-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.xml
408 lines (285 loc) · 22.8 KB
/
index.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
<?xml version="1.0" encoding="utf-8" standalone="yes" ?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>PassCert Project</title>
<link>/</link>
<atom:link href="/index.xml" rel="self" type="application/rss+xml" />
<description>PassCert Project</description>
<generator>Wowchemy (https://wowchemy.com)</generator><language>en-us</language><copyright>© PassCert Project</copyright><lastBuildDate>Sat, 01 Jun 2030 13:00:00 +0000</lastBuildDate>
<image>
<url>/images/icon_hu350f1502138685215ce213cac6f53845_2708_512x512_fill_lanczos_center_3.png</url>
<title>PassCert Project</title>
<link>/</link>
</image>
<item>
<title>Example Event</title>
<link>/event/example/</link>
<pubDate>Sat, 01 Jun 2030 13:00:00 +0000</pubDate>
<guid>/event/example/</guid>
<description><p>Slides can be added in a few ways:</p>
<ul>
<li><strong>Create</strong> slides using Wowchemy&rsquo;s <a href="https://wowchemy.com/docs/managing-content/#create-slides" target="_blank" rel="noopener"><em>Slides</em></a> feature and link using <code>slides</code> parameter in the front matter of the talk file</li>
<li><strong>Upload</strong> an existing slide deck to <code>static/</code> and link using <code>url_slides</code> parameter in the front matter of the talk file</li>
<li><strong>Embed</strong> your slides (e.g. Google Slides) or presentation video on this page using <a href="https://wowchemy.com/docs/writing-markdown-latex/" target="_blank" rel="noopener">shortcodes</a>.</li>
</ul>
<p>Further event details, including page elements such as image galleries, can be added to the body of this page.</p>
</description>
</item>
<item>
<title>bGSL: An Imperative Language for Specification and Refinement of Backtracking Programs</title>
<link>/publication/2022/jlamp/</link>
<pubDate>Mon, 01 Aug 2022 10:35:12 +0100</pubDate>
<guid>/publication/2022/jlamp/</guid>
<description><h2 id="related">Related</h2>
<ul>
<li><a href="/publication/2022/JLAMP/WPE-report.pdf">A wp Calculus for a Preferential Computations: Mechanisation in Isabelle/HOL (Technical report)</a></li>
</ul>
</description>
</item>
<item>
<title>Persistence of Passwords in Bitwarden's Browser Extension: Unnecessary Retention and Solutions</title>
<link>/publication/2022/rafael-prates-thesis/</link>
<pubDate>Thu, 30 Jun 2022 00:00:00 +0000</pubDate>
<guid>/publication/2022/rafael-prates-thesis/</guid>
<description></description>
</item>
<item>
<title>PassCert presentations at iFM 2022</title>
<link>/post/22-06-07-ifm-lugano/</link>
<pubDate>Tue, 07 Jun 2022 17:48:18 +0000</pubDate>
<guid>/post/22-06-07-ifm-lugano/</guid>
<description><p>Members of the PassCert research team attended <a href="https://ifm22.si.usi.ch/" target="_blank" rel="noopener">iFM 2022</a>, the 17th International Conference on integrated Formal Methods.</p>
<p>The two papers presented were:</p>
<ul>
<li>
<p><a href="/publication/2022/ifm-phd"><em>Studying Users' Willingness to Use a Formally Verified Password Manager</em></a>, Carolina Carreira (presented at the PhD Symposium)</p>
</li>
<li>
<p><a href="/publication/2022/ifm"><em>Verified Password Generation from Password Composition Policies</em></a>, Miguel Grilo, João Campos, João F. Ferreira, José Bacelar Almeida and Alexandra Mendes</p>
</li>
</ul></description>
</item>
<item>
<title>Studying Users' Willingness to Use a Formally Verified Password Manager</title>
<link>/publication/2022/ifm-phd/</link>
<pubDate>Sat, 07 May 2022 00:00:00 +0000</pubDate>
<guid>/publication/2022/ifm-phd/</guid>
<description></description>
</item>
<item>
<title>Verified password generation from password composition policies</title>
<link>/publication/2022/ifm/</link>
<pubDate>Sat, 07 May 2022 00:00:00 +0000</pubDate>
<guid>/publication/2022/ifm/</guid>
<description></description>
</item>
<item>
<title>Implementação Certificada da Componente Criptográfica do Gestor de Passwords KeePass</title>
<link>/publication/2022/pedro-freitas-thesis/</link>
<pubDate>Sat, 30 Apr 2022 00:00:00 +0000</pubDate>
<guid>/publication/2022/pedro-freitas-thesis/</guid>
<description></description>
</item>
<item>
<title>SmartPasswords extension accepted by Bitwarden team</title>
<link>/post/21-11-25-smartpasswords-bw/</link>
<pubDate>Thu, 25 Nov 2021 17:48:18 +0000</pubDate>
<guid>/post/21-11-25-smartpasswords-bw/</guid>
<description><p>Our SmartPasswords extension was <a href="https://github.com/bitwarden/clients/pull/2047" target="_blank" rel="noopener">accepted by the Bitwarden team</a>!
