 0.00
Project Meetings WP 1.2 0.70 1 36 1 0.20 0.20 0.00 0.40
Project Administration WP 1.3 0.30 1 36 1 0.10 0.10 0.00 0.20
Modeling trust and security aspects… WP 2 20.00 1 30 1 10.00 10.00 0.00 20.00 0.00
Initial version of ASLan… WP 2.1 7.00 1 9 1 9 9.00 1.00 0.00 10.00
Extended version of ASLan… WP 2.2 7.00 10 18 10 18 1.00 9.00 0.00 10.00
Final version of ASLan… WP 2.3 6.00 19 30 19 0.00 0.00 0.00 0.00
Automated reasoning techniques WP 3 26.00 1 36 1 4.00 8.00 0.00 12.00 14.00
Satisfiability of ASLan policies WP 3.1 2.00 1 30 1 0.00 0.00 0.00 0.00
Model checking of ASLan services… WP 3.2 7.00 6 32 6 1.00 3.00 0.00 4.00
Attacker models WP 3.3 8.00 1 10 1 10 2.50 2.00 0.00 4.50
Compositional reasoning for services … WP 3.4 9.00 6 34 6 0.50 3.00 0.00 3.50
Abstraction techniques… WP 3.5 0.00 9 34 9 0.00 0.00 0.00 0.00
The AVANTSSAR Validation Platform WP 4 13.00 1 36 1 0.00 3.00 0.00 3.00 10.00
The TS Orchestrator WP 4.1 2.00 6 30 6 0.00 1.00 0.00 1.00
The TS Validator WP 4.2 10.00 6 30 6 0.00 2.00 0.00 2.00
Platform integration WP 4.3 1.00 6 30 6 0.00 0.00 0.00 0.00
Proof of concept WP 5 7.00 1 36 1 3.70 4.70 0.00 8.40 -1.40
Definition of the relevant problem cases WP 5.1 2.00 1 6 1 6 1.00 0.00 0.00 1.00
Formalisation of the problem cases WP 5.2 2.00 3 30 3 2.70 4.00 0.00 6.70
Validation of the problem cases WP 5.3 2.00 9 36 9 0.00 0.70 0.00 0.70
Assessment WP 5.4 1.00 9 36 9 0.00 0.00 0.00 0.00
Dissemination and industry migration WP 6 5.00 1 36 1 0.00 0.00 0.00 0.00 5.00
Dissemination WP 6.1 3.00 1 36 1 0.00 0.00 0.00 0.00
Migration to industrial development env WP 6.2 1.00 1 36 1 0.00 0.00 0.00 0.00
Migration to standardisation bodies WP 6.3 1.00 25 36 0.00 0.00 0.00 0.00
72.00 18.00 26.00 0.00 44.00 28.00
One person-month is 150 person-hours
PROGRESS OVERVIEW SHEET (Periods P1 and P2)
Beneficiary 2: ETH Zurich
Planned DateActual
DateActual Effort
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 87/165
Table 10: Resources for Period P2: INRIA
Estimated
Effort
Cumulative
Effort
Remaining
Effort
WP Whole Project Start End Start End Period P1 Period P2 Period P3 Since start
Project Management WP 1 1.00 1 36 1 0.30 0.30 0.00 0.60 0.40
Project Coordination WP 1.1 0.00 1 36 1 0.00 0.00 0.00 0.00
Project Meetings WP 1.2 0.70 1 36 1 0.20 0.20 0.00 0.40
Project Administration WP 1.3 0.30 1 36 1 0.10 0.10 0.00 0.20
Modeling trust and security aspects… WP 2 5.00 1 30 1 2.00 2.00 0.00 4.00 1.00
Initial version of ASLan… WP 2.1 1.00 1 9 1 9 2.00 0.00 0.00 2.00
Extended version of ASLan… WP 2.2 2.00 10 18 10 18 0.00 2.00 0.00 2.00
Final version of ASLan… WP 2.3 2.00 19 30 19 0.00 0.00 0.00 0.00
Automated reasoning techniques WP 3 23.00 1 36 1 9.70 6.30 0.00 16.00 7.00
Satisfiability of ASLan policies WP 3.1 8.00 1 30 1 1.70 1.30 0.00 3.00
Model checking of ASLan services… WP 3.2 3.00 6 32 6 0.00 6.00 0.00 6.00
Attacker models WP 3.3 10.00 1 10 1 10 8.00 0.00 0.00 8.00
Compositional reasoning for services … WP 3.4 2.00 6 34 6 0.00 0.00 0.00 0.00
Abstraction techniques… WP 3.5 0.00 9 34 9 0.00 0.00 0.00 0.00
The AVANTSSAR Validation Platform WP 4 19.00 1 36 1 7.00 7.00 0.00 14.00 5.00
The TS Orchestrator WP 4.1 11.00 6 30 6 7.00 6.00 0.00 13.00
The TS Validator WP 4.2 8.00 6 30 6 0.00 0.00 0.00 0.00
Platform integration WP 4.3 0.00 6 30 6 0.00 1.00 0.00 1.00
Proof of concept WP 5 6.00 1 36 1 2.00 2.00 0.00 4.00 2.00
Definition of the relevant problem cases WP 5.1 0.00 1 6 1 6 0.00 0.00 0.00 0.00
Formalisation of the problem cases WP 5.2 3.00 3 30 3 1.00 1.00 0.00 2.00
Validation of the problem cases WP 5.3 3.00 9 36 9 1.00 1.00 0.00 2.00
Assessment WP 5.4 0.00 9 36 9 0.00 0.00 0.00 0.00
Dissemination and industry migration WP 6 5.00 1 36 1 0.00 2.27 0.00 2.27 2.73
Dissemination WP 6.1 4.00 1 36 1 0.00 2.27 0.00 2.27
Migration to industrial development env WP 6.2 1.00 1 36 1 0.00 0.00 0.00 0.00
Migration to standardisation bodies WP 6.3 0.00 25 36 0.00 0.00 0.00 0.00
59.00 21.00 19.87 0.00 40.87 18.13
One person-month is 133,92 person-hours
PROGRESS OVERVIEW SHEET (Periods P1 and P2)
Beneficiary 3: INRIA
Planned DateActual
DateActual Effort
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 88/165
Table 11: Resources for Period P2: UPS-IRIT
Estimated
Effort
Cumulative
Effort
Remaining
Effort
WP Whole Project Start End Start End Period P1 Period P2 Period P3 Since start
Project Management WP 1 1.00 1 36 1 0.25 0.25 0.00 0.50 0.50
Project Coordination WP 1.1 0.00 1 36 1 0.00 0.00 0.00 0.00
Project Meetings WP 1.2 0.70 1 36 1 0.25 0.25 0.00 0.50
Project Administration WP 1.3 0.30 1 36 1 0.00 0.00 0.00 0.00
Modeling trust and security aspects… WP 2 8.00 1 30 1 4.78 4.40 0.00 9.18 -1.18
Initial version of ASLan… WP 2.1 4.00 1 9 1 9 4.78 0.00 0.00 4.78
Extended version of ASLan… WP 2.2 2.00 10 18 10 18 0.00 4.40 0.00 4.40
Final version of ASLan… WP 2.3 2.00 19 30 19 0.00 0.00 0.00 0.00
Automated reasoning techniques WP 3 24.00 1 36 1 10.78 16.13 0.00 26.91 -2.91
Satisfiability of ASLan policies WP 3.1 16.00 1 30 1 7.78 14.13 0.00 21.91
Model checking of ASLan services… WP 3.2 6.00 6 32 6 1.00 0.00 0.00 1.00
Attacker models WP 3.3 0.00 1 10 1 10 1.00 0.00 0.00 1.00
Compositional reasoning for services … WP 3.4 2.00 6 34 6 1.00 2.00 0.00 3.00
Abstraction techniques… WP 3.5 0.00 9 34 9 0.00 0.00 0.00 0.00
The AVANTSSAR Validation Platform WP 4 12.00 1 36 1 0.00 1.15 0.00 1.15 10.85
The TS Orchestrator WP 4.1 10.00 6 30 6 0.00 0.58 0.00 0.58
The TS Validator WP 4.2 0.00 6 30 6 0.00 0.57 0.00 0.57
Platform integration WP 4.3 2.00 6 30 6 0.00 0.00 0.00 0.00
Proof of concept WP 5 2.00 1 36 1 1.50 0.40 0.00 1.90 0.10
Definition of the relevant problem cases WP 5.1 0.00 1 6 1 6 0.50 0.00 0.00 0.50
Formalisation of the problem cases WP 5.2 1.00 3 30 3 1.00 0.40 0.00 1.40
Validation of the problem cases WP 5.3 1.00 9 36 9 0.00 0.00 0.00 0.00
Assessment WP 5.4 0.00 9 36 9 0.00 0.00 0.00 0.00
Dissemination and industry migration WP 6 5.00 1 36 1 0.00 0.37 0.00 0.37 4.63
Dissemination WP 6.1 4.00 1 36 1 0.00 0.37 0.00 0.37
Migration to industrial development env WP 6.2 1.00 1 36 1 0.00 0.00 0.00 0.00
Migration to standardisation bodies WP 6.3 0.00 25 36 0.00 0.00 0.00 0.00
52.00 17.31 22.70 0.00 40.01 11.99
One person-month is 152 person-hours
PROGRESS OVERVIEW SHEET (Periods P1 and P2)
Beneficiary 4: UPS-IRIT
Planned DateActual
DateActual Effort
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 89/165
Table 12: Resources for Period P2: UGDIST
Estimated
Effort
Cumulative
Effort
Remaining
Effort
WP Whole Project Start End Start End Period P1 Period P2 Period P3 Since start
Project Management WP 1 1.00 1 36 1 0.50 0.50 0.00 1.00 0.00
Project Coordination WP 1.1 0.00 1 36 1 0.00 0.00 0.00 0.00
Project Meetings WP 1.2 0.30 1 36 1 0.00 0.00 0.00 0.00
Project Administration WP 1.3 0.70 1 36 1 0.50 0.00 0.00 0.50
Modeling trust and security aspects… WP 2 5.00 1 30 1 2.00 13.00 0.00 15.00 -10.00
Initial version of ASLan… WP 2.1 2.00 1 9 1 9 2.00 0.00 0.00 2.00
Extended version of ASLan… WP 2.2 2.00 10 18 10 18 0.00 13.00 0.00 13.00
Final version of ASLan… WP 2.3 1.00 19 30 19 0.00 0.00 0.00 0.00
Automated reasoning techniques WP 3 20.00 1 36 1 6.50 8.50 0.00 15.00 5.00
Satisfiability of ASLan policies WP 3.1 4.00 1 30 1 0.00 0.00 0.00 0.00
Model checking of ASLan services… WP 3.2 6.00 6 32 6 3.00 6.00 0.00 9.00
Attacker models WP 3.3 5.00 1 10 1 10 3.50 2.50 0.00 6.00
Compositional reasoning for services … WP 3.4 3.00 6 34 6 0.00 0.00 0.00 0.00
Abstraction techniques… WP 3.5 2.00 9 34 9 0.00 0.00 0.00 0.00
The AVANTSSAR Validation Platform WP 4 24.00 1 36 1 3.00 15.00 0.00 18.00 6.00
The TS Orchestrator WP 4.1 4.00 6 30 6 0.00 0.00 0.00 0.00
The TS Validator WP 4.2 10.00 6 30 6 3.00 3.00 0.00 6.00
Platform integration WP 4.3 10.00 6 30 6 0.00 12.00 0.00 12.00
Proof of concept WP 5 5.00 1 36 1 4.00 0.00 0.00 4.00 1.00
Definition of the relevant problem cases WP 5.1 0.00 1 6 1 6 0.00 0.00 0.00 0.00
Formalisation of the problem cases WP 5.2 2.00 3 30 3 3.00 0.00 0.00 3.00
Validation of the problem cases WP 5.3 2.00 9 36 9 1.00 0.00 0.00 1.00
Assessment WP 5.4 1.00 9 36 9 0.00 0.00 0.00 0.00
Dissemination and industry migration WP 6 5.00 1 36 1 0.50 1.00 0.00 1.50 3.50
Dissemination WP 6.1 2.00 1 36 1 0.50 1.00 0.00 1.50
Migration to industrial development env WP 6.2 2.00 1 36 1 0.00 0.00 0.00 0.00
Migration to standardisation bodies WP 6.3 1.00 25 36 0.00 0.00 0.00 0.00
60.00 16.50 38.00 0.00 54.50 5.50
One person-month is 141.3 person-hours
PROGRESS OVERVIEW SHEET (Periods P1 and P2)
Beneficiary 5: UGDIST
Planned DateActual
DateActual Effort
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 90/165
Table 13: Resources for Period P2: IBM
Estimated
Effort
Cumulative
Effort
Remaining
Effort
WP Whole Project Start End Start End Period P1 Period P2 Period P3 Since start
Project Management WP 1 1.00 - - 1 0.30 0.65 0.00 0.95 0.05
Project Coordination WP 1.1 0.25 1 36 1 0.00 0.01 0.00 0.01
Project Meetings WP 1.2 0.50 1 36 1 0.30 0.25 0.00 0.55
Project Administration WP 1.3 0.25 1 36 1 0.00 0.39 0.00 0.39
Modeling trust and security aspects… WP 2 6.00 - - 1 3.95 2.12 0.00 6.07 -0.07
Initial version of ASLan… WP 2.1 2.00 1 9 1 9 3.95 0.72 0.00 4.67
Extended version of ASLan… WP 2.2 2.00 10 18 10 18 0.00 1.40 0.00 1.40
Final version of ASLan… WP 2.3 2.00 19 30 19 0.00 0.00 0.00 0.00
Automated reasoning techniques WP 3 14.00 - - 1 2.18 2.32 0.00 4.50 9.50
Satisfiability of ASLan policies WP 3.1 2.00 1 30 1 0.00 0.00 0.00 0.00
Model checking of ASLan services… WP 3.2 2.00 6 32 6 0.00 0.00 0.00 0.00
Attacker models WP 3.3 2.00 1 10 1 10 1.91 0.00 0.00 1.91
Compositional reasoning for services … WP 3.4 2.00 6 34 6 0.00 1.17 0.00 1.17
Abstraction techniques… WP 3.5 6.00 9 34 9 0.27 1.15 0.00 1.42
The AVANTSSAR Validation Platform WP 4 8.00 - - 1 0.00 3.36 0.00 3.36 4.64
The TS Orchestrator WP 4.1 0.00 6 30 6 0.00 0.00 0.00 0.00
The TS Validator WP 4.2 6.00 6 30 6 0.00 3.36 0.00 3.36
Platform integration WP 4.3 2.00 6 30 6 0.00 0.00 0.00 0.00
Proof of concept WP 5 6.00 1 36 1 3.55 1.20 0.00 4.75 1.25
