Ralf Sasse

I am a lecturer and Senior Scientist (Focus Education) at the department of computer science D-INFK at ETH Zurich. My research focuses on the intersection of information security and formal methods, specifically the automated analysis of security protocols and the development of tools for that purpose.

Previously, I was a postdoc and senior researcher with David Basin's group, also at ETH Zurich. Before, I was a graduate student and finished a PhD in computer science from the University of Illinois at Urbana-Champaign. I started in Summer 2005 and I studied formal methods with José Meseguer. I have graduated in the summer of 2012. Before starting my studies at the University of Illinois I completed my Diplom studies at the University of Karlsruhe, Germany in the group of Peter H. Schmitt. There, I was involved in the KeY Project.

If you need to contact me, the easiest way to do that is by email to ralf.sasse@inf.ethz.ch for now. My office information is available at the group web pages or:

CAB H 33.2
Universitätstrasse 6
8092 Zurich
phone: +41 44 632 53 89

Publications

• Sound Verification of Security Protocols: From Design to Interoperable Implementations
  Linard Arquint, Felix Wolf, Joseph Lallemand, Ralf Sasse, Christoph Sprenger, Sven Wiesner, David Basin, Peter Müller
  44th IEEE Symposium on Security and Privacy (S&P 2023), 2023.
  (Abstract) (BibTeX [TBA]) (DOI [TBA]) (Preprint version)
• I'm Surprised So Much is Connected: A Study on Users' Online Account Security Connections
  Sven Hammann, Michael Crabb, Sasa Radomirovic, Ralf Sasse, David Basin
  CHI '22: CHI Conference on Human Factors in Computing Systems, 2022.
  (Abstract) (BibTeX) (DOI)
• Tamarin: Verification of Large-Scale, Real World, Cryptographic Protocols
  David Basin, Cas Cremers, Jannik Dreier, Ralf Sasse
  IEEE Security and Privacy Magazine, special issue on Formal Methods at Scale, 2022.
  (Abstract) (BibTeX) (DOI) (Preprint version)
• A Comprehensive Formal Analysis of 5G Handover
  Aleksi Peltonen, Ralf Sasse, David Basin
  ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2021.
  (Abstract) (BibTeX) (DOI) (Preprint version)
• Card Brand Mixup Attack: Bypassing the PIN in non-Visa Cards by Using Them for Visa Transactions
  David Basin, Ralf Sasse, Jorge Toro-Pozo
  Usenix Security, 2021.
  (Abstract) (BibTeX) (Permalink) (Preprint version) (Models and further information)
• The EMV Standard: Break, Fix, Verify *Best Practical Paper Award*
  David Basin, Ralf Sasse, Jorge Toro-Pozo
  Proceedings of the 2021 IEEE Symposium on Security and Privacy (Oakland).
  (Abstract) (BibTeX) (DOI) (Preprint version) (Models and further information)
• A Spectral Analysis of Noise: A Comprehensive, Automated, Formal Analysis of Diffie-Hellman Protocols
  Guillaume Girol, Lucca Hirschi, Ralf Sasse, Dennis Jackson, Cas Cremers, David Basin
  Usenix Security, 2020.
  (Abstract) (BibTeX) (Permalink) (Preprint version)
• SoK: Delegation and Revocation, the Missing Links in the Web's Chain of Trust
  Laurent Chuat, AbdelRahman Abdou, Ralf Sasse, Christoph Sprenger, David Basin, Adrian Perrig
  5th IEEE EuroS&P, 2020.
  (Abstract) (BibTeX) (DOI) (Preprint version)
• Privacy-Preserving OpenID Connect
  Sven Hammann, Ralf Sasse, David Basin
  15th ACM AsiaCCS, 2020.
  (Abstract) (BibTeX) (DOI) (Preprint version)
• Verification of Stateful Cryptographic Protocols with Exclusive OR
  Jannik Dreier, Lucca Hirschi, Sasa Radomirovic, Ralf Sasse
  Journal of Computer Security, 28(1): 1-34 (2020).
  (Abstract) (BibTeX) (DOI) (Preprint version)
• Formal Analysis and Implementation of a TPM 2.0-based Direct Anonymous Attestation Scheme
  Stephan Wesemeyer, Helen Treharne, Liqun Chen, Christopher Newton, Ralf Sasse, Jorden Whitefield