The feature will be merged into the product after a process of code review, benefitting millions of users.</p>
<p>The new feature Smart Passwords, developed in the context of <a href="/publication/2021/joao-campos-thesis/">João Campos&rsquo;s MSc thesis</a>, reads the field <code>passwordrules</code> in an input form. This field contains the password policies specified by the website, making it easier for the generator to generate compliant passwords.</p>
<p>To specify the policy annotations (i.e., password rules), the extension uses a <a href="https://developer.apple.com/documentation/security/password_autofill/customizing_password_autofill_rules" target="_blank" rel="noopener">language developed by Apple</a>.
It also uses a new npm package developed by our team, based on Apple&rsquo;s own parser and adapted to Typescript (<a href="https://github.com/passcert-project/pwrules-annotations" target="_blank" rel="noopener">@passcert/pwrules-annotations</a>).</p>
<p>For example, the specification</p>
<p><code>passwordrules=&quot;required: upper; required: lower; required:digit; required: special; minlength: 10;&quot;</code></p>
<p>specifies a password that must have at least 10 characters, and at least one lowercase letter, one uppercase letter, one digit, and one symbol. Since all character classes are required, the checkboxes are disabled and the minimum number of digits and symbols is also disabled because changing these values would generate a password that would be uncompliant. The minimum length of the password is also capped at 10.</p>
<h2 id="related-publications">Related publications</h2>
<ul>
<li>
<p><a href="/publication/2022/ifm"><em>Verified Password Generation from Password Composition Policies</em></a>, Miguel Grilo, João Campos, João F. Ferreira, José Bacelar Almeida and Alexandra Mendes</p>
</li>
<li>
<p><a href="/publication/2021/joao-campos-thesis/"><em>SmartPasswords: Increasing Password Managers' Usability by Generating Compliant Passwords</em></a>, João Campos&rsquo;s MSc thesis</p>
</li>
</ul></description>
</item>
<item>
<title>Exploring Usable Security to Improve the Impact of Formal Verification: A Research Agenda</title>
<link>/publication/2021/appfm/</link>
<pubDate>Tue, 23 Nov 2021 00:00:00 +0000</pubDate>
<guid>/publication/2021/appfm/</guid>
<description></description>
</item>
<item>
<title>Formal Verification of Password Generation Algorithms used in Password Managers</title>
<link>/publication/2021/miguel-grilo-thesis/</link>
<pubDate>Thu, 18 Nov 2021 00:00:00 +0000</pubDate>
<guid>/publication/2021/miguel-grilo-thesis/</guid>
<description></description>
</item>
<item>
<title>On Usable Security and Verified Password Managers</title>
<link>/publication/2021/carolina-carreira-thesis/</link>
<pubDate>Thu, 18 Nov 2021 00:00:00 +0000</pubDate>
<guid>/publication/2021/carolina-carreira-thesis/</guid>
<description></description>
</item>
<item>
<title>SmartPasswords: Increasing Password Managers' Usability by Generating Compliant Passwords</title>
<link>/publication/2021/joao-campos-thesis/</link>
<pubDate>Thu, 18 Nov 2021 00:00:00 +0000</pubDate>
<guid>/publication/2021/joao-campos-thesis/</guid>
<description></description>