Definition of the relevant problem cases WP 5.1 1.00 1 6 1 6 3.33 0.00 0.00 3.33
Formalisation of the problem cases WP 5.2 2.00 3 30 3 0.22 1.20 0.00 1.42
Validation of the problem cases WP 5.3 2.00 9 36 9 0.00 0.00 0.00 0.00
Assessment WP 5.4 1.00 9 36 9 0.00 0.00 0.00 0.00
Dissemination and industry migration WP 6 5.00 1 36 1 1.47 2.28 0.00 3.75 1.25
Dissemination WP 6.1 4.00 1 36 1 0.71 2.28 0.00 2.99
Migration to industrial development env WP 6.2 1.00 1 36 1 0.76 0.00 0.00 0.76
Migration to standardisation bodies WP 6.3 0.00 25 36 0.00 0.00 0.00 0.00
40.00 11.46 11.93 0.00 23.39 16.61
One person-month is 146.66 person-hours
PROGRESS OVERVIEW SHEET (Periods P1 and P2)
Beneficiary 6: IBM
Planned DateActual
DateActual Effort
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 91/165
Table 14: Resources for Period P2: OpenTrust
Estimated
Effort
Cumulative
Effort
Remaining
Effort
WP Whole Project Start End Start End Period P1 Period P2 Period P3 Since start
Project Management WP 1 1.20 1 36 1 0.40 0.30 0.00 0.70 0.50
Project Coordination WP 1.1 0.00 1 36 1 0.00 0.00 0.00 0.00
Project Meetings WP 1.2 0.70 1 36 1 0.40 0.10 0.00 0.50
Project Administration WP 1.3 0.50 1 36 1 0.00 0.20 0.00 0.20
Modeling trust and security aspects… WP 2 3.00 1 30 1 0.40 0.60 0.00 1.00 2.00
Initial version of ASLan… WP 2.1 1.50 1 9 1 9 0.40 0.00 0.00 0.40
Extended version of ASLan… WP 2.2 0.75 10 18 10 18 0.00 0.60 0.00 0.60
Final version of ASLan… WP 2.3 0.75 19 30 19 0.00 0.00 0.00 0.00
Automated reasoning techniques WP 3 0.80 1 36 1 0.20 0.10 0.00 0.30 0.50
Satisfiability of ASLan policies WP 3.1 0.32 1 30 1 0.00 0.00 0.00 0.00
Model checking of ASLan services… WP 3.2 0.16 6 32 6 0.00 0.10 0.00 0.10
Attacker models WP 3.3 0.16 1 10 1 10 0.20 0.00 0.00 0.20
Compositional reasoning for services … WP 3.4 0.16 6 34 6 0.00 0.00 0.00 0.00
Abstraction techniques… WP 3.5 0.00 9 34 9 0.00 0.00 0.00 0.00
The AVANTSSAR Validation Platform WP 4 2.00 1 36 1 0.00 0.40 0.00 0.40 1.60
The TS Orchestrator WP 4.1 0.75 6 30 6 0.00 0.40 0.00 0.40
The TS Validator WP 4.2 1.00 6 30 6 0.00 0.00 0.00 0.00
Platform integration WP 4.3 0.25 6 30 6 0.00 0.00 0.00 0.00
Proof of concept WP 5 7.00 1 36 1 2.10 0.20 0.00 2.30 4.70
Definition of the relevant problem cases WP 5.1 1.00 1 6 1 6 2.10 0.00 0.00 2.10
Formalisation of the problem cases WP 5.2 3.00 3 30 3 0.00 0.20 0.00 0.20
Validation of the problem cases WP 5.3 2.00 9 36 9 0.00 0.00 0.00 0.00
Assessment WP 5.4 1.00 9 36 9 0.00 0.00 0.00 0.00
Dissemination and industry migration WP 6 17.00 1 36 1 4.40 0.40 0.00 4.80 12.20
Dissemination WP 6.1 0.00 1 36 1 0.00 0.00 0.00 0.00
Migration to industrial development env WP 6.2 17.00 1 36 1 4.40 0.40 0.00 4.80
Migration to standardisation bodies WP 6.3 0.00 25 36 0.00 0.00 0.00 0.00
31.00 7.50 2.00 0.00 9.50 21.50
One person-month is 146,66 person-hours
PROGRESS OVERVIEW SHEET (Periods P1 and P2)
Beneficiary 7: OpenTrust
Planned DateActual
DateActual Effort
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 92/165
Table 15: Resources for Period P2: IEAT
Estimated
Effort
Cumulative
Effort
Remaining
Effort
WP Whole Project Start End Start End Period P1 Period P2 Period P3 Since start
Project Management WP 1 1.00 1 36 1 0.30 0.40 0.00 0.70 0.30
Project Coordination WP 1.1 0.00 1 36 1 0.00 0.00 0.00 0.00
Project Meetings WP 1.2 0.70 1 36 1 0.20 0.20 0.00 0.40
Project Administration WP 1.3 0.30 1 36 1 0.10 0.20 0.00 0.30
Modeling trust and security aspects… WP 2 9.00 1 30 1 1.50 2.00 0.00 3.50 5.50
Initial version of ASLan… WP 2.1 3.00 1 9 1 9 1.50 0.00 0.00 1.50
Extended version of ASLan… WP 2.2 3.00 10 18 10 18 0.00 2.00 0.00 2.00
Final version of ASLan… WP 2.3 3.00 19 30 19 0.00 0.00 0.00 0.00
Automated reasoning techniques WP 3 15.00 1 36 1 4.10 6.50 0.00 10.60 4.40
Satisfiability of ASLan policies WP 3.1 4.00 1 30 1 0.00 0.00 0.00 0.00
Model checking of ASLan services… WP 3.2 3.00 6 32 6 1.00 0.00 0.00 1.00
Attacker models WP 3.3 3.00 1 10 1 10 3.10 6.50 0.00 9.60
Compositional reasoning for services … WP 3.4 5.00 6 34 6 0.00 0.00 0.00 0.00
Abstraction techniques… WP 3.5 0.00 9 34 9 0.00 0.00 0.00 0.00
The AVANTSSAR Validation Platform WP 4 6.00 1 36 1 0.00 2.00 0.00 2.00 4.00
The TS Orchestrator WP 4.1 2.00 6 30 6 0.00 0.00 0.00 0.00
The TS Validator WP 4.2 4.00 6 30 6 0.00 2.00 0.00 2.00
Platform integration WP 4.3 0.00 6 30 6 0.00 0.00 0.00 0.00
Proof of concept WP 5 8.00 1 36 1 1.50 1.10 0.00 2.60 5.40
Definition of the relevant problem cases WP 5.1 1.00 1 6 1 6 1.00 0.00 0.00 1.00
Formalisation of the problem cases WP 5.2 3.00 3 30 3 0.50 0.30 0.00 0.80
Validation of the problem cases WP 5.3 3.00 9 36 9 0.00 0.60 0.00 0.60
Assessment WP 5.4 1.00 9 36 9 0.00 0.20 0.00 0.20
Dissemination and industry migration WP 6 4.00 1 36 1 0.60 1.00 0.00 1.60 2.40
Dissemination WP 6.1 3.00 1 36 1 0.00 1.00 0.00 1.00
Migration to industrial development env WP 6.2 1.00 1 36 1 0.60 0.00 0.00 0.60
Migration to standardisation bodies WP 6.3 0.00 25 36 0.00 0.00 0.00 0.00
43.00 8.00 13.00 0.00 21.00 22.00
One person-month is 155 person-hours
PROGRESS OVERVIEW SHEET (Periods P1 and P2)
Beneficiary 8: IEAT
Planned DateActual
DateActual Effort
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 93/165
Table 16: Resources for Period P2: SAP
Estimated
Effort
Cumulative
Effort
Remaining
Effort
WP Whole Project Start End Start End Period P1 Period P2 Period P3 Since start
Project Management WP 1 1.00 1 36 1 0.07 0.09 0.00 0.16 0.84
Project Coordination WP 1.1 0.00 1 36 1 0.00 0.00 0.00 0.00
Project Meetings WP 1.2 0.50 1 36 1 0.07 0.09 0.00 0.16
Project Administration WP 1.3 0.50 1 36 1 0.00 0.00 0.00 0.00
Modeling trust and security aspects… WP 2 16.00 1 30 1 6.14 2.21 0.00 8.35 7.65
Initial version of ASLan… WP 2.1 6.00 1 9 1 9 6.14 0.00 0.00 6.14
Extended version of ASLan… WP 2.2 5.00 10 18 10 18 0.00 2.21 0.00 2.21
Final version of ASLan… WP 2.3 5.00 19 30 19 0.00 0.00 0.00 0.00
Automated reasoning techniques WP 3 8.00 1 36 1 4.02 0.39 0.00 4.41 3.59
Satisfiability of ASLan policies WP 3.1 0.00 1 30 1 0.00 0.00 0.00 0.00
Model checking of ASLan services… WP 3.2 3.00 6 32 6 0.00 0.30 0.00 0.30
Attacker models WP 3.3 4.00 1 10 1 10 4.02 0.09 0.00 4.11
Compositional reasoning for services … WP 3.4 0.50 6 34 6 0.00 0.00 0.00 0.00
Abstraction techniques… WP 3.5 0.50 9 34 9 0.00 0.00 0.00 0.00
The AVANTSSAR Validation Platform WP 4 12.00 1 36 1 0.50 3.96 0.00 4.46 7.54
The TS Orchestrator WP 4.1 0.00 6 30 6 0.00 0.00 0.00 0.00
The TS Validator WP 4.2 6.00 6 30 6 0.50 2.00 0.00 2.50
Platform integration WP 4.3 6.00 6 30 6 0.00 1.96 0.00 1.96
Proof of concept WP 5 30.00 1 36 1 11.50 9.18 0.00 20.68 9.32
Definition of the relevant problem cases WP 5.1 6.00 1 6 1 6 6.00 0.00 0.00 6.00
Formalisation of the problem cases WP 5.2 13.00 3 30 3 5.50 4.18 0.00 9.68
Validation of the problem cases WP 5.3 4.00 9 36 9 0.00 2.00 0.00 2.00
Assessment WP 5.4 7.00 9 36 9 0.00 3.00 0.00 3.00
Dissemination and industry migration WP 6 36.00 1 36 1 9.29 10.93 0.00 20.22 15.78
Dissemination WP 6.1 4.00 1 36 1 1.29 1.00 0.00 2.29
Migration to industrial development env WP 6.2 32.00 1 36 1 8.00 7.93 0.00 15.93
Migration to standardisation bodies WP 6.3 0.00 25 36 0.00 2.00 0.00 2.00
103.00 31.52 26.76 0.00 58.28 44.72
One person-month is 134,4 person-hours
PROGRESS OVERVIEW SHEET (Periods P1 and P2)
Beneficiary 9: SAP
Planned DateActual
DateActual Effort
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 94/165
Table 17: Resources for Period P2: SIEMENS
Estimated
Effort
Cumulative
Effort
Remaining
Effort
WP Whole Project Start End Start End Period P1 Period P2 Period P3 Since start
Project Management WP 1 1.00 1 36 1 0.30 0.30 0.00 0.60 0.40
Project Coordination WP 1.1 0.00 1 36 1 0.00 0.00 0.00 0.00
Project Meetings WP 1.2 0.70 1 36 1 0.20 0.20 0.00 0.40
Project Administration WP 1.3 0.30 1 36 1 0.10 0.10 0.00 0.20
Modeling trust and security aspects… WP 2 12.00 1 30 1 6.10 6.50 0.00 12.60 -0.60
Initial version of ASLan… WP 2.1 6.00 1 9 1 9 4.10 4.50 0.00 8.60
Extended version of ASLan… WP 2.2 4.00 10 18 10 18 2.00 2.00 0.00 4.00
Final version of ASLan… WP 2.3 2.00 19 30 19 0.00 0.00 0.00 0.00
Automated reasoning techniques WP 3 3.00 1 36 1 0.00 1.70 0.00 1.70 1.30
Satisfiability of ASLan policies WP 3.1 1.50 1 30 1 0.00 0.00 0.00 0.00
Model checking of ASLan services… WP 3.2 0.50 6 32 6 0.00 1.00 0.00 1.00
Attacker models WP 3.3 0.50 1 10 1 10 0.00 0.70 0.00 0.70
Compositional reasoning for services … WP 3.4 0.00 6 34 6 0.00 0.00 0.00 0.00
Abstraction techniques… WP 3.5 0.50 9 34 9 0.00 0.00 0.00 0.00
The AVANTSSAR Validation Platform WP 4 1.00 1 36 1 0.30 0.00 0.00 0.30 0.70
The TS Orchestrator WP 4.1 0.00 6 30 6 0.00 0.00 0.00 0.00
The TS Validator WP 4.2 0.50 6 30 6 0.00 0.00 0.00 0.00
Platform integration WP 4.3 0.50 6 30 6 0.30 0.00 0.00 0.30
Proof of concept WP 5 28.00 1 36 1 8.40 14.80 0.00 23.20 4.80
Definition of the relevant problem cases WP 5.1 7.50 1 6 1 6 7.50 0.00 0.00 7.50
Formalisation of the problem cases WP 5.2 15.50 3 30 3 0.90 9.80 0.00 10.70
Validation of the problem cases WP 5.3 3.00 9 36 9 0.00 4.00 0.00 4.00
Assessment WP 5.4 2.00 9 36 9 0.00 1.00 0.00 1.00
Dissemination and industry migration WP 6 12.00 1 36 1 0.80 0.90 0.00 1.70 10.30
Dissemination WP 6.1 7.00 1 36 1 0.50 0.60 0.00 1.10
Migration to industrial development env WP 6.2 0.00 1 36 1 0.00 0.30 0.00 0.30
Migration to standardisation bodies WP 6.3 5.00 25 36 4 0.30 0.00 0.00 0.30
57.00 15.90 24.20 0.00 40.10 16.90
One person-month is 136 person-hours
PROGRESS OVERVIEW SHEET (Periods P1 and P2)
Beneficiary 10: SIEMENS
Planned DateActual
DateActual Effort
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 95/165
6.2 Explanation of personnel costs, subcontracting andany major direct costs
The tables Table 18 – Table 43 provide explanations of personnel costs, sub-contracting (none) and any major direct costs for each beneficiary; the firstset of these tables is taken from the FORMs C, while the second set providesmore details on the direct costs.
