imdea software institute science and technology for developing better software

a n n u a l r e p o r t software institute science and technology for developing better software

a n n u a l r e p o r t foreword

Manuel Hermenegildo Director, IMDEA Software Institute April 6, 2016

a n n u a l r e p o r t Trusted Logic, Airbus, Alcatel, Daimler, or EADS). The Institute is also working on the com the on working also is Institute The EADS). or Daimler, Alcatel, Airbus, Logic, Trusted XMOS, and Logicblox (and many others in Maxeler, otherReply, Scytl, recent Thales, projects,Boeing, suchTelefónica, asFredhopper, FranceMicrosoft, AbsInt, Telecom, Deimos, SAP, Siemens, Atos, include These US. the and countries EU other from rest the and Spanish of them (23) involve collaboration with a large number of companies of all sizes, about 50% 77% and funding, industrial direct are 5 NIST), and ONR agencies US the by 3 EU, the by funded (16 agencies international from are projects the of 19 fellowships. 9 received and The Institute has also participated during 2015 in 30 funded research projects and contracts paper awardsormentionsinthelast5years. 13 received has Institute The conferences. 6 of chairs program or conference being to participated in 65 program committees and 21 and lectures, boards and ofseminars invited journals 43 and andtalks invited conferences, 21 given in etc.), ICALP, addition ICLP, CAV, CSF, CCS, ACM S&P, IEEE EUROCRYPT, CRYPTO, POPL, as such field, the in venues top the of some (in publications refereed 81 published have researchers Institute 2015 During more than 150 international researchers have visited and given talks at the Institute to date. Planck Software Institute in Germany, or ETH in Switzerland, to name just a few. In addition, Max the UK, the in Cambridge of U. France, in INRIA US, the in Research Microsoft or U., different prestigious centers in 8 different countries, including Stanford U., Carnegie Mellon researchers have joined the Institute after working at or obtaining their Ph.D. degrees from 32 12 project staff, a number of interns, and 8 staff members, from 17 different includingnationalities. now Our 23 faculty (one half-time), 10 postdocs, 4 senior visitors, port 26 staff. The researchInstitute has assistants,been very successful in attracting to top talent worldwide, sup and researchers its people: its is Institute the of strength main the doubt, any Without excellence inattractionoftalent,research,andtechnologytransfer. of objectives its in status world-class reached has that reality, exciting vibrant, a is Institute new business areas, creating high added-value jobs, and improving quality of life. Today, the whole opening competitiveness, industrial raising for potential immense an has indeed ogy technol software-related and ever, than times current in relevant more is This employment. and growth, sustainable competitiveness, knowledge, generating of way cost-effective and belief that quality research and innovation in technology-related areas is the most successful The IMDEA Software Institute was created by the Madrid Regional Government under the strong cially to the Madrid Regional Government and Assembly for their continuing vision and support. Many thanks once more to all who have contributed to all these achievements, and very spe around innovationandentrepreneurship. centered events of number good a hosted has Institute the 2015 during activities, these all Joint Research Center, and with Telefónica through our Joint Research Unit. In the context of ued its strong collaborations with Microsoft, within the Microsoft Research–IMDEA Software development, including coaching and hosting several startups. The Institute has also contin business and entrepreneurship, innovation, in activities joint other many and Institute, the by run and hosted Center, Co-Location Madrid the of expansion important an with Group, Institute of Innovation and Technology community EIT Digital KIC Spanish Associate Partner Indra, Atos, UPM, and BSC, including a significant increase of the activities of the European In 2015 the Institute has also strengthened further its strategic partnership with Telefónica, mercialization of the Cadence and ActionGUI technologies, with ETH Zurich, TNO, and Reply.

best - - - - -

a n n u a l r e p o r t t a b l e o f contents

a n n u a l r e p o r t 2. 1. 7. 6. 5. 4. 3.

Industrial andInstitutionalPartnerships General Presentation Scientific Highlights Dissemination ofResults Research ProjectsandContracts People Research

[41] [26]

[109] [6]

[87]

[67]

[15]

a n n u a l r e p o r t general presentation

1.1. Profile [7] 1.2. Motivation and Goals [7] 1.3. Legal Status, Governance, and Management [9] 1.4. Appointments to the Board of Trustees [11] 1.5. Members of the Governing Bodies [12] 1.6. Headquarters Building [13]

a n n u a l r e p o r t 7 a n n u a l r e p o r t software

1.1. Profile

The IMDEA Software Institute (Madrid Institute for Advanced Studies in Software Devel- opment Technologies) is a non-profit, independent research institute promoted by the Madrid Regional Government (CM) to perform attraction of talent, research of excellence, and technology transfer in methods, languages, and tools that will allow the cost-effective development of software products with sophisticated functionality and high quality, i.e., which are safe, reliable, and efficient.