</item>
<item>
<title>Automatic Repair of Java Code with Timing Side-Channel Vulnerabilities</title>
<link>/publication/2021/iwor/</link>
<pubDate>Wed, 10 Nov 2021 00:00:00 +0000</pubDate>
<guid>/publication/2021/iwor/</guid>
<description></description>
</item>
<item>
<title>Towards Improving the Usability of Password Managers</title>
<link>/publication/2021/inforum/</link>
<pubDate>Fri, 10 Sep 2021 00:00:00 +0000</pubDate>
<guid>/publication/2021/inforum/</guid>
<description></description>
</item>
<item>
<title>PassCert presentations at INFORUM 2021</title>
<link>/post/21-09-09-inforum/</link>
<pubDate>Thu, 09 Sep 2021 17:48:18 +0000</pubDate>
<guid>/post/21-09-09-inforum/</guid>
<description><p>Members of the PassCert research team attended <a href="https://inforum.org.pt" target="_blank" rel="noopener">INFORUM 2021</a>, the Portuguese Informatics Symposium, and presented work in progress.</p>
<p>The three talks presented were:</p>
<ul>
<li>
<p><em>Towards Improving the Usability of Password Managers</em>, Carolina Carreira, João F. Ferreira and Alexandra Mendes</p>
</li>
<li>
<p><em>Towards Formal Verification of Password Generation Algorithms used in Password Managers</em>, Miguel Grilo, João F. Ferreira and José Bacelar Almeida</p>
</li>
<li>
<p><em>Certification of a Password Manager&rsquo;s Cryptographic Component</em>, Pedro Freitas</p>
</li>
</ul>
<h2 id="photos">Photos</h2>
<p>
<figure id="figure-carolina-carreira">
<a data-fancybox="" href="/post/21-09-09-inforum/IMG_20210909_154141528_hu9f79c8b916779b183ebc59f463b6a65a_266832_2000x2000_fit_q75_lanczos.jpg" data-caption="Carolina Carreira">
<img data-src="/post/21-09-09-inforum/IMG_20210909_154141528_hu9f79c8b916779b183ebc59f463b6a65a_266832_2000x2000_fit_q75_lanczos.jpg" class="lazyload" alt="" width="4096" height="3072">
</a>
<figcaption>
Carolina Carreira
</figcaption>
</figure>
<figure id="figure-miguel-grilo">
<a data-fancybox="" href="/post/21-09-09-inforum/IMG_20210909_154715661_hua4692192aa9bd9e16b5c3dd0d18b67bc_422688_2000x2000_fit_q75_lanczos.jpg" data-caption="Miguel Grilo">
<img data-src="/post/21-09-09-inforum/IMG_20210909_154715661_hua4692192aa9bd9e16b5c3dd0d18b67bc_422688_2000x2000_fit_q75_lanczos.jpg" class="lazyload" alt="" width="4096" height="3072">
</a>
<figcaption>
Miguel Grilo
</figcaption>
</figure>
<figure id="figure-pedro-freitas">
<a data-fancybox="" href="/post/21-09-09-inforum/IMG_20210909_160156670_hu1a678ba3c51730665319b6da40ec86ef_261299_2000x2000_fit_q75_lanczos.jpg" data-caption="Pedro Freitas">
<img data-src="/post/21-09-09-inforum/IMG_20210909_160156670_hu1a678ba3c51730665319b6da40ec86ef_261299_2000x2000_fit_q75_lanczos.jpg" class="lazyload" alt="" width="4096" height="3072">
</a>
<figcaption>
Pedro Freitas
</figcaption>
</figure>
</p></description>
</item>
<item>
<title>Research Assistant / PhD Position available</title>
<link>/post/21-02-12-research-assistant/</link>
<pubDate>Sat, 13 Feb 2021 17:48:18 +0000</pubDate>
<guid>/post/21-02-12-research-assistant/</guid>
<description><p>We have an open research assistant / Ph.D. student position in the PassCert project! The focus is on the application of formal methods to password security.