  15th ACM AsiaCCS, 2020.
  (Abstract) (BibTeX) (DOI) (Preprint version)
• User Account Access Graphs
  Sven Hammann, Sasa Radomirovic, Ralf Sasse, David Basin
  ACM Conference on Computer and Communications Security (CCS), London, UK, 2019.
  (Abstract) (BibTeX) (DOI) (Preprint version)
• Seems Legit: Automated Analysis of Subtle Attacks on Protocols that Use Signatures
  Dennis Jackson, Cas Cremers, Katriel Cohn-Gordon, Ralf Sasse
  ACM Conference on Computer and Communications Security (CCS), London, UK, 2019.
  (Abstract) (BibTeX) (DOI) (Preprint version)
• Symbolic Analysis of Identity-Based Protocols
  David Basin, Lucca Hirschi, Ralf Sasse
  Foundations of Security, Protocols, and Equational Reasoning -- Essays Dedicated to Catherine A. Meadows -- CathyFest 2019, LNCS volume 11565, 2019.
  (Abstract) (BibTeX) (DOI) (Preprint version)
• A Symbolic Analysis of ECC-based Direct Anonymous Attestation
  Jorden Whitefield, Liqun Chen, Ralf Sasse, Steve Schneider, Helen Treharne, Stephan Wesemeyer
  4th IEEE EuroS&P, 2019.
  (Abstract) (BibTeX) (DOI) (Preprint version)
• A Formal Analysis of 5G Authentication
  David Basin, Jannik Dreier, Lucca Hirschi, Sasa Radomirovic, Ralf Sasse, Vincent Stettler
  ACM Conference on Computer and Communications Security (CCS), Toronto, Canada, 2018.
  (Abstract) (BibTeX) (DOI) (Extended version)
• Automated Unbounded Verification of Stateful Cryptographic Protocols with Exclusive OR
  Jannik Dreier, Lucca Hirschi, Sasa Radomirovic, Ralf Sasse
  31st IEEE Computer Security Foundations Symposium (CSF), 2018.
  (Abstract) (BibTeX) (DOI) (Extended version with proofs)
• Symbolically Analyzing Security Protocols using TAMARIN
  David Basin, Cas Cremers, Jannik Dreier, Ralf Sasse
  ACM SIGLOG News, October 2017, Vol. 4, No. 4.
  (PDF © ACM) (BibTeX) (ACM via DOI)
• Beyond Subterm-Convergent Equational Theories in Automated Verification of Stateful Protocols
  Jannik Dreier, Charles Dumenil, Steve Kremer, Ralf Sasse
  6th International Conference on Principles of Security and Trust (POST 2017).
  (Abstract) (PDF (preprint) © Springer) (BibTeX) (Springer via DOI) (Extended version with proofs)
• Design, Analysis, and Implementation of ARPKI: an Attack Resilient Public-Key Infrastructure
  David Basin, Cas Cremers, Tiffany Hyun-Jin Kim, Adrian Perrig, Ralf Sasse, Pawel Szalachowski
  IEEE Transactions on Dependable and Secure Computing ( Volume: 15, Issue: 3 ).
  (Abstract) (PDF (preprint) © IEEE) (BibTeX) (IEEE Transactions on Dependable and Secure Computing via DOI )
• Automated Symbolic Proofs of Observational Equivalence
  David Basin, Jannik Dreier, Ralf Sasse
  ACM CCS 2015.
  (Abstract) (PDF (preprint) © ACM) (BibTeX) (ACM/Sheridan Printing via DOI) (Extended version with proofs)
• Alice and Bob Meet Equational Theories
  David Basin, Michel Keller, Sasa Radomirovic, Ralf Sasse
  Logic, Rewriting, and Concurrency - Festschrift Symposium in Honor of José Meseguer 2015.
  (Abstract) (PDF (preprint) © Springer) (BibTeX) (Springer via DOI)
• ARPKI: Attack Resilient Public-Key Infrastructure
  David Basin, Cas Cremers, Tiffany Hyun-Jin Kim, Adrian Perrig, Ralf Sasse, Pawel Szalachowski
  ACM CCS 2014.
  (Abstract) (PDF (preprint) © ACM) (BibTeX) (ACM/Sheridan Printing via DOI)
• Automated Verification of Group Key Agreement Protocols
  Benedikt Schmidt, Ralf Sasse, Cas Cremers, David Basin
  Proceedings of the 2014 IEEE Symposium on Security and Privacy (Oakland).
  (Abstract) (PDF (preprint) © IEEE) (BibTeX) (IEEE via DOI)
• Asymmetric Unification: A New Unification Paradigm for Cryptographic Protocol Analysis
  Serdar Erbatur, Santiago Escobar, Deepak Kapur, Zhiqiang Liu, Christopher Lynch, Catherine Meadows, José Meseguer, Paliath Narendran, Sonia Santiago, Ralf Sasse