Note that no personal cost was charged by Nancy 2 University for theAVANTSSAR project progress in 2009. A personal cost of € 24,638 wascharged by the CNRS to UPS-IRIT for the AVANTSSAR project, corre-sponding to Philippe Balbiani’s participation.
Note also that the SIEMENS travel costs are already included in the indi-rect costs, and according to the 50/50 funding scheme for industrial partners,only half of the amounts quoted below are (indirectly) funded by the EU.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 96/165
Table 18: Total costs for Period P2
FP7
- Gra
nt A
gree
men
t - A
nnex
VI -
Col
labo
rativ
e pr
ojec
t
120
10-0
4-18
22:
02
DR
AFT
Sum
mar
y Fi
nanc
ial r
epor
t - C
olla
bora
tive
proj
ect
Proj
ect a
cron
ymAV
ANTS
SAR
Proj
ect n
r21
6471
Rep
ortin
gpe
riod
from
01/0
1/20
09to
31/1
2/20
09Pa
ge1/
1
Fund
ing
sche
me
CP
Type
of a
ctiv
ityTo
tal
RTD
(A)
Dem
onst
ratio
n (B
)M
anag
emen
t (C
)O
ther
(D)
Tota
l (A+
B+C
+D)
Bene
f. nr
If 3r
dPa
rty,
linke
d to
bene
f.
Adju
stm
ent
(Yes
/No)
Org
anis
atio
nSh
ort N
ame
Tota
lM
ax E
CC
ontri
b.To
tal
Max
EC
Con
trib.
Tota
lM
ax E
CC
ontri
b.To
tal
Max
EC
Con
trib.
Tota
lM
ax E
CC
ontri
b.R
eq. E
CC
ontri
b.R
ecei
pts
Inte
rest
1N
oU
NIV
R155,766
116,824
00
32,728
32,728
00
188,494
149,552
149,552
00
1Ye
s (2
)U
NIV
R40
300
03,649
3,649
00
3,689
3,679
3,679
00
2N
oET
H Z
UR
ICH
195,068
146,301
00
00
00
195,068
146,301
146,301
0
3N
oIN
RIA
160,744
120,558
00
00
00
160,744
120,558
120,558
0
-999
3N
oU
NIV
ERSI
TE0
00
00
00
00
00
0
4N
oU
PS-IR
IT82,096
61,572
00
00
00
82,096
61,572
61,572
0
-998
4N
oC
NR
S34,760
26,070
00
2,816
2,816
1,844
1,844
39,420
30,730
30,730
0
5N
oU
GD
IST
158,408
118,806
00
00
00
158,408
118,806
118,806
0
6N
oIB
M R
ESEA
R136,989
68,494
00
7,515
7,515
00
144,504
76,009
76,009
0
7N
oO
PEN
TRU
ST39,386
29,539
00
00
00
39,386
29,539
29,539
0
8N
oIE
AT38,376
28,782
00
00
00
38,376
28,782
28,782
0
9N
oSA
P464,903
232,451
00
1,449
1,449
00
466,352
233,900
233,900
0
9Ye
s (1
)SA
P-15,805
-7,902
00
-34
-34
00
-15,839
-7,936
-7,936
0
10N
oSI
EMEN
S377,620
188,810
00
00
00
377,620
188,810
188,810
0
Tota
l1,828,351
1,130,335
00
48,123
48,123
1,844
1,844
1,878,318
1,180,302
1,180,302
0
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 97/165
Table 19: Costs for Period P2: UNIVR
FP7 - Grant Agreement - Annex VI - Collaborative project
2 2010-04-18 22:02
DRAFT
Form C - Financial Statement (to be filled in by each beneficiary)
Project Number 216471 Funding scheme Collaborative projectProject Acronym AVANTSSAR
Period from 01/01/2009 Is this an adjustment to a previous statement ? NoTo 31/12/2009
Legal Name UNIVERSITA DEGLI STUDI DI VERONA ParticipantIdentity Code 999838074
OrganisationShort Name UNIVR Beneficiary nr 1
Funding % for RTD activities (A) 75.0 If flat rate for indirect costs, specify % 60
1. Declaration of eligible costs/lump sum/flate-rate/scale of unit (in €)
Type of Activity
RTD (A) Demonstration (B) Management (C) Other (D) Total (A+B+C+D)
Personnel costs 87,492 0 16,680 0 104,172Subcontracting 0 0 0 0 0
Other direct costs 9,862 0 3,775 0 13,637Indirect costs 58,412 0 12,273 0 70,685
Total costs 155,766 0 32,728 0 188,494Maximum EU contribution 116,824 0 32,728 0 149,552Requested EU contribution 149,552
2. Declaration of receipts
Did you receive any financial transfers or contributions in kind, free of charge from third parties or did the projectgenerate any income which could be considered a receipt according to Art.II. 17 of the grant agreement ? No
If yes, please mention the amount (in €)
3. Declaration of interest yielded by the pre-financing (to be completed only by the coordinator)
Did the pre-financing you received generate any interest according to Art.II.19 ? NoIf yes, please mention the amount (in €)
4. Certificate on the methodology
Do you declare average personnel costs according to Art.II.14.1 ? NoIs there a certificate on the methodology provided by an independent auditor and accepted by the Commissionaccording to Art.II.4.4 ? No
Name of the auditor Cost of the certificate (in €),if charged under this project
5. Certificate on the financial statements
Is there a certificate on the financial statements provided by an independent auditor attached to this financialstatement according to Art.II.4.4 ? No
Name of the auditor Cost of the certificate (in €)
6. Beneficiary's declaration on its honour
We declare on our honour that:
- the costs declared above are directly related to the resources used to attain the objectives of the project and fall within the definition ofeligble costs specified in Articles II.14 and II.15 of the grant agreement, and, if relevant, Annex III and Article 7 (special clauses) of the grantagreement;- the receipts declared above are the only financial transfers or contributions in kind, free of charge, from third parties and the only incomegenerated by the project which could be considered as receipts according to Art.II.17 of the grant agreement;- the interest declared above is the only interest yielded by the pre-financing which falls whithin the definition of Art.II.19 of the grant agreement;- there is full supporting documentation to justify the information hereby declared. It will be made available at the request of the Commissionand in the event of an audit by the Commission and/or by the Court of Auditors and/or their authorised representatives.
Beneficiary's Stamp Name of the Person(s) Authorised to sign this Fianancial Statement
Prof. Carlo Combi
Date & signature
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 98/165
Table 20: Costs for Period P2: UNIVR adjustment
FP7 - Grant Agreement - Annex VI - Collaborative project
3 2010-04-18 22:02
DRAFT
Form C - Financial Statement (to be filled in by each beneficiary)
Project Number 216471 Funding scheme Collaborative projectProject Acronym AVANTSSAR
Period from 01/01/2009 Is this an adjustment to a previous statement ? YesTo 31/12/2009 Adjustment relates to Period : 2
Legal Name UNIVERSITA DEGLI STUDI DI VERONA ParticipantIdentity Code 999838074
OrganisationShort Name UNIVR Beneficiary nr 1
Funding % for RTD activities (A) 75.0 If flat rate for indirect costs, specify % 60
1. Declaration of eligible costs/lump sum/flate-rate/scale of unit (in €)
Type of Activity
RTD (A) Demonstration (B) Management (C) Other (D) Total (A+B+C+D)
Personnel costs 0 0 0 0 0Subcontracting 0 0 0 0 0
Other direct costs 25 0 3,657 0 3,682Indirect costs 15 0 -8 0 7
Total costs 40 0 3,649 0 3,689Maximum EU contribution 30 0 3,649 0 3,679Requested EU contribution 3,679
2. Declaration of receipts
Did you receive any financial transfers or contributions in kind, free of charge from third parties or did the projectgenerate any income which could be considered a receipt according to Art.II. 17 of the grant agreement ? No
If yes, please mention the amount (in €)
3. Declaration of interest yielded by the pre-financing (to be completed only by the coordinator)
Did the pre-financing you received generate any interest according to Art.II.19 ? NoIf yes, please mention the amount (in €)
4. Certificate on the methodology
Do you declare average personnel costs according to Art.II.14.1 ? NoIs there a certificate on the methodology provided by an independent auditor and accepted by the Commissionaccording to Art.II.4.4 ? No
Name of the auditor Cost of the certificate (in €),if charged under this project
5. Certificate on the financial statements
Is there a certificate on the financial statements provided by an independent auditor attached to this financialstatement according to Art.II.4.4 ? No
Name of the auditor Cost of the certificate (in €)
6. Beneficiary's declaration on its honour
We declare on our honour that:
- the costs declared above are directly related to the resources used to attain the objectives of the project and fall within the definition ofeligble costs specified in Articles II.14 and II.15 of the grant agreement, and, if relevant, Annex III and Article 7 (special clauses) of the grantagreement;- the receipts declared above are the only financial transfers or contributions in kind, free of charge, from third parties and the only incomegenerated by the project which could be considered as receipts according to Art.II.17 of the grant agreement;- the interest declared above is the only interest yielded by the pre-financing which falls whithin the definition of Art.II.19 of the grant agreement;- there is full supporting documentation to justify the information hereby declared. It will be made available at the request of the Commissionand in the event of an audit by the Commission and/or by the Court of Auditors and/or their authorised representatives.
Beneficiary's Stamp Name of the Person(s) Authorised to sign this Fianancial Statement
Prof. Carlo Combi
Date & signature
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 99/165
Table 21: Costs for Period P2: UNIVR (details)
Personnel, subcontracting and other major direct cost items for beneficiary 1 (UNIVR) for the period P2Work Package Item description Amount Explanations
1, 2, 3, 4, 5, 6 Personnel costs 104,172 Salaries Subcontracting 0
1, 2, 3, 4, 5, 6 Equipment 1,691 1 laptop, 2 palmtops, server, hard disk1, 6 Website and project repository 287 Website, repository, presentation tools
1, 2, 3, 4, 5, 6 Travel 11,659Project & working meetings, project presentations and dissimination
Remaining direct costs 3,682 Adjustment (including interests refund)TOTAL DIRECT COSTS 121,491
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 100/165
Table 22: Costs for Period P2: ETH Zurich
FP7 - Grant Agreement - Annex VI - Collaborative project
4 2010-04-18 22:02
DRAFT
Form C - Financial Statement (to be filled in by each beneficiary)
Project Number 216471 Funding scheme Collaborative projectProject Acronym AVANTSSAR
Period from 01/01/2009 Is this an adjustment to a previous statement ? NoTo 31/12/2009
Legal Name Eidgenössische Technische Hochschule Zürich ParticipantIdentity Code 999979015
OrganisationShort Name ETH ZURICH Beneficiary nr 2
Funding % for RTD activities (A) 75.0 If flat rate for indirect costs, specify % 60
1. Declaration of eligible costs/lump sum/flate-rate/scale of unit (in €)
Type of Activity
RTD (A) Demonstration (B) Management (C) Other (D) Total (A+B+C+D)
Personnel costs 118,063 0 0 0 118,063Subcontracting 0 0 0 0 0
Other direct costs 3,855 0 0 0 3,855Indirect costs 73,150 0 0 0 73,150
Total costs 195,068 0 0 0 195,068Maximum EU contribution 146,301 0 0 0 146,301Requested EU contribution 146,301
2. Declaration of receipts
Did you receive any financial transfers or contributions in kind, free of charge from third parties or did the projectgenerate any income which could be considered a receipt according to Art.II. 17 of the grant agreement ? No
If yes, please mention the amount (in €)
4. Certificate on the methodology
Do you declare average personnel costs according to Art.II.14.1 ? NoIs there a certificate on the methodology provided by an independent auditor and accepted by the Commissionaccording to Art.II.4.4 ? No
Name of the auditor Cost of the certificate (in €),if charged under this project
5. Certificate on the financial statements
Is there a certificate on the financial statements provided by an independent auditor attached to this financialstatement according to Art.II.4.4 ? No
Name of the auditor Cost of the certificate (in €)
6. Beneficiary's declaration on its honour
We declare on our honour that:
- the costs declared above are directly related to the resources used to attain the objectives of the project and fall within the definition ofeligble costs specified in Articles II.14 and II.15 of the grant agreement, and, if relevant, Annex III and Article 7 (special clauses) of the grantagreement;- the receipts declared above are the only financial transfers or contributions in kind, free of charge, from third parties and the only incomegenerated by the project which could be considered as receipts according to Art.II.17 of the grant agreement;- the interest declared above is the only interest yielded by the pre-financing which falls whithin the definition of Art.II.19 of the grant agreement;- there is full supporting documentation to justify the information hereby declared. It will be made available at the request of the Commissionand in the event of an audit by the Commission and/or by the Court of Auditors and/or their authorised representatives.