The successful candidate will work from INESC-ID in beautiful Lisbon, Portugal and collaborate closely with the <a href="/team">PassCert team</a>. <strong>We are open to discuss the possibility of remote working.</strong></p>
<p>The deadline for application is <strong>12 March 2021</strong>. <a href="/post/21-02-12-research-assistant/">More details</a></p>
<ul>
<li><strong>STARTING DATE:</strong> March 2021</li>
<li><strong>DURATION:</strong> 6 months, extendable (the funding is guaranteed for the first year)</li>
<li><strong>LOCATION:</strong> Lisbon, Portugal (possibly remote)</li>
<li><strong>QUALIFICATIONS:</strong> Applicants must hold a Master&rsquo;s degree in Computer Science and Engineering or related fields</li>
<li><strong>APPLICATION DEADLINE: 12 March 2021</strong></li>
</ul>
<p>The selected candidate will:</p>
<ol>
<li>Contribute to the collection of functional and security requirements for the proof-of-concept password manager and to the identification of properties that will be formally verified.</li>
<li>Formally verify properties relevant to password managers (e.g. properties on generation of secure passwords and properties related to data location).</li>
<li>Contribute to the development of the proof-of-concept verified password manager.</li>
<li>Actively participate in and contribute to PassCert&rsquo;s activities and regular meetings.</li>
</ol>
<p>Full details, including applicable legislation and application procedures are all available in the public notice:
<a href="http://www.eracareers.pt/opportunities/index.aspx?task=global&amp;jobId=131478" target="_blank" rel="noopener">http://www.eracareers.pt/opportunities/index.aspx?task=global&jobId=131478</a></p>
<p>If you have any questions, feel free to get in touch with <a href="https://joaoff.com" target="_blank" rel="noopener">João F. Ferreira</a>.</p>
<h2 id="about-instituto-superior-técnico---university-of-lisbon--inesc-id">About Instituto Superior Técnico - University of Lisbon / INESC-ID</h2>
<p><a href="https://tecnico.ulisboa.pt" target="_blank" rel="noopener">Instituto Superior Técnico</a> (IST) is part of the University of Lisbon and is the leading school of engineering in Portugal and among the ARWU top-20 engineering schools in all of Europe. The school aims to contribute to the development of society, promoting excellence in higher education, in the fields of Architecture, Engineering, Science, and Technology by promoting Research, Development, and Innovation activities.</p>
<p><a href="https://inesc-id.pt" target="_blank" rel="noopener">INESC-ID</a> is an R&amp;D institute dedicated to advanced research and development in the fields of Information Technologies, Electronics, Communications, and Energy, privately owned by IST and INESC. Working in close collaboration with faculty from IST, INESC-ID is the main research center for combined Computer Science and Engineering (CSE) and Electrical and Computer Engineering (ECE) in Portugal.</p></description>
</item>
<item>
<title>Practical recommendations for stronger, more usable passwords combining minimum-strength, minimum-length, and blocklist requirements</title>
<link>/publication/2020/ccs/</link>
<pubDate>Fri, 01 May 2020 00:00:00 +0000</pubDate>
<guid>/publication/2020/ccs/</guid>
<description></description>
</item>
<item>
<title>Skeptic: Automatic, Justified and Privacy-Preserving Password Composition Policy Selection</title>
<link>/publication/2020/asiaccs/</link>
<pubDate>Sat, 01 Feb 2020 00:00:00 +0000</pubDate>
<guid>/publication/2020/asiaccs/</guid>
<description></description>
</item>
<item>
<title>Evaluating the Accuracy of Password Strength Meters using Off-The-Shelf Guessing Attacks</title>
<link>/publication/2020/rsda/</link>
<pubDate>Wed, 01 Jan 2020 00:00:00 +0000</pubDate>
<guid>/publication/2020/rsda/</guid>
<description></description>
</item>
<item>
<title>Why people (don’t) use password managers effectively</title>
<link>/publication/2019/soups/</link>
<pubDate>Wed, 01 May 2019 00:00:00 +0000</pubDate>
<guid>/publication/2019/soups/</guid>
<description></description>
</item>
<item>
<title>PassCert﹕Exploring the Impact of Formal Verification on the Adoption of Password Security Software</title>
<link>/about/</link>
