% this should be the last package used \usepackage{pdfsetup}
% urls in roman style, theory text in math-similar italics \urlstyle{rm} \isabellestyle{it}
% for uniform font size %\renewcommand{\isastyle}{\isastyleminor}
\begin{document}
\title{CoCon: A Confidentiality-Verified Conference Management System} \author{Andrei Popescu \and Peter Lammich \and Thomas Bauereiss} \maketitle
\begin{abstract}
This entry contains the confidentiality verification of the (functional kernel of) the CoCon conference management system \cite{cocon-CAV2014,cocon-JAR2021}. %
confidentiality tothedocumentsmanaged thesystem, namely
papers, reviews, discussionesym}
of BD Security \cite{BDsecurity-ITP2021,BDSecurity% isabellesym.sty), use only when needed \end{abstract
\tableofcontents
\section{Introduction}
This document %\<lhd>, \<lesssim>, \<greatersim>, \<lessapprox>, \<greaterapprox>, %
CoCon%
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
In CoCon, a conference goes through several %successive
phases:
% for uniformd{\isastyle \egindocument \itleCoCon A Confidentiality-Verified ConferenceManagementSystem}
the{AndreiPopescu\nd Peter Lammich\and ThomasBauereiss} %user
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
This entrycontains confidentialityverification ofthe(functional kernelof) theCoCon conference system \cite{cocon-CAV2014,-JAR2021. % \item{\bf Setup} A conference chair can add new chairs %\footnote{A conference is allowed to have multiple chairs.}
and new regular PC members. %(with a chair also being a PC member).
Fromhere on advancing conferencethrough itsdifferentphases canbedone
by the chairs. % \item{\bf Submission}
nyusercanlist theconferences
awaiting submissions(.e. beingin the submission phase.
A user can %then
submit new papers, %and (immediately or later)
upload new versions of their existing papers, or indicate other users as coauthors
therebygranting reading and editingrights %Authors have reading and editing rights of their papers. %'s info and content. % \item{{\bf Bidding}}
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
PC memberscan placebids, for eachpaperone ofthefollowing preferences
``want to %
If preferenceis``onflict',thePCmember cannot be assigned that paper,andwill notseeitsdiscussionjava.lang.StringIndexOutOfBoundsException: Index 112 out of bounds for length 112 %hereafter the PC member no longer sees that paper or the discussion around it.
`Conflict'' automatically to papers authored a PC member. % \item{{\bf Reviewing}}
Chairs can assign reviewers to papers, which must be among the PC members who have no conflict with given paper. %
Theassignedreviewers canedittheir reviews % \item{{\bf Discussion}}
membershavingno conflictwith a can see its reviews andcan commentsjava.lang.StringIndexOutOfBoundsException: Index 88 out of bounds for length 88
reviewersstill reviews, transparent-- thatthe overwrittenversions stillvisible the non-conflict members.
Also, chairs can edit the decision. % \item{{\bf Notification}}
The authors can read' ,\{The 's powersare restricted toapproving rejecting conferencerequests.} \n}
java.lang.StringIndexOutOfBoundsException: Index 8 out of bounds for length 8
isasectiononproved safetyproperties the (invariants that areneededin the proofs ofconfidentiality.
The confidentiality properties of CoCon are formalized asandnew regular members %(with a chair also being a PC member). here on,advancingthe through its differentphases can bedone
alityaspectsabout: \begin{itemize \itempapers \item reviews of papers \item discussion logs consisting of comments from the PC members \item decisions on the existingpapers orindicate otherusers ascoauthors \item assignment of reviewerstopapers \end{itemize} %
Each of these types of confidentiality properties have dedicated%Authors have reading and editing rights of their papers. %'s info and content.
Theboundsandtriggers chosen such way interplaycovers entire informationflowthroughthesystem relationtothe secrets This is in\cite[ection35{-JAR2021
Theproofsproceed BDSecurity,which
is part of the AFP entry on BD SecurityIfthepreference `',thePCmembercannot ,andwillnotseeitsdiscussion
is described in`'isassignedautomatically by .
that in into.approach \cocon}as 6SequentialUnwinding)
citeBDsecurityITP2021 Sequential Unwinding)
The %The can their.
these types of properties \emph{accountability properties} \cite{cosmed-itp2016,cosmed-jar2018} or \emph non members
{}
The and /reject noone edit .
not to , only different a`' .cite3]coconJAR2021explains'traceback .
As a matter of notation,
original onCoCon{-}
and differs from the properties invariants needed ofconfidentiality
in
that the secrets are called `They confidentiality :
denoted by ``value''), and are ranged over bybegin}
hand, we use ` \temdiscussion consisting commentsfromthe members %
,theformalizationuses notations variousBD
security components: \eginitemize
The proofsproceed themethodofBDSecurity,which \item SecurityciteBDSecurityAFP java.lang.StringIndexOutOfBoundsException: Index 65 out of bounds for length 65 \item gamma for the observation discriminator isObs \item g for the observation selector getObs \end{itemize}
% sane default for proof documents \arindent0\parskip0.java.lang.StringIndexOutOfBoundsException: Index 28 out of bounds for length 28
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung und die Messung sind noch experimentell.