The IMDEA Software Institute is part of the Madrid Institutes for Advanced Studies (IMDEA), an institutional framework created to foster social and economic growth in the region of Madrid by promoting research of excellence and technology transfer in a number of strategic areas (water, food, energy, materials, nanoscience, networks, and software) with high potential impact.

1.2. Motivation and Goals

It is difficult to overstate the importance of software in both our daily lives and in the industrial processes which, running behind the scenes, sustain the modern world. Indeed, software is the enabling technology behind many devices and services that are now essential components of our society, ranging from large critical infrastructures on which our lives depend (cars, planes, air-traffic control, medical devices, banking, the stock market, etc.) to more mundane devices which are now an essential part of our lives (like cell phones, tablets, computers, digital televisions, and the Internet itself). Software has not only facilitated improved solutions to existing problems, but has also started modern revolutions like social networks that change the way we communicate and interact with our environment and other humans. This pervasiveness explains the global 8

figures around software and the IT services sector: according to the Gartner Worldwide

a n n u a l r e p o r t IT Spending Forecast published in third quarter of 2015, global IT spending in 2016 is expected to grow by 1.7% and exceed 3.5 trillion USD, with the annual growth rate close to 2.7% for the 2017-19 period. According to European Commission data for 2014, the EU digital economy is growing at 12% each year, and has already surpassed in size the national economy of a mid-sized member country like Belgium. The same source

software argues that approximately half of EU productivity growth comes from investment in ICT, and that the Internet economy creates five new jobs for every two ‘offline’ jobs lost. This vividly illustrates the huge potential of ICT to drive economic growth and create jobs.

Given the economic relevance of software and its pervasiveness, it is not surprising that errors, failures and vulnerabilities in software can have high social and economic cost: the results of malfunctioning software can range from being annoying (e.g., having to reboot), through posing serious social and legal problems (e.g., privacy and security leaks), to hav- ing high economic cost (e.g., software failures in financial markets and software-related product recalls) or even being a threat to human lives (e.g., a malfunctioning airplane or medical device). Unfortunately, developing software of an appropriate level of reliability, security, and performance, at a reasonable cost is still a challenge today. A recent study from Cambridge University found that the global cost of debugging software has risen to $312 billion annually, while other studies estimated the cost to just the U.S. economy at $60 billion annually, or about 0.6 percent of GDP. The reason for this high cost is that,

Modern cars and trucks contain as many as 100 million lines of computer code. This software runs on more than 30 on-board computers and controls vital functions, including the brakes, engine, cruise control, and stability systems. It is under increasing scrutiny in the wake of recent problems with major manufacturers and it is cur- rently impossible to fully test. while some degree of software correctness can be achieved by careful human or machine- assisted inspection, this is still a labor-intensive task requiring highly qualified personnel, 9 with the ensuing high monetary price. Even worse, the risk of errors produced by human mistakes will still be lurking in the dark. Reducing software errors in a cost-effective man- ner is therefore a task that can greatly benefit from the development of automatic tools.

The security of software systems is also paramount. The European Commission estimates that the damage costs due to cyber-attacks in the European Union is in the order of bil- a n n u a l r e p o r t lions each year. In 2013 a single data breach costed a US retail company $160 million, more than a 40% drop in its profits. Developing software technologies that can detect malicious behaviors and provide defense mechanisms against cyber-attacks is therefore of primary importance. software However, producing automatic tools for reducing software errors as well as developing detection and defense technologies against cyberattacks is extremely hard, because their and construction poses scientific and technological challenges. At the same time, the ubiquity of software makes taking on these challenges a potentially highly profitable endeavor, since solutions to these problems can have a significant and pervasive impact on productivity, safety, and on the general competitiveness of the economy.

The main mission of the IMDEA Software Institute is to tackle these challenges by performing research of excellence in methods, languages, and tools that will allow developing software products with sophisticated functionality and high quality, i.e., software products that are at the same time secure, reliable, and efficient, while ensuring that the process of develop- ing such software is also highly cost-effective. A distinctive feature of the Institute is the concentration on approaches that are rigorous and at the same time allow building practical tools. The research focus includes all phases of the development cycle (analysis, design, implementation, validation, verification, maintenance). In order to achieve its mission, the IMDEA Software Institute gathers a critical mass of world-wide, top-class researchers, and at the same time develops synergies between them and the already significant research base and industrial capabilities existing in the region. Indeed, most of the IT-related com- panies in Spain (and, specially, their research divisions) are located in the Madrid region, which facilitates collaboration and technology transfer. Thus, the IMDEA Software Institute materializes the opportunity of grouping a critical mass of researchers and industrial experts, allowing for significant improvement in the impact of research and innovation.