Beneficiary's Stamp Name of the Person(s) Authorised to sign this Fianancial Statement
Sabine Meens
Date & signature
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 101/165
Table 23: Costs for Period P2: ETH Zurich (details)
General Remaining direct costs 3,855.00 Travel and expenses for project meetings.
TOTAL DIRECT COSTS 121,918.00
1, 2, 3, 4 Personnel costs 118,063.00 One post-doc and one PhD student.
Subcontracting
Personnel, subcontracting and other major direct cost items for beneficiary 2 (ETH Zurich) for the period P2
Work Package Item description Amount Explanations
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 102/165
Table 24: Costs for Period P2: INRIA
FP7 - Grant Agreement - Annex VI - Collaborative project
5 2010-04-18 22:02
DRAFT
Form C - Financial Statement (to be filled in by each beneficiary)
Project Number 216471 Funding scheme Collaborative projectProject Acronym AVANTSSAR
Period from 01/01/2009 Is this an adjustment to a previous statement ? NoTo 31/12/2009
Legal Name INSTITUT NATIONAL DE RECHERCHE ENINFORMATIQUE ET EN AUTOMATIQUE
ParticipantIdentity Code 999547074
OrganisationShort Name INRIA Beneficiary nr 3
Funding % for RTD activities (A) 75.0 If flat rate for indirect costs, specify % N/A
1. Declaration of eligible costs/lump sum/flate-rate/scale of unit (in €)
Type of Activity
RTD (A) Demonstration (B) Management (C) Other (D) Total (A+B+C+D)
Personnel costs 69,730 0 0 0 69,730Subcontracting 0 0 0 0 0
Other direct costs 8,263 0 0 0 8,263Indirect costs 82,751 0 0 0 82,751
Total costs 160,744 0 0 0 160,744Maximum EU contribution 120,558 0 0 0 120,558Requested EU contribution 120,558
2. Declaration of receipts
Did you receive any financial transfers or contributions in kind, free of charge from third parties or did the projectgenerate any income which could be considered a receipt according to Art.II. 17 of the grant agreement ? No
If yes, please mention the amount (in €)
4. Certificate on the methodology
Do you declare average personnel costs according to Art.II.14.1 ? NoIs there a certificate on the methodology provided by an independent auditor and accepted by the Commissionaccording to Art.II.4.4 ? No
Name of the auditor Cost of the certificate (in €),if charged under this project
5. Certificate on the financial statements
Is there a certificate on the financial statements provided by an independent auditor attached to this financialstatement according to Art.II.4.4 ? Yes
Name of the auditor Agent Comptable INRIA Cost of the certificate (in €) 0
6. Beneficiary's declaration on its honour
We declare on our honour that:
- the costs declared above are directly related to the resources used to attain the objectives of the project and fall within the definition ofeligble costs specified in Articles II.14 and II.15 of the grant agreement, and, if relevant, Annex III and Article 7 (special clauses) of the grantagreement;- the receipts declared above are the only financial transfers or contributions in kind, free of charge, from third parties and the only incomegenerated by the project which could be considered as receipts according to Art.II.17 of the grant agreement;- the interest declared above is the only interest yielded by the pre-financing which falls whithin the definition of Art.II.19 of the grant agreement;- there is full supporting documentation to justify the information hereby declared. It will be made available at the request of the Commissionand in the event of an audit by the Commission and/or by the Court of Auditors and/or their authorised representatives.
Beneficiary's Stamp Name of the Person(s) Authorised to sign this Fianancial Statement
Karl TOMBRE
Date & signature
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 103/165
Table 25: Costs for Period P2: INRIA (details)
1, 2, 3, 4, 5, 6 Travel expenses 8,263.00 Participation to 3 project working meetingsTOTAL DIRECT COSTS 77,993.00
1, 2, 3, 4, 5, 6 Personnel costs 69,730.00 Salaries (Senior researcher and PhD Students)Subcontracting
Personnel, subcontracting and other major direct cost items for beneficiary 3 (INRIA) for the period P2Work Package Item description Amount Explanations
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 104/165
Table 26: Costs for Period P2: University of Nancy
FP7 - Grant Agreement - Annex VI - Collaborative project
6 2010-04-18 22:02
DRAFT
Form C - Financial Statement (to be filled in by Third Party) Only applicable if special clause nr 10 is used
Project Number 216471 Funding scheme Collaborative projectProject Acronym AVANTSSAR
Period from 01/01/2009 Is this an adjustment to a previous statement ? NoTo 31/12/2009
3rd partylegal Name UNIVERSITE DE NANCY 2
3rd partyOrganisationShort Name
UNIVERSITE NANCY II Working forbeneficiary nr 3
Funding % for RTD activities (A) 75.0 If flat rate for indirect costs, specify % N/A
1. Declaration of eligible costs/lump sum/flate-rate/scale of unit (in €)
Type of Activity
RTD (A) Demonstration (B) Management (C) Other (D) Total (A+B+C+D)
Personnel costs 0 0 0 0 0Subcontracting 0 0 0 0 0
Other direct costs 0 0 0 0 0Indirect costs 0 0 0 0 0
Total costs 0 0 0 0 0Maximum EU contribution 0 0 0 0 0Requested EU contribution
2. Declaration of receipts
Did you receive any financial transfers or contributions in kind, free of charge from third parties or did the projectgenerate any income which could be considered a receipt according to Art.II. 17 of the grant agreement ? No
If yes, please mention the amount (in €)
4. Certificate on the methodology
Do you declare average personnel costs according to Art.II.14.1 ? NoIs there a certificate on the methodology provided by an independent auditor and accepted by the Commissionaccording to Art.II.4.4 ? No
Name of the auditor Cost of the certificate (in €),if charged under this project
5. Certificate on the financial statements
Is there a certificate on the financial statements provided by an independent auditor attached to this financialstatement according to Art.II.4.4 ? No
Name of the auditor Cost of the certificate (in €)
6. Beneficiary's declaration on its honour
We declare on our honour that:
- the costs declared above are directly related to the resources used to attain the objectives of the project and fall within the definition ofeligble costs specified in Articles II.14 and II.15 of the grant agreement, and, if relevant, Annex III and Article 7 (special clauses) of the grantagreement;- the receipts declared above are the only financial transfers or contributions in kind, free of charge, from third parties and the only incomegenerated by the project which could be considered as receipts according to Art.II.17 of the grant agreement;- the interest declared above is the only interest yielded by the pre-financing which falls whithin the definition of Art.II.19 of the grant agreement;- there is full supporting documentation to justify the information hereby declared. It will be made available at the request of the Commissionand in the event of an audit by the Commission and/or by the Court of Auditors and/or their authorised representatives.
Beneficiary's Stamp Name of the Person(s) Authorised to sign this Fianancial Statement
Francois Le Poultier
Date & signature
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 105/165
Table 27: Costs for Period P2: UPS-IRIT
FP7 - Grant Agreement - Annex VI - Collaborative project
7 2010-04-18 22:02
DRAFT
Form C - Financial Statement (to be filled in by each beneficiary)
Project Number 216471 Funding scheme Collaborative projectProject Acronym AVANTSSAR
Period from 01/01/2009 Is this an adjustment to a previous statement ? NoTo 31/12/2009
Legal Name UNIVERSITE PAUL SABATIER TOULOUSE III ParticipantIdentity Code 999851169
OrganisationShort Name UPS-IRIT Beneficiary nr 4
Funding % for RTD activities (A) 75.0 If flat rate for indirect costs, specify % 60
1. Declaration of eligible costs/lump sum/flate-rate/scale of unit (in €)
Type of Activity
RTD (A) Demonstration (B) Management (C) Other (D) Total (A+B+C+D)
Personnel costs 44,081 0 0 0 44,081Subcontracting 0 0 0 0 0
Other direct costs 7,229 0 0 0 7,229Indirect costs 30,786 0 0 0 30,786
Total costs 82,096 0 0 0 82,096Maximum EU contribution 61,572 0 0 0 61,572Requested EU contribution 61,572
2. Declaration of receipts
Did you receive any financial transfers or contributions in kind, free of charge from third parties or did the projectgenerate any income which could be considered a receipt according to Art.II. 17 of the grant agreement ? No
If yes, please mention the amount (in €)
4. Certificate on the methodology
Do you declare average personnel costs according to Art.II.14.1 ? NoIs there a certificate on the methodology provided by an independent auditor and accepted by the Commissionaccording to Art.II.4.4 ? No
Name of the auditor Cost of the certificate (in €),if charged under this project
5. Certificate on the financial statements
Is there a certificate on the financial statements provided by an independent auditor attached to this financialstatement according to Art.II.4.4 ? No
Name of the auditor Cost of the certificate (in €)
6. Beneficiary's declaration on its honour
We declare on our honour that:
- the costs declared above are directly related to the resources used to attain the objectives of the project and fall within the definition ofeligble costs specified in Articles II.14 and II.15 of the grant agreement, and, if relevant, Annex III and Article 7 (special clauses) of the grantagreement;- the receipts declared above are the only financial transfers or contributions in kind, free of charge, from third parties and the only incomegenerated by the project which could be considered as receipts according to Art.II.17 of the grant agreement;- the interest declared above is the only interest yielded by the pre-financing which falls whithin the definition of Art.II.19 of the grant agreement;- there is full supporting documentation to justify the information hereby declared. It will be made available at the request of the Commissionand in the event of an audit by the Commission and/or by the Court of Auditors and/or their authorised representatives.
Beneficiary's Stamp Name of the Person(s) Authorised to sign this Fianancial Statement
Gilles Fourtanier
Date & signature
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 106/165
Table 28: Costs for Period P2: UPS-IRIT (details)
2,3,4,5,6 Remaining direct costs 7,229 travel expenses and small equipmentsTOTAL DIRECT COSTS 51,309
2,3,4,5,6 Personnel costs 44,081 Cheikh, Chevalier, El Houri, Feuillade, and KourjiehSubcontracting
Personnel, subcontracting and other major direct cost items for beneficiary 4 (UPS-IRIT) for the period P2Work Package Item description Amount Explanations
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 107/165
Table 29: Costs for Period P2: CNRS
FP7 - Grant Agreement - Annex VI - Collaborative project
8 2010-04-18 22:02
DRAFT
Form C - Financial Statement (to be filled in by Third Party) Only applicable if special clause nr 10 is used
Project Number 216471 Funding scheme Collaborative projectProject Acronym AVANTSSAR
Period from 01/01/2009 Is this an adjustment to a previous statement ? NoTo 31/12/2009
3rd partylegal Name CENTRE NATIONAL DE LA RECHERCHE SCIENTIFIQUE
3rd partyOrganisationShort Name
CNRS Working forbeneficiary nr 4
Funding % for RTD activities (A) 75.0 If flat rate for indirect costs, specify % 60
1. Declaration of eligible costs/lump sum/flate-rate/scale of unit (in €)
Type of Activity
RTD (A) Demonstration (B) Management (C) Other (D) Total (A+B+C+D)
Personnel costs 21,725 0 1,760 1,153 24,638Subcontracting 0 0 0 0 0
Other direct costs 0 0 0 0 0Indirect costs 13,035 0 1,056 691 14,782
Total costs 34,760 0 2,816 1,844 39,420Maximum EU contribution 26,070 0 2,816 1,844 30,730Requested EU contribution 30,730
2. Declaration of receipts
Did you receive any financial transfers or contributions in kind, free of charge from third parties or did the projectgenerate any income which could be considered a receipt according to Art.II. 17 of the grant agreement ? No
If yes, please mention the amount (in €)
4. Certificate on the methodology
Do you declare average personnel costs according to Art.II.14.1 ? NoIs there a certificate on the methodology provided by an independent auditor and accepted by the Commissionaccording to Art.II.4.4 ? No
Name of the auditor Cost of the certificate (in €),if charged under this project
5. Certificate on the financial statements
Is there a certificate on the financial statements provided by an independent auditor attached to this financialstatement according to Art.II.4.4 ? No
Name of the auditor Cost of the certificate (in €)
6. Beneficiary's declaration on its honour
We declare on our honour that:
- the costs declared above are directly related to the resources used to attain the objectives of the project and fall within the definition ofeligble costs specified in Articles II.14 and II.15 of the grant agreement, and, if relevant, Annex III and Article 7 (special clauses) of the grantagreement;- the receipts declared above are the only financial transfers or contributions in kind, free of charge, from third parties and the only incomegenerated by the project which could be considered as receipts according to Art.II.17 of the grant agreement;- the interest declared above is the only interest yielded by the pre-financing which falls whithin the definition of Art.II.19 of the grant agreement;- there is full supporting documentation to justify the information hereby declared. It will be made available at the request of the Commissionand in the event of an audit by the Commission and/or by the Court of Auditors and/or their authorised representatives.