  In CADE 2013, LNCS proceedings: 231-248.
  (Abstract) (PDF (preprint) © Springer) (BibTeX) (Springer online via DOI)
• IBOS: A Correct-By-Construction Modular Browser
  Ralf Sasse, Samuel T. King, José Meseguer, Shuo Tang
  Formal Aspects of Component Software 2012, LNCS proceedings.
  (Abstract) (PDF (preprint) © Springer) (BibTeX) (Springer online via DOI)
• Effective Symbolic Protocol Analysis via Equational Irreducibility Constraints
  Serdar Erbatur, Santiago Escobar, Deepak Kapur, Zhiqiang Liu, Christopher Lynch, Catherine Meadows, José Meseguer, Paliath Narendran, Sonia Santiago, Ralf Sasse
  In ESORICS 2012: 73-90
  (Abstract) (PDF (preprint) © Springer) (BibTeX) (Springer Online via DOI)
• Security Models in Rewriting Logic for Cryptographic Protocols and Browsers
  Ralf Sasse
  PhD thesis
  (Abstract) (PDF © Ralf Sasse) (BibTeX) (University of Illinois IDEALS)
• Folding Variant Narrowing and Optimal Variant Termination (journal version)
  Santiago Escobar, Ralf Sasse, José Meseguer
  In Journal of Logic and Algebraic Programming.
  (Abstract) (PDF (preprint) © Elsevier) (BibTeX (preliminary)) (Elsevier online via DOI)
• Protocol analysis in Maude-NPA using unification modulo homomorphic encryption
  Santiago Escobar, Deepak Kapur, Christopher Lynch, Catherine Meadows, José Meseguer, Paliath Narendran, Ralf Sasse
  In Proceedings of the 13th international ACM SIGPLAN symposium on Principles and practices of declarative programming.
  (Abstract) (PDF © ACM) (BibTeX) (ACM digital library via DOI)
• Protocol Analysis Modulo Combination of Theories: A Case Study in Maude-NPA
  Ralf Sasse, Santiago Escobar, Catherine Meadows, José Meseguer
  In Security and Trust Management - 6th International Workshop, STM 2010.
  (Abstract) (PDF (preprint) © Springer) (BibTeX) (Springer Online via DOI)
• Folding Variant Narrowing and Optimal Variant Termination
  Santiago Escobar, Ralf Sasse, José Meseguer
  In 8th International Workshop on Rewriting Logic and its Applications, 2010
  (Abstract) (PDF (preprint) © Springer) (BibTeX) (Springer Online via DOI)
• Model-Checking DoS Amplification for VoIP Session Initiation
  Ravinder Shankesi, Musab AlTurki, Ralf Sasse, Carl A. Gunter, José Meseguer
  In ESORICS 2009: 390-405
  (Abstract) (PDF (preprint) © Springer) (BibTeX) (Springer Online via DOI)
• Effectively Checking the Finite Variant Property
  Santiago Escobar, José Meseguer, Ralf Sasse
  In RTA 2008: Rewriting Techniques and Applications
  (Abstract) (PDF © Springer) (BibTeX) (Springer Online via DOI) (Extended Technical Report)
• Variant Narrowing and Equational Unification
  Santiago Escobar, José Meseguer, Ralf Sasse
  In 7th International Workshop on Rewriting Logic and its Applications, 2008
  (Abstract) (PDF © Elsevier) (BibTeX) (ENTCS via DOI)
• A Systematic Approach to Uncover Security Flaws in GUI Logic
  Shuo Chen, José Meseguer, Ralf Sasse, Helen J. Wang, Yi-Min Wang
  In IEEE Symposium on Security and Privacy, Oakland, California, May 2007
  (Abstract) (PDF (preprint) © IEEE) (BibTeX) (IEEE Explore)
• Java+ITP: A Verification Tool Based on Hoare Logic and Algebraic Semantics
  Ralf Sasse, José Meseguer
  6th International Workshop on Rewriting Logic and its Applications , WRLA, Vienna, Austria, April 2006, ENTCS, Elsevier
  (Abstract) (PDF (preprint) ©Elsevier) (BibTeX) (Further Material)
• Automatic Validation of Transformation Rules for Java Verification against a Rewriting Semantics
  Wolfgang Ahrendt, Andreas Roth, Ralf Sasse
  12th International Conference on Logic for Programming, Artificial Intelligence and Reasoning, LPAR, Montego Bay, Jamaica, December 2005, LNCS 3835, Springer
  (Abstract) (PDF (preprint) ©Springer) (BibTeX) (Springer Online) (Further Material)