1.3. Legal Status, Governance, and Management

The IMDEA Software Institute is a non-profit, independent organization, constituted as a Foundation. Its structure brings together the advantages and guarantees offered by a foundation with the flexible and dynamic management typical of a private body. This combination is deemed necessary to attain the goals of excellence in research, coopera- 10 tion with industry, and attraction of talented researchers from all over the world, while managing a combination of public and private funds. The Institute was created officially on November 23, 2006 at the initiative of the Madrid Regional Government, following a design that was the result of a collaborative effort between industry and academia, and started its activities during 2007.

a n n u a l r e p o r t The main governing body of the Institute is the Board of Trustees. The Board includes representatives of the Madrid Regional Government, universities and research centers of Madrid, scientists with high international reputation in software development science and technology, and representatives of companies, together with independent experts.

The Board is in charge of guaranteeing the fulfillment of the foundational purpose and software the correct administration of the funds and rights that make up the assets of the Institute, maintaining their appropriate returns and utility. The Board normally meets twice a year. In the interim, Board-level decisions are delegated to the Standing Committee of the Board. The Board appoints the Director, who is the CEO of the Institute, among scientists with a well-established international reputation in software development science and technology. The Director fosters and supervises the activities of the Institute, and establishes the dis- tribution and application of the available funds among the goals of the Institute, within the patterns and limits decided by the Board of Trustees. The Director is assisted by the Deputy Director and the General Manager, who take care of the legal, administrative, and financial activities of the Institute, and supervise the Project Management and Technology Transfer unit and the Technical Support and Research Infrastructure unit, which work closely with and support the Research Lines of the Institute. The current structure is depicted in Figure 1.1.

BOARD OF TRUSTEES SCIENTIFIC COUNCIL STANDING COMMITTEE

DIRECTOR Prof. M. Hermenegildo

DEPUTY DIRECTOR Prof. M. Carro

GENERAL MANAGER M. Alcaraz

RESEARCH LINES

ADMINISTRATIVE SUPPORT TECHNICAL SUPPORT PROJECTS & TECH. TRANSFER 11 a n n u a l r e p o r t software

Figure 1.1. Governance and management structure of the IMDEA Software Institute.

The Board of Trustees and the Director are assisted in their functions by the Scientific Council, composed of high-level external scientists of international reputation with exper- tise in different areas of research covered by the Institute. The tasks of this scientific council include: to provide advice on and approve the selection of researchers; to provide advice and supervision in the preparation of yearly and longer-term strategic plans; to evaluate the performance with respect to those plans; and to give general advice on matters of relevance to the Institute.

1.4. Appointments to the Board of Trustees

Ms. Alicia Delibes Liniers, Vice-Councilor for Education, Youth, and Sports and Vice- President of the Board of Trustees, left her position in the Regional Government during 2015 and was replaced by Mr. Rafael van Grieken Salvador, Councilor for Education, Youth, and Sports, who was appointed Vice-President of the Board of Trustees. Ms. Lorena Heras Sedano was replaced as Director General for Universities and Research by Mr. José M. Torralba Castelló, who was appointed member of the Board. Mr. Juan A. Botas Echevarría, Deputy Director-General for Universities and Research was replaced in his position and in the Board by Mr. Rafael García Muñoz. Finally, Mr. José M. Rotellar García, former Vice-Councilor for Finance and Economic Policy, left his position in the Regional Government and also in the Board of Trustees. 1.5. Members of the Governing Bodies 12 Board of Trustees

CHAIRMAN UNIVERSITIES AND PUBLIC EXPERT TRUSTEES OF THE FOUNDATION RESEARCH BODIES Mr. José de la Sota Rius Prof. David S. Warren Prof. Narciso Martí Oliet Managing Director, Fundación para a n n u a l r e p o r t State University of New York Universidad Complutense el Conocimiento (MadrI+D), Madrid, at Stony Brook, USA. de Madrid, Spain. Spain.

Prof. Diego Córdoba Gazolaz Mr. Eduardo Sicilia Cavanillas VICE-CHAIRMAN Consejo Superior de Investigaciones Escuela de Organización Industrial, OF THE FOUNDATION Científicas (CSIC), Spain. Madrid, Spain. software Ilmo. Sr. D. Rafael van Grieken Prof. Víctor Robles Forcada INDUSTRIAL TRUSTEES Salvador Universidad Politécnica de Madrid, Councilor for Education, Youth BBVA Spain. and Sports, Madrid Regional Ms. María del Carmen López Government, Spain. Prof. Jesús M. González Barahona Herranz. Global Head of Branch Universidad Rey Juan Carlos, Technology at BBVA. MADRID REGIONAL Madrid, Spain. Board meetings have been attended, GOVERNMENT as invitees, by representatives of the SCIENTIFIC TRUSTEES Ilmo. Sr. D. Rafael van Grieken following companies: Salvador Prof. David S. Warren Telefónica I+D Councilor for Education, Youth State University of New York at Mr. Francisco Jariego, Director and Sports, Madrid Regional Stony Brook, USA. Chairman of the for Industrial Internet of Things, Government, Spain. Board of Trustees. Telefónica Digital, and Estanislao Ilmo. Sr. D. José Manuel Torralba Prof. Patrick Cousot Fernández González-Colaço. Castelló Courant Institute, New York Elecnor Deimos Director-General for Universities University, USA. Mr. Miguel Belló Mora, General and Research, Madrid Regional Director (later moved to UrtheCast), Prof. Luis Moniz Pereira Government, Spain. Mr. Carlos Fernández de la Peña, Universidade Nova de Lisboa, Director of Business Development, and Ilmo. Sr. D. Rafael García Muñoz Portugal. Mr. Felipe Bertrand, Project Manager. Deputy Director-General for Prof. José Meseguer Research, Madrid Regional Atos University of Illinois at Urbana Government, Spain. Mr. José María Cavanillas, Chief Big Champaign, USA. Data & Security Officer, and Ms. Prof. Roberto Di Cosmo Clara Pezuela, Head of IT Market. Université Paris 7, France. Indra Mr. Juan L. Martín Ruiz, Director for Innovation Management.