Beneficiary's Stamp Name of the Person(s) Authorised to sign this Fianancial Statement
Mme Armelle Barelli
Date & signature
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 108/165
Table 30: Costs for Period P2: CNRS (details)
TOTAL DIRECT COSTS 24,638.00
1,2,3,5,6 Personnel costs 24,638.00 Philippe Balbiani
Personnel, subcontracting and other major direct cost items for beneficiary 4 (CNRS) for the period P2Work Package Item description Amount Explanations
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 109/165
Table 31: Costs for Period P2: UGDIST
FP7 - Grant Agreement - Annex VI - Collaborative project
9 2010-04-18 22:02
DRAFT
Form C - Financial Statement (to be filled in by each beneficiary)
Project Number 216471 Funding scheme Collaborative projectProject Acronym AVANTSSAR
Period from 01/01/2009 Is this an adjustment to a previous statement ? NoTo 31/12/2009
Legal Name UNIVERSITA DEGLI STUDI DI GENOVA ParticipantIdentity Code 999976687
OrganisationShort Name UGDIST Beneficiary nr 5
Funding % for RTD activities (A) 75.0 If flat rate for indirect costs, specify % 60
1. Declaration of eligible costs/lump sum/flate-rate/scale of unit (in €)
Type of Activity
RTD (A) Demonstration (B) Management (C) Other (D) Total (A+B+C+D)
Personnel costs 84,579 0 0 0 84,579Subcontracting 0 0 0 0 0
Other direct costs 14,426 0 0 0 14,426Indirect costs 59,403 0 0 0 59,403
Total costs 158,408 0 0 0 158,408Maximum EU contribution 118,806 0 0 0 118,806Requested EU contribution 118,806
2. Declaration of receipts
Did you receive any financial transfers or contributions in kind, free of charge from third parties or did the projectgenerate any income which could be considered a receipt according to Art.II. 17 of the grant agreement ? No
If yes, please mention the amount (in €)
4. Certificate on the methodology
Do you declare average personnel costs according to Art.II.14.1 ? NoIs there a certificate on the methodology provided by an independent auditor and accepted by the Commissionaccording to Art.II.4.4 ? No
Name of the auditor Cost of the certificate (in €),if charged under this project
5. Certificate on the financial statements
Is there a certificate on the financial statements provided by an independent auditor attached to this financialstatement according to Art.II.4.4 ? No
Name of the auditor Cost of the certificate (in €)
6. Beneficiary's declaration on its honour
We declare on our honour that:
- the costs declared above are directly related to the resources used to attain the objectives of the project and fall within the definition ofeligble costs specified in Articles II.14 and II.15 of the grant agreement, and, if relevant, Annex III and Article 7 (special clauses) of the grantagreement;- the receipts declared above are the only financial transfers or contributions in kind, free of charge, from third parties and the only incomegenerated by the project which could be considered as receipts according to Art.II.17 of the grant agreement;- the interest declared above is the only interest yielded by the pre-financing which falls whithin the definition of Art.II.19 of the grant agreement;- there is full supporting documentation to justify the information hereby declared. It will be made available at the request of the Commissionand in the event of an audit by the Commission and/or by the Court of Auditors and/or their authorised representatives.
Beneficiary's Stamp Name of the Person(s) Authorised to sign this Fianancial Statement
Riccardo Minciardi, Renato Zaccaria
Date & signature
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 110/165
Table 32: Costs for Period P2: UGDIST (details)
1, 2, 3, 4, 5, 6 Remaining direct costs 14,426.00 Trips
TOTAL DIRECT COSTS 99,005.00
1, 2, 3, 4, 5, 6 Personnel costs 84,579.00
Armando, Di Manzo, Giunchiglia, Carbone,
Ponta, Cappai
Subcontracting
Personnel, subcontracting and other major direct cost items for beneficiary 5 (UGDIST) for the period P2
Work Package Item description Amount Explanations
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 111/165
Table 33: Costs for Period P2: IBM
FP7 - Grant Agreement - Annex VI - Collaborative project
10 2010-04-18 22:02
DRAFT
Form C - Financial Statement (to be filled in by each beneficiary)
Project Number 216471 Funding scheme Collaborative projectProject Acronym AVANTSSAR
Period from 01/01/2009 Is this an adjustment to a previous statement ? NoTo 31/12/2009
Legal Name IBM RESEARCH GMBH ParticipantIdentity Code 999909854
OrganisationShort Name IBM RESEARCH GMBH Beneficiary nr 6
Funding % for RTD activities (A) 50.0 If flat rate for indirect costs, specify % N/A
1. Declaration of eligible costs/lump sum/flate-rate/scale of unit (in €)
Type of Activity
RTD (A) Demonstration (B) Management (C) Other (D) Total (A+B+C+D)
Personnel costs 83,896 0 4,822 0 88,718Subcontracting 0 0 0 0 0
Other direct costs 6,236 0 0 0 6,236Indirect costs 46,857 0 2,693 0 49,550
Total costs 136,989 0 7,515 0 144,504Maximum EU contribution 68,494 0 7,515 0 76,009Requested EU contribution 76,009
2. Declaration of receipts
Did you receive any financial transfers or contributions in kind, free of charge from third parties or did the projectgenerate any income which could be considered a receipt according to Art.II. 17 of the grant agreement ? No
If yes, please mention the amount (in €)
4. Certificate on the methodology
Do you declare average personnel costs according to Art.II.14.1 ? NoIs there a certificate on the methodology provided by an independent auditor and accepted by the Commissionaccording to Art.II.4.4 ? No
Name of the auditor Cost of the certificate (in €),if charged under this project
5. Certificate on the financial statements
Is there a certificate on the financial statements provided by an independent auditor attached to this financialstatement according to Art.II.4.4 ? No
Name of the auditor Cost of the certificate (in €)
6. Beneficiary's declaration on its honour
We declare on our honour that:
- the costs declared above are directly related to the resources used to attain the objectives of the project and fall within the definition ofeligble costs specified in Articles II.14 and II.15 of the grant agreement, and, if relevant, Annex III and Article 7 (special clauses) of the grantagreement;- the receipts declared above are the only financial transfers or contributions in kind, free of charge, from third parties and the only incomegenerated by the project which could be considered as receipts according to Art.II.17 of the grant agreement;- the interest declared above is the only interest yielded by the pre-financing which falls whithin the definition of Art.II.19 of the grant agreement;- there is full supporting documentation to justify the information hereby declared. It will be made available at the request of the Commissionand in the event of an audit by the Commission and/or by the Court of Auditors and/or their authorised representatives.
Beneficiary's Stamp Name of the Person(s) Authorised to sign this Fianancial Statement
Thomas Schlund
Date & signature
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 112/165
Table 34: Costs for Period P2: IBM (details)
1,2,3, 4,5,6 Travel 6,236.00
General meeting, meeting on WP3/4, as
well as conferences and workshops where
AVANTSSAR work was presented
TOTAL DIRECT COSTS 94,954.00
1,2,3, 4,5,6 Personnel costs (Including Management) 88,718.00 Salary of 1 postdoc for the second project
Personnel, subcontracting and other major direct cost items for beneficiary 6 (IBM) for the period P2
Work Package Item description Amount Explanations
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 113/165
Table 35: Costs for Period P2: OpenTrust
FP7 - Grant Agreement - Annex VI - Collaborative project
11 2010-04-18 22:02
DRAFT
Form C - Financial Statement (to be filled in by each beneficiary)
Project Number 216471 Funding scheme Collaborative projectProject Acronym AVANTSSAR
Period from 01/01/2009 Is this an adjustment to a previous statement ? NoTo 31/12/2009
Legal Name OPENTRUST ParticipantIdentity Code 999745245
OrganisationShort Name OPENTRUST Beneficiary nr 7
Funding % for RTD activities (A) 75.0 If flat rate for indirect costs, specify % N/A
1. Declaration of eligible costs/lump sum/flate-rate/scale of unit (in €)
Type of Activity
RTD (A) Demonstration (B) Management (C) Other (D) Total (A+B+C+D)
Personnel costs 16,023 0 0 0 16,023Subcontracting 0 0 0 0 0
Other direct costs 3,836 0 0 0 3,836Indirect costs 19,527 0 0 0 19,527
Total costs 39,386 0 0 0 39,386Maximum EU contribution 29,539 0 0 0 29,539Requested EU contribution 29,539
2. Declaration of receipts
Did you receive any financial transfers or contributions in kind, free of charge from third parties or did the projectgenerate any income which could be considered a receipt according to Art.II. 17 of the grant agreement ? No
If yes, please mention the amount (in €)
4. Certificate on the methodology
Do you declare average personnel costs according to Art.II.14.1 ? NoIs there a certificate on the methodology provided by an independent auditor and accepted by the Commissionaccording to Art.II.4.4 ? No
Name of the auditor Cost of the certificate (in €),if charged under this project
5. Certificate on the financial statements
Is there a certificate on the financial statements provided by an independent auditor attached to this financialstatement according to Art.II.4.4 ? No
Name of the auditor Cost of the certificate (in €)
6. Beneficiary's declaration on its honour
We declare on our honour that:
- the costs declared above are directly related to the resources used to attain the objectives of the project and fall within the definition ofeligble costs specified in Articles II.14 and II.15 of the grant agreement, and, if relevant, Annex III and Article 7 (special clauses) of the grantagreement;- the receipts declared above are the only financial transfers or contributions in kind, free of charge, from third parties and the only incomegenerated by the project which could be considered as receipts according to Art.II.17 of the grant agreement;- the interest declared above is the only interest yielded by the pre-financing which falls whithin the definition of Art.II.19 of the grant agreement;- there is full supporting documentation to justify the information hereby declared. It will be made available at the request of the Commissionand in the event of an audit by the Commission and/or by the Court of Auditors and/or their authorised representatives.
Beneficiary's Stamp Name of the Person(s) Authorised to sign this Fianancial Statement
Ludwig Spiesser
Date & signature
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 114/165
Table 36: Costs for Period P2: OpenTrust (details)
3,2 Travel 3,836.00
Travel expenses : Aslan V2 meeting 1 (Genova),
Aslan V2 meeting 2 (Genova), Orchestration
work meeting with INRIA
TOTAL DIRECT COSTS 19,859.0
1,2,3,4,5,6 Personnel costs 16,023.00
Subcontracting
Personnel, subcontracting and other major direct cost items for beneficiary 7 (OpenTrust) for the period P2
Work Package Item description Amount Explanations
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 115/165
Table 37: Costs for Period P2: IEAT
FP7 - Grant Agreement - Annex VI - Collaborative project
12 2010-04-18 22:02
DRAFT
Form C - Financial Statement (to be filled in by each beneficiary)
Project Number 216471 Funding scheme Collaborative projectProject Acronym AVANTSSAR
Period from 01/01/2009 Is this an adjustment to a previous statement ? NoTo 31/12/2009
Legal Name INSTITUTUL E-AUSTRIA TIMISOARA ParticipantIdentity Code 999624674
OrganisationShort Name IEAT Beneficiary nr 8
Funding % for RTD activities (A) 75.0 If flat rate for indirect costs, specify % 60
1. Declaration of eligible costs/lump sum/flate-rate/scale of unit (in €)
Type of Activity
RTD (A) Demonstration (B) Management (C) Other (D) Total (A+B+C+D)
Personnel costs 22,800 0 0 0 22,800Subcontracting 0 0 0 0 0
Other direct costs 1,185 0 0 0 1,185Indirect costs 14,391 0 0 0 14,391
Total costs 38,376 0 0 0 38,376Maximum EU contribution 28,782 0 0 0 28,782Requested EU contribution 28,782
2. Declaration of receipts
Did you receive any financial transfers or contributions in kind, free of charge from third parties or did the projectgenerate any income which could be considered a receipt according to Art.II. 17 of the grant agreement ? No
If yes, please mention the amount (in €)
4. Certificate on the methodology
Do you declare average personnel costs according to Art.II.14.1 ? NoIs there a certificate on the methodology provided by an independent auditor and accepted by the Commissionaccording to Art.II.4.4 ? No
Name of the auditor Cost of the certificate (in €),if charged under this project
5. Certificate on the financial statements
Is there a certificate on the financial statements provided by an independent auditor attached to this financialstatement according to Art.II.4.4 ? No
Name of the auditor Cost of the certificate (in €)
6. Beneficiary's declaration on its honour
We declare on our honour that:
- the costs declared above are directly related to the resources used to attain the objectives of the project and fall within the definition ofeligble costs specified in Articles II.14 and II.15 of the grant agreement, and, if relevant, Annex III and Article 7 (special clauses) of the grantagreement;- the receipts declared above are the only financial transfers or contributions in kind, free of charge, from third parties and the only incomegenerated by the project which could be considered as receipts according to Art.II.17 of the grant agreement;- the interest declared above is the only interest yielded by the pre-financing which falls whithin the definition of Art.II.19 of the grant agreement;- there is full supporting documentation to justify the information hereby declared. It will be made available at the request of the Commissionand in the event of an audit by the Commission and/or by the Court of Auditors and/or their authorised representatives.