<pubDate>Thu, 28 Jun 2018 00:00:00 +0000</pubDate>
<guid>/about/</guid>
<description><p><img src="../media/passcert-logo.png" alt="PassCert Logo"></p>
<p>With the explosive growth of our data economy, the quantity of personal data and other valuable assets available online has increased massively. At the same time, despite years of searching for viable alternatives, text passwords remain the dominant access control mechanism to access that data and those assets.</p>
<p>Users’ attitudes towards passwords can thus put at risk the security of our data economy. For example, users have shown that they tend to choose weak passwords that are easy to guess by password cracking software. Moreover, many users reuse the same password across different systems, which can have serious consequences for users and organizations affected by data breaches. In the last few years, breaches at organizations like Yahoo!, Dropbox, Lastpass, LinkedIn, and eBay have exposed over a billion user passwords to attackers.</p>
<p>To address this problem, security experts recommend the use of password managers (PMs) that combine secure password storage and retrieval with random password generation. These tools can improve account security by enabling the use of strong and unique passwords, simultaneously improving the usability and convenience of text password authentication. However, despite its critical importance, the adoption of PMs is still low. Reasons for this include distrust on the storage mechanisms and on the quality of generated passwords.</p>
<p><strong>PassCert’s short-term vision is to build an open-source, proof-of-concept PM that through the use of formal verification, is guaranteed to satisfy properties on data storage and password generation. The goal is to help non-expert users to use stronger passwords without sacrificing convenience, whilst conveying the formal guarantees in an effective way. We aim to determine whether formal verification can increase users’ confidence in PMs and thus increase their adoption. The proof-of-concept PM will result from a close collaboration between researchers from <a href="https://inesc-id.pt/" target="_blank" rel="noopener">INESC-ID Lisboa</a>, <a href="https://www.inesctec.pt/en" target="_blank" rel="noopener">INESC TEC</a>, and <a href="https://www.cylab.cmu.edu/" target="_blank" rel="noopener">The Carnegie Mellon CyLab Security and Privacy Institute</a>.</strong></p>
<h2 id="contacts">Contacts</h2>
<p><strong>Principal Investigator in Portugal:</strong> <a href="https://joaoff.com" target="_blank" rel="noopener">João F. Ferreira</a></p>
<p><strong>Principal Investigator at CMU:</strong> <a href="https://www.andrew.cmu.edu/user/nicolasc" target="_blank" rel="noopener">Nicolas Christin</a></p>
<p><a href="/people"><strong>Meet the Team</strong></a></p>
<p><strong>Participant institutions:</strong></p>
<ul>
<li><a href="https://inesc-id.pt" target="_blank" rel="noopener">INESC-ID: Instituto de Engenharia de Sistemas e Computadores, Investigação e Desenvolvimento em Lisboa (INESC-ID)</a></li>
<li><a href="https://tecnico.ulisboa.pt/pt" target="_blank" rel="noopener">Instituto Superior Técnico, Universidade de Lisboa</a></li>
<li><a href="https://www.inesctec.pt/en" target="_blank" rel="noopener">INESC TEC: Instituto de Engenharia de Sistemas e Computadores, Tecnologia e Ciência</a></li>
<li><a href="https://www.scs.cmu.edu" target="_blank" rel="noopener">School of Computer Science, Carnegie Mellon University</a></li>
<li><a href="https://www.cylab.cmu.edu" target="_blank" rel="noopener">CyLab: Carnegie Mellon University Security and Privacy Institute</a></li>
</ul>
<h2 id="funding">Funding</h2>
<p>PassCert is a <a href="https://www.cmuportugal.org/exploratory-research-projects/" target="_blank" rel="noopener">CMU Portugal Exploratory Research Project</a> that is <a href="https://www.fct.pt/apoios/projectos/consulta/vglobal_projecto?idProjecto=156718&amp;idElemConcurso=14177" target="_blank" rel="noopener">funded by the Fundação para a Ciência e a Tecnologia (FCT)</a>.</p>
</description>
</item>
<item>
<title></title>
<link>/people/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/people/</guid>
<description></description>
</item>
</channel>
</rss>