SECRETARY

Mr. Alejandro Blázquez Lidoy Scientific Council 13 Prof. David S. Warren Prof. Patrick Cousot Prof. José Meseguer State University of New York at Courant Institute, New York University of Illinois at Urbana Stony Brook, USA. University, USA Champaign, USA. Chairman of the Board. Prof. Veronica Dahl Prof. Luis Moniz Pereira Prof. María Alpuente Simon Fraser University, Vancouver, Universidade Nova de Lisboa,

Universidad Politécnica de Valencia, Canada. Portugal a n n u a l r e p o r t Spain. Prof. Herbert Kuchen Prof. Martin Wirsing Prof. Roberto Di Cosmo Universität Münster, Germany. Ludwig-Maximilians-Universität, Universitè Paris 7, France. München, Germany software

1.6. Headquarters Building

Since 2013, the IMDEA Software Institute is located in its new headquarters building in the Montegancedo Science and Technology Park, which was officially inaugurated in July 2013. These premises offer an ideal environment for fulfilling its mission of attraction of talent, research, and technology transfer. It includes offices, numerous spaces for interaction and collaboration, areas for project meetings and for scientific and industrial conferences and workshops, and powerful communications and computing infrastructures. It also provides ample space for strategic activities such as the Madrid Co-location Center of the EIT Digital KIC, part of the European Institute of Innovation and Technology, the IMDEA Software-Microsoft Joint Research Center, the IMDEA Software-Telefónica Joint Research Unit, and other joint research units with industry. It is highly energy-efficient, through energy-conscious design, co-generation, and full automation.

The location of the new IMDEA Software building also provides excellent access to the UPM Computer Science Depart- ment as well as to the other research centers within the Montegancedo Science and Technology Park. These centers include the Madrid Center for Supercomputing and Visualization (CESVIMA), the Center for Computational Simula- tion, the UPM Montegancedo Campus company “incubator” and technology transfer center (CAIT), the Institute for Home Automation (CEDINT), the Institute for Biotechnology and Plant Genomics (CBGP), the Center for Biomedical Technology (CTB), the Microgravity Institute, and the Spanish User Support and Operations Centre for ISS payloads (USOC). In particular, the CESVIMA houses the second largest supercomputer in Spain 14 and one of the largest in Europe, as well as a state-of-the-art visualization cave, and is equipped for massive information storage and processing, high performance computing, and advanced interactive visualization.

The campus obtained the prestigious “International Campus of Excellence” label, and is the only campus in Spain to receive a “Campus of Excellence in Research and Tech- a n n u a l r e p o r t nology Transfer” award in the Information and Communications Technologies area from the Spanish government. software i n d u s t r i a l a n d i n s t i t u t i o n a l partnerships

2.1. Industrial Partnerships [16] 2.2. Cooperation with Research Institutions [19] 2.3. EIT ICT Labs [20] 2.4. Microsoft Research - IMDEA Software Joint Research Center [22] 2.5. Telefónica - IMDEA Software Joint Research Unit [24] 2.6. REDIMadrid [24]

a n n u a l r e p o r t 2.1. Industrial Partnerships 16 The key to innovation is in incorporating new scientific results and technologies into processes and products in a way that increases the competitiveness of industry, con- tributes to sustainable growth, and creates jobs. As a generator of new knowledge and technology in the area of ICT – which has a high economic impact – IMDEA Software is committed to fostering innovation and technology transfer in partnership with industry. a n n u a l r e p o r t

Collaborative Projects and Contracts. Key instruments of industrial partnership are focused collaborations with companies in the form of both collaborative projects funded through competitive public calls and direct industrial contracts. These instruments rep- resent an excellent vehicle for performing joint research and pushing its results towards

software the market. Figure 2.1 lists some of the companies with which the IMDEA Software Institute has collaborated to date in such projects and contracts. The currently active projects and contracts are described further in Chapter 5.