Beneficiary's Stamp Name of the Person(s) Authorised to sign this Fianancial Statement
Dana Petcu
Date & signature
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 116/165
Table 38: Costs for Period P2: IEAT (details)
1, 2, 3, 4, 5, 6 Travel 1,185.00
participation to project meetings and
dissemination
TOTAL DIRECT COSTS 23,985.00
1, 2, 3, 4, 5, 6 Personnel costs 22,800.00
1 senior faculty researcher, 1 postdoc, 1
doctoral student
Subcontracting
Personnel, subcontracting and other major direct cost items for beneficiary 8 (IEAT) for the period P2
Work Package Item description Amount Explanations
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 117/165
Table 39: Costs for Period P2: SAP
FP7 - Grant Agreement - Annex VI - Collaborative project
13 2010-04-18 22:02
DRAFT
Form C - Financial Statement (to be filled in by each beneficiary)
Project Number 216471 Funding scheme Collaborative projectProject Acronym AVANTSSAR
Period from 01/01/2009 Is this an adjustment to a previous statement ? NoTo 31/12/2009
Legal Name SAP AG ParticipantIdentity Code 999911212
OrganisationShort Name SAP Beneficiary nr 9
Funding % for RTD activities (A) 50.0 If flat rate for indirect costs, specify % N/A
1. Declaration of eligible costs/lump sum/flate-rate/scale of unit (in €)
Type of Activity
RTD (A) Demonstration (B) Management (C) Other (D) Total (A+B+C+D)
Personnel costs 169,082 0 533 0 169,615Subcontracting 0 0 0 0 0
Other direct costs 4,999 0 916 0 5,915Indirect costs 290,822 0 0 0 290,822
Total costs 464,903 0 1,449 0 466,352Maximum EU contribution 232,451 0 1,449 0 233,900Requested EU contribution 233,900
2. Declaration of receipts
Did you receive any financial transfers or contributions in kind, free of charge from third parties or did the projectgenerate any income which could be considered a receipt according to Art.II. 17 of the grant agreement ? No
If yes, please mention the amount (in €)
4. Certificate on the methodology
Do you declare average personnel costs according to Art.II.14.1 ? NoIs there a certificate on the methodology provided by an independent auditor and accepted by the Commissionaccording to Art.II.4.4 ? No
Name of the auditor Cost of the certificate (in €),if charged under this project
5. Certificate on the financial statements
Is there a certificate on the financial statements provided by an independent auditor attached to this financialstatement according to Art.II.4.4 ? Yes
Name of the auditor Deloitte&Touche GmbH Cost of the certificate (in €) 0
6. Beneficiary's declaration on its honour
We declare on our honour that:
- the costs declared above are directly related to the resources used to attain the objectives of the project and fall within the definition ofeligble costs specified in Articles II.14 and II.15 of the grant agreement, and, if relevant, Annex III and Article 7 (special clauses) of the grantagreement;- the receipts declared above are the only financial transfers or contributions in kind, free of charge, from third parties and the only incomegenerated by the project which could be considered as receipts according to Art.II.17 of the grant agreement;- the interest declared above is the only interest yielded by the pre-financing which falls whithin the definition of Art.II.19 of the grant agreement;- there is full supporting documentation to justify the information hereby declared. It will be made available at the request of the Commissionand in the event of an audit by the Commission and/or by the Court of Auditors and/or their authorised representatives.
Beneficiary's Stamp Name of the Person(s) Authorised to sign this Fianancial Statement
Peter Rasper
Date & signature
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 118/165
Table 40: Costs for Period P2: SAP adjustment
FP7 - Grant Agreement - Annex VI - Collaborative project
14 2010-04-18 22:02
DRAFT
Form C - Financial Statement (to be filled in by each beneficiary)
Project Number 216471 Funding scheme Collaborative projectProject Acronym AVANTSSAR
Period from 01/01/2009 Is this an adjustment to a previous statement ? YesTo 31/12/2009 Adjustment relates to Period : 1
Legal Name SAP AG ParticipantIdentity Code 999911212
OrganisationShort Name SAP Beneficiary nr 9
Funding % for RTD activities (A) 50.0 If flat rate for indirect costs, specify % N/A
1. Declaration of eligible costs/lump sum/flate-rate/scale of unit (in €)
Type of Activity
RTD (A) Demonstration (B) Management (C) Other (D) Total (A+B+C+D)
Personnel costs 0 0 0 0 0Subcontracting 0 0 0 0 0
Other direct costs 167 0 0 0 167Indirect costs -15,972 0 -34 0 -16,006
Total costs -15,805 0 -34 0 -15,839Maximum EU contribution -7,902 0 -34 0 -7,936Requested EU contribution -7,936
2. Declaration of receipts
Did you receive any financial transfers or contributions in kind, free of charge from third parties or did the projectgenerate any income which could be considered a receipt according to Art.II. 17 of the grant agreement ? No
If yes, please mention the amount (in €)
4. Certificate on the methodology
Do you declare average personnel costs according to Art.II.14.1 ? NoIs there a certificate on the methodology provided by an independent auditor and accepted by the Commissionaccording to Art.II.4.4 ? No
Name of the auditor Cost of the certificate (in €),if charged under this project
5. Certificate on the financial statements
Is there a certificate on the financial statements provided by an independent auditor attached to this financialstatement according to Art.II.4.4 ? Yes
Name of the auditor Deloitte&Touche GmbH Cost of the certificate (in €) 0
6. Beneficiary's declaration on its honour
We declare on our honour that:
- the costs declared above are directly related to the resources used to attain the objectives of the project and fall within the definition ofeligble costs specified in Articles II.14 and II.15 of the grant agreement, and, if relevant, Annex III and Article 7 (special clauses) of the grantagreement;- the receipts declared above are the only financial transfers or contributions in kind, free of charge, from third parties and the only incomegenerated by the project which could be considered as receipts according to Art.II.17 of the grant agreement;- the interest declared above is the only interest yielded by the pre-financing which falls whithin the definition of Art.II.19 of the grant agreement;- there is full supporting documentation to justify the information hereby declared. It will be made available at the request of the Commissionand in the event of an audit by the Commission and/or by the Court of Auditors and/or their authorised representatives.
Beneficiary's Stamp Name of the Person(s) Authorised to sign this Fianancial Statement
Peter Rasper
Date & signature
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 119/165
Table 41: Costs for Period P2: SAP (details)
1, 2, 3, 4, 5, 6 Travel 5,915.00All the travels listed in the proper section of the PPR (plus management)
TOTAL DIRECT COSTS 175,530.00
1, 2, 3, 4, 5, 6 Personnel costs 169,615.00Salary of: 1,4 full-time Senior Researchers, and 1 PhD student until Nov 2009.
Subcontracting
Personnel, subcontracting and other major direct cost items for beneficiary 9 (SAP) for the period P2Work Package Item description Amount Explanations
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 120/165
Table 42: Costs for Period P2: SIEMENS
FP7 - Grant Agreement - Annex VI - Collaborative project
15 2010-04-18 22:02
DRAFT
Form C - Financial Statement (to be filled in by each beneficiary)
Project Number 216471 Funding scheme Collaborative projectProject Acronym AVANTSSAR
Period from 01/01/2009 Is this an adjustment to a previous statement ? NoTo 31/12/2009
Legal Name SIEMENS AG ParticipantIdentity Code 999987260
OrganisationShort Name SIEMENS Beneficiary nr 10
Funding % for RTD activities (A) 50.0 If flat rate for indirect costs, specify % N/A
1. Declaration of eligible costs/lump sum/flate-rate/scale of unit (in €)
Type of Activity
RTD (A) Demonstration (B) Management (C) Other (D) Total (A+B+C+D)
Personnel costs 232,715 0 0 0 232,715Subcontracting 0 0 0 0 0
Other direct costs 0 0 0 0 0Indirect costs 144,905 0 0 0 144,905
Total costs 377,620 0 0 0 377,620Maximum EU contribution 188,810 0 0 0 188,810Requested EU contribution 188,810
2. Declaration of receipts
Did you receive any financial transfers or contributions in kind, free of charge from third parties or did the projectgenerate any income which could be considered a receipt according to Art.II. 17 of the grant agreement ? No
If yes, please mention the amount (in €)
4. Certificate on the methodology
Do you declare average personnel costs according to Art.II.14.1 ? NoIs there a certificate on the methodology provided by an independent auditor and accepted by the Commissionaccording to Art.II.4.4 ? No
Name of the auditor Cost of the certificate (in €),if charged under this project
5. Certificate on the financial statements
Is there a certificate on the financial statements provided by an independent auditor attached to this financialstatement according to Art.II.4.4 ? No
Name of the auditor Cost of the certificate (in €)
6. Beneficiary's declaration on its honour
We declare on our honour that:
- the costs declared above are directly related to the resources used to attain the objectives of the project and fall within the definition ofeligble costs specified in Articles II.14 and II.15 of the grant agreement, and, if relevant, Annex III and Article 7 (special clauses) of the grantagreement;- the receipts declared above are the only financial transfers or contributions in kind, free of charge, from third parties and the only incomegenerated by the project which could be considered as receipts according to Art.II.17 of the grant agreement;- the interest declared above is the only interest yielded by the pre-financing which falls whithin the definition of Art.II.19 of the grant agreement;- there is full supporting documentation to justify the information hereby declared. It will be made available at the request of the Commissionand in the event of an audit by the Commission and/or by the Court of Auditors and/or their authorised representatives.
Beneficiary's Stamp Name of the Person(s) Authorised to sign this Fianancial Statement
Dr. Milos Svoboda/Caroline Wagner-Winter
Date & signature
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 121/165
Table 43: Costs for Period P2: SIEMENS (details)
TOTAL DIRECT COSTS 232,715.00
Personnel, subcontracting and other major direct cost items for beneficiary 10 (SIEMENS) for the period P2
Work Package Item description Amount Explanations
1,2,3,5,6 Personnel costs 232,715.00 Labor costs (salaries + social charges)
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 122/165
6.3 General project meetings6.3.1 First AVANTSSAR Workshop and First Review Meeting
Brussels, Belgium.February 18–20, 2009.First AVANTSSAR Workshop and First Review Meeting, as planned in theDescription of Work.
Name of consortium participant: Departure place: Costs/€:Luca Viganò (UNIVR) Verona 1033.66Mohammad Torabi Dashti (ETH Zurich) Zurich 672.70Michaël Rusinowitch (INRIA) Nancy 602.52Mathieu Turuani (INRIA) Nancy 595.12Yannick Chevalier (UPS-IRIT) Nancy 0.00Alessandro Armando (UGDIST) Genova 1273.59Marius Minea (IEAT) Timişoara 300.00Luca Compagna (SAP) Nice 721.09Stefan Seltzsam (SIEMENS) Munich 670.88
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 123/165
6.3.2 ASLan v.2 Meeting
Santa Margherita Ligure (Genova), Italy.April 21–22, 2009.Meeting organized to converge on the definition of the second version of thespecification language ASLan.
Participant: Departure place: Costs/€:Michele Barletta (UNIVR) Verona 265.71Silvio Ranise (UNIVR) Milano 151.83Luca Viganò (UNIVR) Verona 195.88Simone Frau (ETH Zurich) Zurich 408.10Mohamed Anis Mekki (INRIA) Nancy 1455.23Mathieu Turuani (INRIA) Nancy 1693.09Philippe Balbiani (UPS-IRIT) Toulouse 900.00Yannick Chevalier (UPS-IRIT) Nancy 0.00Alessandro Armando (UGDIST) Genova 1588.75(∗)
Roberto Carbone (UGDIST) Genova 140.90Serena Ponta (UGDIST) Genova 140.90Sebastian Mödersheim (IBM) Zurich 334.68Mohamed Mehdi Bouallagui (OpenTrust) Paris 1149,73Phouric Ung (OpenTrust) Paris 1149,73Marius Minea (IEAT) Timişoara 0.00(†)
Xavier Chantry (SAP) Nice 524.40Jorge Cuellar (SIEMENS) Munich 366.95David von Oheimb (SIEMENS) Munich 333.45Stefan Seltzsam (SIEMENS) Munich 333.95
(∗) This includes also one lunch and one dinner for all project participants.(†) For IEAT, the cost of part of the project meetings were covered from anational research grant supplementing FP7 participation.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 124/165
6.3.3 2nd Synchronization Meeting
Genova, Italy.June 19–20, 2009.Regular meeting as planned in the Description of Work.