Projects

(not up to date - last update 2012)

Cryptographic protocol analysis

IBOS analysis

Variant Narrowing

Systematic GUI Logic Flaw Analysis

In this project my work is partially as a graduate research assistant, that part is funded by the National Science Foundation, and partially as a summer research intern at Microsoft Research. This work addresses GUI logic flaws in web browsers, analyses them systematically and leads to having the thus uncovered flaws fixed by the browser vendor. The systematic analysis is performed on a model of the implementation for the most part but is also done on the actual implementation for some part. You can download the technical report from MSR here (local mirror).

Java+ITP: A Verification Tool Based on Hoare Logic and Algebraic Semantics

My work in this project is as a graduate research assistant, it is funded by the National Science Foundation. This project develops an experimental tool for the verification of properties of a sequential imperative subset of the Java language. It uses an equational semantics of that fragment and develops and implements a compositional Hoare logic for it. The long-term goal of this project is to use extensible and modular rewriting logic semantics of programming languages to develop similarly extensible and modular Hoare logics on which generic program verification tools can be based. This project is documented in the WRLA '06 paper and in a technical report. There is also the project website with more detail and the actual tool. I gave a talk about this work at WRLA'06.

Taclets vs. Rewriting Logic - Relating Semantics of Java

This was my Diplomarbeit done at the University of Karlsruhe. It focuses on the validation of program transformation rules, in the form of taclets, against a semantics of Java, given in Rewriting Logic. The full work is available from the library in Karlsruhe as Technical Report 2005-16 or directly here as PDF Version. I gave a talk about the related paper at LPAR-12. The code used in this project is available from the project website (local mirror). A summary in German is also available as PDF.

Proof Obligations for Correctness of Modifies Clauses

This was my Studienarbeit done at the University of Karlsruhe. It exposed a way on how to create proof obligations, within the KeY framework, to check the correctness of modifies clauses. It is available as PDF.