Strategic Partnerships. The Institute has established strategic partnerships with the main stakeholders in the sector which facilitate longer-term collaboration across projects. In particular, the Institute has established close ties with Telefónica, Indra, Atos, and BBVA which have led to a number of strategic cooperation initiatives. An important instance of these initiatives is the joint establishment of the Spanish Associate Partner Group of EIT Digital, the ICT branch of the European Institute of Innovation and Technology, with the added participation of UPM and BSC, and coordinated by the Institute. The coordination of EIT Digital Madrid includes the hosting and operation of the EIT Digital Madrid Co-Location Center and many other joint activities in training (at Masters and PhD level), innovation, and entrepreneurship. In addition, the Institute has established with Telefónica the Telefónica-IMDEA Software Joint Research Unit and with Microsoft the Microsoft Research–IMDEA Software Joint Research Center, and is planning the creation of more such units with other industrial partners. These activities are later described in more detail.

The participation in Spanish and EU Technology Platforms is another strategically impor- tant line of cooperation with industry. Such platforms include the Technology Clusters of the Madrid Region, and the Internet of the Future Es.Internet Spanish platform. All these activities contribute towards aligning research agendas and promote joint partici- pation in projects.

Commercialization of Technology. Another important form of technology transfer is the commercialization of the technology developed at the Institute. Given the controversy around software patents (and the difficulties for filing software patents in Europe), the Institute is combining the protection of its intellectual property with other innovative exploitation models, such as those based on open-source or free software licenses, together with the licensing of such technology (e.g., the CADENCE technologies have been licensed to Reply Communication Valley, see Chapter 7), and the creation of technology- 17 based start-ups. For example, five software registrations have been completed to date, including ActionGUI (jointly developed by IMDEA Software and ETH Zurich, for which joint work on its commercialization is also under way); GGA; EasyCrypt, ZooCrypt, and Masking (the latter three developed jointly by IMDEA Software and INRIA).

Other Industrial Funding and Collaborations. Other forms of collaboration with industry a n n u a l r e p o r t include the industrial funding of doctoral and master students working at the Institute on industry-relevant topics (e.g., Microsoft funds research assistants working on software verification and security), transfer of research personnel trained at the Institute to com- panies (IMDEA Software-trained personnel has already been transferred to companies such as Atos, Microsoft, Google, or Logicblox), funding by industry of research stays software of Institute researchers at company premises (e.g., Institute researchers have made industrially-funded extended stays at Deimos Space, Microsoft Redmond in the US, or Microsoft Cambridge in the UK, and a framework agreement has been signed with Microsoft for this purpose), access to the Institute’s technology and scientific results (e.g., researchers of the Institute have met with personnel from BBVA, Telefónica I+D, Ericsson, GMV, INDRA, IBM, Canal de Isabel II, Interligare, or Lingway, among many others, to present their main research results), access to the Institute’s researchers as consultants, participation of company staff in Institute activities, etc. Project/Contract Funding Entity Industrial Partners 18 MOBIUS FP6: IP France Telecom, SAP AG, Trusted Labs HATS PF7: IP Fredhopper NESSoS PF7: NoE Siemens, ATOS ES_PASS (Through an ITEA2, MITyC Airbus France, Thales Avionics, CS associated group at UPM.) Systèmes d’Information, Daimler AG, PSA Peugeot Citroen, Continental, Siemens VDO Automotive, EADS Astrium, GTD, Thales a n n u a l r e p o r t Transportation, and IFB Berlin EzWeb MITyC Telefónica I+D, Alimerka, Integrasys, Codesyntax, TreeLogic, Intercom Factory, GESIMDE, Yaco, SoftTelecom DESAFIOS-10 MICINN BBVA-GlobalNet, LambdaStream, Deimos software Space PROMETIDOS Madrid Regional Deimos Space, Atos Origin, BBVA-GlobalNet, Government Thales, Telefónica I+D MTECTEST Madrid Regional Deimos Space Government SEIF awards Microsoft SEIF Microsoft Research PhD Scholarships Microsoft Microsoft Research ENTRA FP7: STREP XMOS VARIES FP7: ARTEMIS Barco NV, HI iberia, IntegraSys, Tecnalia, Sirris, Spicer, Fraunhofer Gesellschaft, Pure- Systems Gmbh, STiftelsen Sintef, Autronica, Franders Mechatronics Technology Centre, Atego Systems, Teknologia Tutkimuskeskus VTT, Mobisoft, HIQ Finland, Softkinetic Sensors, Macq, Metso Automation. 4CaaST FP7: IP Telefónica I+D, SAP, France Telecom, Telecom Italia, Ericsson, Nokia-Siemens, Bull SAS, 2nd Quadrant, Flexiant POLCA FP7: STReP Maxeler, Recore Cadence EIT Reply SpA FI-PPP-Liaison EIT Ingegneria Informatica SpA, Orange, Thales, Create-Net Contracts Microsoft Microsoft Research Contracts AbsInt AbsInt GmbH Contracts Boeing Boeing Research & Technology Europe Contracts Telefónica Telefónica I+D Contracts LogicBlox LogicBlox Contracts (eTUR2020) Zemsannia Zemsania, Tecnocom, Groupalia, Solusoft, Eurona, BDigital