Participant: Departure place: Costs/€:Michele Barletta (UNIVR) Verona 295.10Silvio Ranise (UNIVR) Milano 229.70Luca Viganò (UNIVR) Verona 144.60Cas Cremers (ETH Zurich) Zurich 131.80Simone Frau (ETH Zurich) Zurich 295.80Mohammad Torabi Dashti (ETH Zurich) Zurich 599.10Mathieu Turuani (INRIA) Nancy 1455.99Yannick Chevalier (UPS-IRIT/INRIA ) Nancy 700.99Mounira Kourjieh (UPS-IRIT) Toulouse 754.37Alessandro Armando (UGDIST) Genova 800.01(∗)
Alessandro Cappai (UGDIST) Genova 0.00Roberto Carbone (UGDIST) Genova 0.00Serena Ponta (UGDIST) Genova 0.00Sebastian Mödersheim (IBM) Zurich 464.27Phouric Ung (OpenTrust) Paris 1380,03Marius Minea (IEAT) Timişoara 178.00Xavier Chantry (SAP) Nice 251.65Luca Compagna (SAP) Nice 411.45David von Oheimb (SIEMENS) Munich 386.48
(∗) This includes the cost of the meeting room, coffee breaks and dinner forall project participants.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 125/165
6.3.4 WP4 Meeting
Toulouse, France.September 24–25, 2009.Synchronization on upcoming deliverables.
Participant: Departure place: Costs/€:Michele Barletta (UNIVR) Verona 724.38Simone Frau (ETH Zurich) Zurich 502.40Tigran Avanesov (INRIA) Nancy 0.00Mohamed Anis Mekki (INRIA) Nancy 0.00Michaël Rusinowitch (INRIA) Nancy 0.00Mathieu Turuani (INRIA) Nancy 0.00Philippe Balbiani (UPS-IRIT) Toulouse 411.45(∗)
Yannick Chevalier (UPS-IRIT) Toulouse 0.00Marwa El Houri (UPS-IRIT) Toulouse 0.00Roberto Carbone (UGDIST) Genova 430.80Serena Ponta (UGDIST) Genova 419.39Marius Minea (IEAT) Timişoara 0.00Gabriel Erzse (IEAT) Timişoara 457.00Wihem Arsac (SAP) Nice 416.62Jorge Cuellar (SIEMENS) Munich 822.23
(∗) This includes the cost of the lunchs, coffee breaks and one dinner for allproject participants.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 126/165
6.4 Working meetings6.4.1 Definition and application of a distributed temporal logic
for the analysis of security protocols and services
ETH Zurich, Zurich, Switzerland.January 11–17, 2009.Instituto Superior Tecnico IST, Lisboa, Portugal.January 17–25, 2009.Meeting of UNIVR and ETH Zurich with researchers at IST to work on adistributed temporal logic for the analysis of security protocols and services(WP2–6).
Participant: Departure place: Costs/€:Luca Viganò (UNIVR) Verona 1126.96David Basin (ETH Zurich) Zurich 0.00Carlos Caleiro (IST) Lisbon 0.00Jaime Ramos (IST) Lisbon 0.00
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 127/165
6.4.2 Technical meeting on WP5: SAML SSO
University of Genova, Italy.January 26-28, 2009.Meeting of UGDIST and SAP researchers at the University of Genova (WP2–6). Discussed how to jointly progress on the SAML 2.0 SSO subject. Brain-storming on model checking security-relevant aspects of business processes
Participant: Departure place: Costs/€:Alessandro Armando (UGDIST) Genova 0.00Roberto Carbone (UGDIST) Genova 0.00Serena Ponta (UGDIST) Genova 0.00Luca Compagna (SAP) Nice 466.40
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 128/165
6.4.3 Meeting on model-checking for authorization policies
University of Milan, Italy.January 30, 2009.Meeting of UNIVR and researchers at the University of Milan on authoriza-tion policies (WP2–6).
Participant: Departure place: Costs/€:Michele Barletta (UNIVR) Verona 29.85Silvio Ranise (UNIVR) Milano 0.00
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 129/165
6.4.4 Meeting on orchestration work
Nancy, France.March 12, 2009.Meeting of INRIA and OpenTrust on the Orchestration tool.
Participant: Departure place: Costs/€:Phouric Ung (OpenTrust) Paris 78,50Mohamed Mehdi Bouallagui (Opentrust) Paris 78.50
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 130/165
6.4.5 Working Meeting on WP6.2: SAP NW BPM
Karlsruhe, Germany.April 20–23, 2009.Various meetings at SAP Research Karlsruhe to discuss and to progress onthe industry migration initiative about NW BPM.
Participant: Departure place: Costs/€:Wihem Arsac (SAP) Nice 820.44
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 131/165
6.4.6 Meeting on secure pseudonymous channels
IBM, Zurich, Switzerland.June 08–14, 2009.Meeting of UNIVR and IBM to work on the definition of secure pseudony-mous channels (WP2–6).
Participant: Departure place: Costs/€:Luca Viganò (UNIVR) Verona 457.66Sebastian Mödersheim (IBM) Zurich 0.00
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 132/165
6.4.7 Definition and application of a distributed temporal logicfor the analysis of security protocols and services
Instituto Superior Tecnico IST, Lisboa, Portugal.July 07–20, 2009.Meeting of UNIVR and ETH Zurich with researchers at IST to work on adistributed temporal logic for the analysis of security protocols and services(WP2–6).
Participant: Departure place: Costs/€:Luca Viganò (UNIVR) Verona 885.19David Basin (ETH Zurich) Zurich 0.00Carlos Caleiro (IST) Lisbon 0.00Jaime Ramos (IST) Lisbon 0.00
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 133/165
6.4.8 AVANTSSAR technical synchronization meeting on WP4and WP6
Sophia Antipolis, France.August 25-26, 2009.Meeting of UGDIST and SAP researchers at the SAP Labs France. (WP2–6).Discussed the AVANTSSAR Validation Platform with respect to the formalvalidation aspect (no orchestration). Also discussed how to jointly progresson the Model Checking Security-Relevant aspects of Business Processes sub-ject whose outcomes are having significant impact on the industry migrationpath of SAP.
Participant: Departure place: Costs/€:Alessandro Armando (UGDIST) Genova 427.87Luca Compagna (SAP) Nice 91.94(∗)
Xavier Chantry (SAP) Nice 0.00
(*) This includes the cost of 3 dinners for SAP researchers participating tothe official dinner with Prof. Alessandro Armando.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 134/165
6.4.9 Working Meeting on Dynamic Policies, Services, and Com-position
SAP Sophia Antipolis, France.September 10–11, 2009.Meeting of UNIVR, ETH Zurich, UGDIST and SAP on dynamic policies,services, and composition (WP2–6).
Participant: Departure place: Costs/€:Luca Viganò (UNIVR) Verona 332.79Mohammad Torabi Dashti (ETH Zurich) Zurich 638.50Alessandro Armando (UGDIST) Genova 532.24(†)
Roberto Carbone (UGDIST) Genova 38.06Serena Ponta (UGDIST) Genova 44.96Wihem Arsac (SAP) Sophia Antipolis 0.00Luca Compagna (SAP) Sophia Antipolis 102.92(∗)
Keqin Li (SAP) Sophia Antipolis 0.00
(†) This includes the cost of the car used also by all meeting participantsdeparting from Genova.(∗) This includes the cost of 4 dinners for SAP researchers participating tothe two business dinners that took place.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 135/165
6.4.10 Working Meeting on WP2 and WP3
ETH Zurich, Switzerland.October 26–28, 2009.Meeting of UNIVR and ETH Zurich on WP2 and WP3.
Participant: Departure place: Costs/€:Silvio Ranise (UNIVR) Milano 178.00Cas Cremers (ETH Zurich) Zurich 0.00Simone Frau (ETH Zurich) Zurich 0.00Mohammad Torabi Dashti (ETH Zurich) Zurich 0.00
Silvio Ranise was invited by ETH Zurich, which covered the costs.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 136/165
6.4.11 Working Meeting on WP4 and WP5
ETH Zurich and IBM Research Lab Zurich, Switzerland.November 16–22, 2009.Meeting of UNIVR, ETH Zurich, IBM on WP4 and WP5.
Participant: Departure place: Costs/€:Alessandra Di Pierro (UNIVR) Verona 360.21Luca Viganò (UNIVR) Verona 302.58Cas Cremers (ETH Zurich) Zurich 0.00David Basin (ETH Zurich) Zurich 0.00Simone Frau (ETH Zurich) Zurich 0.00Mohammad Torabi Dashti (ETH Zurich) Zurich 0.00Sebastian Mödersheim (IBM) Zurich 0.00
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 137/165
6.4.12 Working Meeting on WP6.2: SAP NW NGSSO and SAPNW BPM
Walldorf, Germany.November 26-27, 2009.Various meetings in WDF to discuss the two SAP industry migration initia-tives on NW SAML NGSSO and NW BPM.
Participant: Departure place: Costs/€:Luca Compagna (SAP) Nice 994.98(∗)
(*) This trip was part of another trip to FIA Stockholm and Workshop withthe SHIELDS Project (see Subsection 6.5).
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 138/165
6.5 Participation to European and scientific events6.5.1 6th ACM Workshop on Formal Methods in Security Engi-
neering (FMSE 2008) co-located with Computer Communi-cation Security
Hilton Alexandria Mark Center, Virginia, USA.October 27–31, 2008.Participation to the workshop FMSE with a talk about [ACC+08] and at-tendance of the main conference CCS.
Participant: Departure place: Costs/€:Luca Compagna (SAP) Sophia Antipolis 0.00Alessandro Armando (UGDIST) Genova 2539.55Roberto Carbone (UGDIST) Genova 2624.21
The costs associated with the participation of Luca Compagna has beenalready reported in the 1st Reporting Period (cf. [AVA08a]).
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 139/165
6.5.2 ARES’09
4th International Conference on Availability, Reliability and Security (ARES),Fukuoka, Japan.March 16th - 19th, 2009.Presentation of [24] by Sebastian Mödersheim.
Participant: Departure place: Costs/€:Sebastian Mödersheim (IBM) Zurich 2790.98
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 140/165
6.5.3 ARSPA-WITS’09 and working meeting at Imperial College
University of York and Imperial College London, UK.March 25 – April 06, 2009.Participation to ARSPA-WITS’09 (Luca Viganò co-chair of the workshop)and working meeting with researchers at Imperial College. Xavier Chantrypresented [8] to ARSPA-WITS’09.
Participant: Departure place: Costs/€:Luca Viganò (UNIVR) Verona 1176.06Xavier Chantry (SAP) Nice 662.69(∗)
Luca Compagna (SAP) Nice 1221.71(∗)
(*) It is important to point out that: (a) the numbers reported for SAP peo-ple comprise the cost of one trip to UK where two different events ARSPA-WITS’09 and IWSP 2009 have been attended, and (b) originally Luca Com-pagna was supposed to travel and to attend the two events, but due to aserious injury, Xavier Chantry took over the trip and attendance.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 141/165
6.5.4 IWSP 2009, 17th International Workshop on Security Pro-tocols
Cambridge, UK.April 01 – April 03, 2009.Participation to IWSP 2009, 17th International Workshop on Security Pro-tocols where Xavier Chantry presented [7].
Participant: Departure place: Costs/€:Xavier Chantry (SAP) Nice 662.69(∗)
Luca Compagna (SAP) Nice 1221.71(∗)
(*) It is important to point out that: (a) the numbers reported for SAP peo-ple comprise the cost of one trip to UK where two different events ARSPA-WITS’09 and IWSP 2009 have been attended, and (b) originally Luca Com-pagna was supposed to travel and to attend the two events, but due to aserious injury Xavier Chantry took over the trip and attendance.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 142/165
6.5.5 Future Internet Conference Prague 2009
Prague, Czech Republic.May 10–13, 2009.
Luca Viganò gave an invited keynote at the Trust and Identity Session “Iden-tity Provisioning in service platforms”, and participated to a panel in theSession “Trust Platforms”.Alessandro Sorniotti presented the the demo of the discovery of the seriousvulnerability to SAML-based SSO for Google Apps as part of the SAP boothat FIA Prague.
Participant: Departure place: Costs/€:Luca Viganò (UNIVR) Verona 763.51Alessandro Sorniotti (SAP) Nice 823.00
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 143/165
6.5.6 Applied Cryptography and Network Security, 7th Interna-tional Conference
Paris-Rocquencourt, France.June 2–5, 2009.Participation to the ACNS’09 Conference.
Participant: Departure place: Costs/€:Cas Cremers (ETH Zurich) Zurich 212.50
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 144/165
6.5.7 9th International School on Formal Methods for the Designof Computer, Communication and Software Systems: WebServices (SFM-09:WS)
Centro Universitario Residenziale di Bertinoro, FC, Italy.June 1–6, 2009.Participation to the school
Participant: Departure place: Costs/€:Serena Elisa Ponta (UGDIST) Genova 1019.40
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 145/165
6.5.8 Cinquièmes Journées Francophones MODÈLES FORMELSde l’INTERACTION (MFI’09)
Lannion, France.June 3–5, 2009.Participation and presentation of [11].
Participant: Departure place: Costs/€:Pablo Seban (UPS-IRIT) Toulouse 390.00Guillaume Feuillade (UPS-IRIT) Toulouse 650.00
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 146/165
6.5.9 Conference on Automated Reasoning with Analytic Tableauxand Related Methods (Tableaux) and Workshop on First-Order Theorem Proving (FTP) 2009
Oslo, Norway.July 05–20, 2009.Participation to Tableaux and FTP
Participant: Departure place: Costs/€:Silvio Ranise (UNIVR) Milano 1159.27
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 147/165
6.5.10 Logic Colloquium 2009
Sofia, Bulgaria.July-August 2009.Invited presentation.