Figure 2.1. Some companies with which the IMDEA Software Institute has collaborated through projects and contracts to date. 2.2. Cooperation with Research Institutions 19 As an international research organization, the Institute collaborates with many univer- sities and other research centers worldwide. As with companies, an important way in which such cooperation happens is through focused collaborations in the framework of collaborative projects, funded through competitive calls or industrial contracts. At the Universidad same time, and similarly to the industrial case, the Institute has established longer-term, Rey Juan Carlos strategic partnerships with a number of research institutions, in the Madrid region and a n n u a l r e p o r t internationally, in order to allow more strategic collaborations and reach objectives that Universidad go beyond those of individual projects. At present the Institute has active long-term Rey Juan Carlos agreements with the following universities and research centers:

Universidad • Universidad Politécnica de Madrid (since November 2007). software Rey Juan Carlos • Universidad Complutense de Madrid (since November 2007). • Universidad Rey Juan Carlos (since January 2008). • Roskilde University, Denmark (since June 2008). • Consejo Superior de Investigaciones Científicas (since November 2008). • Swiss Federal Institute of Technology (ETH) Zurich (since November 2012). • Microsoft Research (since December 2012, with a Joint Research Center established in 2014).

These agreements establish a framework for the development of collaborations that include the joint participation in and development of graduate programs; the joint use of resources, equipment, and infrastructure; exchange of staff; joint participation in research projects; the association of researchers and research groups with the Institute; or the joint commercialization of technology. In particular, research assistants at the IMDEA Software Institute can follow graduate studies at any of the cooperating Institu- tions, while funded by the IMDEA Software Institute. Furthermore, all of the seminars and talks at the Institute are open to the campus and the academic community at large.

To illustrate the scope and importance for the Institute of these agreements, we offer here some highlights. The agreement with the Universidad Politécnica de Madrid (UPM) has allowed the location of the Institute building in its Montegancedo Science and Tech- nology Park. In addition, the Institute has been collaborating with UPM in a graduate program for several years. This program is instrumented as a separate track on Software Development through Rigorous Methods in an existing Masters (“MUSS”) and PhD programs (“DSS / DSSC”) at UPM. In them, researchers from the Institute can teach through a “Venia Docendi”, i.e., a permission to teach, and be PhD thesis advisors. Most research assistants at the IMDEA Software Institute obtain their Masters and PhD follow- ing these programs. Under the agreement with the Consejo Superior de Investigaciones Científicas, two researchers—Cesar Sánchez and Pedro López—have dual appointments at CSIC and the Institute. Under the agreement with Roskilde University, one of its full professors —John Gallagher— is also part-time senior researcher at the Institute. 20 As mentioned before, the agreement with ETH Zurich includes the joint development and commercialization of the ActionGUI technology, from the Institute’s Modeling Lab. Finally, the Institute of course also collaborates with the other Institutes in the IMDEA network. As an example, the Institute has secured and coordinates the AMAROUT-I and AMAROUT-II COFUND programs of Marie Curie fellowships, which fund personnel in all the IMDEA Institutes, and provides other services to the IMDEA institutes, including a n n u a l r e p o r t hosting a joint coordination unit.

The Institute also has a strong presence in national and international bodies. It is a member of Informatics Europe, the organization of all deans, chairs, and directors of the leading Departments and Institutes of Computer Science in Europe, similar to the CRA

software in the US. In addition, the Institute is a member of ERCIM, the European Research Con- sortium for Informatics and Mathematics through SpaRCIM, the Spanish representative in ERCIM. Manuel Hermenegildo, IMDEA Software Institute Director, is the President of the SpaRCIM Executive Board and a member of the Informatics Europe steering board.

2.3. EIT Digital

In June 2013, IMDEA Software officially became an Associate Partner of EIT Digital (formerly known as EIT ICT Labs), as the first Spanish organization to enter its Pan- European network of seven full national nodes (in Helsinki, Stockholm, Berlin, London, Eindhoven, Paris, and Trento) and two associate nodes (Budapest and Madrid, the latter located at IMDEA Software).

EIT Digital is a Knowledge and Innovation Community (KIC) of the European Institute of Innovation and Technology (EIT), which includes some of the leading educational, research, and industrial actors in the ICT innovation ecosystem in Europe. Its mission is to combine the educational, research, and industrial tools and activities to drive and foster ICT innovation on the European scale in the following strategic areas: Smart Energy Systems, Future Networking Solutions, Future Cloud, Health and Wellbeing, Privacy, Security and Trust, Future Urban Life and Mobility, Smart Spaces, and Cyber-Physical Systems. These areas are complemented by integrated and innovation-driven Master and Doctoral Schools and Business Development Acceleration programs.

One of the key goals of IMDEA Software as the Spanish Associate Member is to promote, motivate, and organize the presence of EIT Digital in Spain, and to foster the evolution of the Spanish Associate Partner Group (APG) – which includes some of the most prominent players in the ICT innovation arena, such as Telefónica, Indra, Atos, and the Technical University of Madrid (UPM) – towards a fully operational EIT Digital node. Together with these strategic partners, the Institute is working on developing innovation-oriented projects within the framework of EIT Digital, increasing its presence in Spain through interaction with regional and national governments, and boosting and creating synergy between the 21 entrepreneurship initiatives and mechanisms led by the members of the APG and beyond.

IMDEA Software has participated in the EIT Digital Business Plan for 2015 with the following activities:

• Research and innovation activity in the field of Privacy, Security, and Trust (project a n n u a l r e p o r t CADENCE, continuing from 2014 – see Chapter 5 for more details).

• Further development of the Madrid Co-Location Center (CLC), hosted in the premises of IMDEA Software. The CLC is the home for the EIT Digital activities and the meet-

ings of the Spanish APG, and has the objective of fostering innovation, technology software transfer, and entrepreneurship in Spain. The CLC is equipped with ample office space and meeting facilities, worksplaces for start-ups, and work and collaboration areas for the students in the EIT Digital masters and doctoral programs. In addition to the organization and participation in relevant events devoted to innovation (e.g., the South Summit), the CLC also hosts startups and scaleups. During 2015 three companies, participating in the EIT Digital Accelerator Program, have been coached and hosted at the CLC: Coowry, LeanXcale, and LocaliData.

Smart Energy Systems Future Urban Life & Mobility Future Networking Solutions Smart Spaces Future Cloud Action Cyber-Physical Systems Health & Wellbeing lines Master School Privacy, Security & Trust Doctoral School

Helsinki

Stockholm

Eindhoven Berlín Londres

París Budapest

Trento

Madrid • Development of the Madrid Business Development Accelerator (BDA) segment which 22 is part of the EIT Digital BDA 50-strong specialists network who help in bringing ideas to market and providing services such as coaching, access to finance, or soft landing, at a pan-European level. This has also included participation in and organization of events related to innovation and entrepreneurship such as, e.g., the South Summit.

• Launch of the EIT Digital Doctoral Training Center and the Master Program in Data a n n u a l r e p o r t Analytics, in cooperation with UPM, which is part of the EIT Digital educational initia- tive that allows doctoral and master students to obtain not only a recognized technical education, but also entrepreneurial skills and the opportunity to work with European top research facilities and leading business partners. software

2.4. Microsoft Research - IMDEA Software Joint Research Center

The Microsoft Research - IMDEA Software Institute Joint Research Center (http://www. msr-imdeasw.org/) started operations in late 2013 with the objective of framing and boosting the significant research collaborations between Microsoft Research and the IMDEA Software Institute in software science and technology.

The second Microsoft Research - IMDEA Software Institute Collaborative Workshop (MICW 2015) took place at the IMDEA Software Institute on April 9-10, 2015. This was the second in a series of annual workshops aimed at reinforcing the collaboration between the two institutions, with researchers from both sides working together on several research topics. It was organized by Judith Bishop and Cedric Fournet from Microsoft Research and by Alexey Gotsman and Manuel Hermenegildo from the IMDEA Software Institute. 23 a n n u a l r e p o r t software

The collaborative workshops bring together researchers and students to discuss their joint work on hot topics in software in order to advance the state of the art and, where possible, to bring those advances to market. The second workshop included sessions on Scalable and Correct Data Management in the Cloud, Verification for Cryptography and Security, and Secure Distributed Programming, as well as ample time for focussed group discussions.

The collaborations between IMDEA Software and Microsoft involve around 30 research- ers from both sides and have resulted in more than 25 publications in top-level venues to date, including joint papers at top-ranked conferences such as ACM Symposium on Principles of Programming Languages (POPL), IEEE Symposium on Security and Privacy (S&P), and International Conference on Computer Aided Verification (CAV). 2.5. Telefónica - IMDEA Software Joint Research Unit 24 IMDEA Software and Telefónica I+D cooperate since 2012 on developing software archi- tectures and high-level components within the framework of the FI-WARE initiative through a Joint Research Unit. This Joint Research Unit works on different topics, such as brokerage in the context of Internet of Things (IoT), and facilitating the definition and automatic deployment of cloud application components. The Joint Research Unit also a n n u a l r e p o r t organizes education activities in the area of FI-WARE technology. software

2.6. REDIMadrid

REDIMadrid is the academic and research Internet backbone of the Madrid Region, which connects universities and research centers located in the Madrid region (includ- REDIMadrid ing IMDEA Software and the other IMDEA institutes). REDIMadrid is currently managed by the IMDEA Software Institute, and it is funded by the Madrid Regional Government. REDIMadrid provides the connected institutions with a highly-reliable high-speed con- nection to the REDIMadrid routing facilities, which connects to the national network (RedIRIS), the European research network Géant and the rest of the Internet. For example,

Instituto all public universities are provided connections at 10Gb per second using a network of Universidad Nacional Complutense de Técnica Aeroespacial metropolitan fiber-optic rings.