Participant: Departure place: Costs/€:Philippe Balbiani (UPS-IRIT) Toulouse 958.04
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 148/165
6.5.11 9th International School on Foundations of Security Anal-ysis and Design (FOSAD)
Centro Universitario Residenziale di Bertinoro, FC, Italy.August 29 – September 04, 2009.Participation to the school and associated workshop: Luca Viganò: invitedlecture on “On-the-Fly Model Checking of Security Protocols and Web Ser-vices”(participation of Alessandra Di Pierro and Luca Viganò paid by theschool); Michele Barletta: talk on paper “Verifying the Interplay of Autho-rization Policies and Workflow in Service-Oriented Architectures”.
Participant: Departure place: Costs/€:Michele Barletta (UNIVR) Verona 586.70Alessandra Di Pierro (UNIVR) Verona 0.00Luca Viganò (UNIVR) Verona 0.00
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 149/165
6.5.12 6th International Conference on Trust, Privacy and Secu-rity in Digital Business (TrustBus’09)
Linz, Austria.August 31–September 4, 2009.Presentation of [4] by Serena Elisa Ponta.
Participant: Departure place: Costs/€:Serena Elisa Ponta (UGDIST) Genova 1011.67
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 150/165
6.5.13 12th International Information Security Conference 2009
Pisa, Italy.September 7–9, 2009.Participation to ISC’09:Marius Minea: talk on paper “A calculus to detect guessing attacks”.
Participant: Departure place: Costs/€:Marius Minea (IEAT) Brussels 0.00
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 151/165
6.5.14 Summer School on Provable Security
Barcelona, Spain.September 7–11, 2009.Participation to the summer school: Bogdan Groza
Participant: Departure place: Costs/€:Bogdan Groza (IEAT) Timişoara 250.00
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 152/165
6.5.15 ESORICS’09
14th European Symposium on Research in Computer Security (ESORICS).Saint Malo, France.September 21–23, 2009.Presentation of [25] by Sebastian Mödersheim.
Participant: Departure place: Costs/€:Sebastian Mödersheim (IBM) Zurich 1660.85
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 153/165
6.5.16 4th International Conference on Risks and Security of In-ternet and Systems 2009 (CRISIS 2009)
Toulouse, France.October 19–22, 2009.Presentation of [10].
Participant: Departure place: Costs/€:Marwa El Houri (UPS-IRIT) Toulouse 120.00
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 154/165
6.5.17 Stabilization, Safety, and Security of Distributed Systems,11th International Symposium, SSS 2009
Lyon, France.November 3–6, 2009.Presenting [30] at SSS 2009
Participant: Departure place: Costs/€:Mohammad Torabi Dashti (ETH Zurich) Zurich 332.50
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 155/165
6.5.18 FAST’09
6th International Workshop on Formal Aspects in Security and Trust (FAST).Eindhoven, the Netherlands.November 5–6, 2009.Presentation of [16] by Mohamed Anis Mekki.Presentation of [5] by Serena Elisa Ponta.Presentation of [15] by Sebastian Mödersheim.
Participant: Departure place: Costs/€:Mohamed Anis Mekki (INRIA) Nancy 0.00Serena Elisa Ponta (UGDIST) Genova 827.61Sebastian Mödersheim (IBM) Zurich 984.47
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 156/165
6.5.19 Methods for Modalities (M4M 2009)
Copenhagen, Denmark.November 12–14, 2009.Presentation of [12]
Participant: Departure place: Costs/€:Guillaume Feuillade (UPS-IRIT) Toulouse 1250.94
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 157/165
6.5.20 FIA Stockholm and Workshop with the SHIELDS Project
Stockholm, Sweden.November 22–27, 2009.Participation to FIA Stockholm and workshop with Nahid Shahmehri andDavid Byers of the SHIELDS project.
Participant: Departure place: Costs/€:Luca Viganò (UNIVR) Verona 1435.29Luca Compagna (SAP) Nice 994.98(∗)
(*) This trip included an AVANTSSAR working meeting on WP6 that tookplace in Walldorf on November 26-27 (see Subsection 6.4).
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 158/165
7 Planned work for the next reporting periodThe next, and final, reporting period (01.01.2010 — 31.12.2010) will bemainly devoted to the completion of the project in order to achieve all theobjectives listed in the Description of Work. In particular, we will: extendASLan so to be able to fully specify trust and security properties of services,their associated policies, and their composition into service architectures; de-velop a number of automated techniques to reason about services, their as-sociated security policies, and their dynamic composition into secure servicearchitectures; implement and deploy the AVANTSSAR Validation Platform,and apply it to the industrial case studies; publish a library of validatedcomposed services and service architectures; migrate project results to in-dustry, integrating them into service-oriented applications developed at ourindustrial partners, and disseminate them to standardization organizations.
The 13 deliverables due in Period P3 are shown in Table 44, together withthe ongoing deliverable D6.1, and the 2 milestones of Period P3 are shownin Table 45.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 159/165
Table44
:Deliverab
lesdu
ein
Perio
dP3
Del.
no.
Deliverab
lena
me
WP
no.
Lead
bene
ficiary
Nature
Dissemination
level
Deliveryda
tefrom
Ann
exI
(projmon
th)
Delivered
Yes/N
oActua
l/Fo
recast
deliv
eryda
teCom
ments
D1.5
Fina
lProject
Rep
ort
1UNIV
RR
PU36
D1.6
Fina
lDiss
emination
andUse
Plan
1UNIV
RR
PU36
D1.7
Techno
logy
Implem
en-
tatio
nPlan
1SA
PR
PU36
D2.3
ASL
anfin
alversion
with
dyna
mic
service
andpo
licycompo
sition
2ET
HZu
rich
RPU
30
D3.1
Decision
procedures
for
service
synthe
sisan
dsatis
fiability
ofASL
anpo
licies
3UPS
-IRIT
RPU
30
D3.2
Mod
el-che
cking
tech-
niqu
es3
UPS
-IRIT
RPU
32
D3.4
Abstractio
nan
dcom-
posit
iona
lreason
ing
techniqu
esfor
service
analysis
3IN
RIA
RPU
34
D4.2
AVANTSS
AR
Valid
a-tio
nPlatform
v.2
4UGDIST
R&P
PU36
D5.2
Form
alise
dprob
lem
cases
5SA
PR&O
RE
30
D5.3
AVANTSS
AR
Library
ofvalid
ated
prob
lem
cases
5SA
PR&O
RE
36
D5.4
Assessm
ent
ofthe
AVANTSS
AR
Valid
a-tio
nPlatform
5SA
PR
PU36
D6.1
AVANTSS
AR
Web
site
andPa
ckage
6UNIV
RO
PU1–
36Ye
sThe
website
isbe
ing
upda
tedregu
larly
D6.2.3
Migratio
nto
indu
stria
ldevelopm
ent
environ-
ments:lesson
slearned
andbe
st-practices
6SA
PR
PU36
D6.3
Migratio
nto
stan
dard-
isatio
nbo
dies
6SIEM
ENS
RPU
36
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 160/165
Table45
:Mile
ston
es(and
decisio
npo
ints)of
Perio
dP2
Mile
ston
eno
.Mile
ston
ena
me
WPsno
’s.
Lead
bene
ficiary
Deliveryda
tefrom
Ann
exI
(projmon
th)
Achieved
Yes/N
oActua
l/Fo
recast
deliv
eryda
teCom
ments
MS5
ASL
anfin
alversion,
Decidab
ility
results
,Fo
rmalise
dprob
lem
cases,
and
AVANTS-
SAR
inindu
stry
2,3,
5,6
SAP
mon
th30
(third
syn-
chronizatio
nmeetin
g)
MS6
Fina
lassessment,
Mi-
grationto
indu
stry
and
stan
dardisa
tionorga
ni-
satio
ns,Fina
lDiss
em-
ination
and
Use
Plan
,an
dTe
chno
logy
Imple-
mentatio
nplan
1,2,
3,4,
5,6
UNIV
Rmon
th36
(third
review
meetin
g)
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 161/165
8 Financial statements – Forms C and Sum-mary financial report (signed originals sentin parallel by post)
Financial statements for all beneficiaries have been submitted using NEF andsigned copies will be sent in the next days.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 162/165
9 Certificates (signed originals sent in paral-lel by post)
Does not apply.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 163/165
References[AC08] Alessandro Armando and Luca Compagna. SAT-based Model-
Checking for Security Protocols Analysis. International Journalof Information Security, 7(1):3–32, 2008.
[ACC07] Alessandro Armando, Roberto Carbone, and Luca Compagna.LTL Model Checking for Security Protocols. In Proceedingsof the 20th IEEE Computer Security Foundations Symposium(CSF20). IEEE Computer Society Press, 2007.
[ACC+08] Alessandro Armando, Roberto Carbone, Luca Compagna, JorgeCuellar, and Llanos Tobarra Abad. Formal Analysis of SAML2.0 Web Browser Single Sign-On: Breaking the SAML-basedSingle Sign-On for Google Apps. In Proceedings of the 6th ACMWorkshop on Formal Methods in Security Engineering (FMSE2008). ACM Press, 2008.
[AVA08a] AVANTSSAR. Deliverable 1.3: Progress/Assessment Report forYear 1. Available at http://www.avantssar.eu, 2008.
[AVA08b] AVANTSSAR. Deliverable 2.1: Requirements for modelling andASLan v.1. Available at http://www.avantssar.eu, 2008.
[AVA08c] AVANTSSAR. Deliverable 5.1: Problem cases and theirtrust and security requirements. Available at http://www.avantssar.eu, 2008.
[AVA09a] AVANTSSAR. Deliverable 4.1: AVANTSSAR Validation Plat-form v.1. Available at http://www.avantssar.eu, 2009.
[AVA09b] AVANTSSAR. Deliverable 2.2: ASLan v.2 with static serviceand policy composition. Available at http://www.avantssar.eu, 2009.
[BCF07] Philippe Balbiani, Fahima Cheikh, and Guillaume Feuillade.Considérations relatives à la décidabilité et à la complexité duproblème de la composition de services. In Proceedings of theJournées Francophones Modèles formels de l’Interaction (MFI2007), pages 261–268, Paris, France, 2007. Annales du LAM-SADE.
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 164/165
[BCF08a] Philippe Balbiani, Fahima Cheikh, and Guillaume Feuillade.Composition of interactive web services based on controller syn-thesis. 2nd International Workshop on Web Service Compositionand Adaptation (WSCA 08), 0(0):521–528, 2008.
[BCF08b] Philippe Balbiani, Fahima Cheikh, and Guillaume Feuillade.Composition of web services: algorithms and complexity. 1st In-teraction and Concurrency Experience (ICE 08), 0:96–107, 2008.
[BG01] David Basin and Harald Ganzinger. Automated complexityanalysis based on ordered resolution. J. ACM, 48(1):70–109,2001.
[BCDP08] Daniele Berardi, Fahima Cheikh, Giuseppe DeGiacomo, andFabio Patrizi. Automatic service composition via simulation.International Journal of Foundations of Computer Science,19(2):429–451, 2008.
[BCCZ99] A. Biere, A. Cimatti, E. Clarke, and Y. Zhu. Symbolic ModelChecking without BDDs. In Proceedings of TACAS’99, LNCS1579, pages 193–207. Springer-Verlag, 1999.
[Bla01] B. Blanchet. An efficient cryptographic protocol verifier basedon Prolog rules. In csfw01, pages 82–96. ieeecoso, 2001.
[BHKO04] Y. Boichut, P.-C. Heam, O. Kouchnarenko, and F. Oehl. Im-provements on the Genet and Klay Technique to AutomaticallyVerify Security Protocols. In Proc. Int. Workshop on Auto-mated Verification of Infinite-State Systems (AVIS’2004), jointto ETAPS’04, pages 1–11, Barcelona, Spain, 2004. The final ver-sion will be published in EN in Theoretical Computer Science,Elsevier.
[CMR08] Yannick Chevalier, Mohammed Anis Mekki, and Michaël Rusi-nowitch. Automatic Composition of Services with Security Poli-cies. In Jyothishman Pathak, Samik Basu, Marco Pistore,Prashant Doshi, and Rama Akkiraju, editors, Web Service Com-position and Adaptation Workshop (held in conjunction withSCC/SERVICES-2008), pages 529–537, 2008. IEEE.
[CLC03] H. Comon-Lundh and V. Cortier. New decidability results forfragments of first-order logic and application to cryptographic
FP7-ICT-2007-1Project No. 216471
D1.4: Progress/Assessment Report for Year 2 (Period P2: 01.01.09 —31.12.09) 165/165
protocols. Technical Report LSV-03-3, Laboratoire Specifica-tion and Verification, ENS de Cachan, Cachan, France, January2003.
[Con] Oasis Consortium. Universal Description, Discovery, and In-tegration specification. http://uddi.org/pubs/uddi-v3.0.2-20041019.pdf.
[Cra05] Jason Crampton. Understanding and developing role-based ad-ministrative models. In CCS ’05: Proceedings of the 12th ACMconference on Computer and communications security, pages158–167, New York, NY, USA, 2005. ACM.
[GMM05] Paolo Giorgini, Fabio Massacci, and John Mylopoulos. Mod-eling security requirements through ownership, permission anddelegation. In Proc. of RE’05, pages 167–176. IEEE Press, 2005.
[OAS05a] OASIS. Conformance Requirements for the OASIS Security As-sertion Markup Language (SAML) V2.0. Available at http://www.oasis-open.org, March 2005.
[OAS05b] OASIS. Profiles for the OASIS Security Assertion Markup Lan-guage (SAML) V2.0. Available at http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security, March2005.
FP7-ICT-2007-1Project No. 216471