The IMDEA Software Institute also hosts and operates the new EIT Digital node, located at the data center of the EIT Digital Co-location Center. This node is connected to the REDIMadrid infrastructure using a fiber-optic link provided by the National High-Speed Research Network Backbone, RedIRIS-NOVA. This pioneer link is operated as an experi- Universidad Consejo Carlos III de Madrid Superior de Investigaciones Científicas mentation infrastructure that supports speeds of up to 100Gb, and whose routing facili- ties have been designed, deployed and maintained by the IMDEA Software REDIMadrid 25 personnel. This recent expansion of RedIRIS-NOVA and REDIMadrid has been funded jointly by the Spanish and Madrid Governments in direct support of the EIT Digital associate partner group in Spain.

REDIMadrid a n n u a l r e p o r t software

Instituto Universidad Nacional Complutense de Técnica Aeroespacial

Universidad Consejo Carlos III de Madrid Superior de Investigaciones Científicas research

3.1. “Greener” Software: Verifying and Controlling Resource Consumption [28] 3.2. Formal Verification of Cyber-Physical Systems [29] 3.3. Architecture-Driven Verification: Tackling The Complexity Of Modern Software [30] 3.4. Concurrent Software Reliability [31] 3.5. Automated Software Testing and Failure Recovery [33] 3.6. Privacy in the Digital World [34] 3.7. Fighting Cybercrime and Targeted Attacks [35] 3.8. Cryptography for Next Generation Cloud Computing [36] 3.9. Computer-Aided Cryptographic Proofs [37] 3.10. Model-Driven Data Security and Privacy Management [39] a n n u a l r e p o r t The research activities carried out by the IMDEA Software Institute address directly its core mission: to advance the scientific and technological foundations that will allow the 27 cost-efficient development of software characterized by sophisticated functionality and high quality, in terms of safety, reliability, and efficiency. We pursue our mission by focusing on three strategic areas, namely Program Analysis and Verification, Languages and Compilers, and Security and Privacy:

• Our research on Program Analysis and Verification advances the foundations and the a n n u a l r e p o r t tools that enable software engineers understand the key properties of the complex sys- tems they are building. Our results range from tools that automatically establish proofs of correctness and safety, which is paramount, for example, for avionics software, to tools that explore energy consumption profiles at design time, which is fundamental

for mobile and embedded devices. software

• Our research on Languages and Compilers provides software engineers with the means they need to describe their ideas in more concise and modular ways, and to generate correct and performant executables from these descriptions. Progress in this area has the potential to dramatically increase programmer productivity as well as maintain- ability and reusability of software.

• Our research on Security and Privacy delivers technology that enables computation, communication, and storage in untrusted and malicious enviroments, such as the Internet. Our results include novel cryptographic protocols as well as cutting-edge techniques for detecting and analyzing malicious activities and vulnerabilities in soft- ware, hardware, and network traffic.

The remainder of the chapter describes in more detail the key lines of research that are currently pursued by the scientists of IMDEA Software. 3.1. “Greener” Software: Verifying and Controlling Resource Consumption 28 Energy consumption and the environmental impact of computing technologies is a major worldwide concern. It is a significant issue in systems ranging from energy-hungry server farms to billions of frequently charged smartphones, tablets, smart watches, sensors, and portable/implantable medical devices. As a result of the huge growth in cloud computing, Internet traffic, high-performance computing, and distributed applications, current data a n n u a l r e p o r t centers consume very large amounts of energy, not only to process and transport data, but also for cooling. Energy consumption is also highly relevant in the context of the Internet of Things paradigm, where very large numbers of small autonomous devices (expected to reach about 50 billion by the year 2020), embedded in all kind of objects, in our clothes, or stuck to our bodies, will operate and intercommunicate continuously for long periods of

software time, such as years. Although there have been improvements in battery and energy harvest- ing technology, a significant reduction in the energy demands of such devices is needed to make the full Internet of Things vision come true and all its potential be exploited.

In spite of the recent rapid advances in power-efficient hardware, most of the potential energy savings are wasted by software that does not exploit these hardware energy-saving features and performs poor dynamic management of tasks and resources. To face this challenge, researchers at the IMDEA Software Institute have promoted energy efficiency to a first-class goal in software design, and developed techniques and tools that facilitate the production of “greener” devices, i.e., devices that make a certifiably more efficient use of their available energy and, in general, of resources (e.g., execution time or memory, as well as other user-defined resources like network accesses or transactions).

These state-of-the-art techniques and tools are implemented and integrated into the pio- neering CiaoPP system, which provides a general, sound, and practical framework (based on abstract interpretation) for predicting with high accuracy the resources consumed by a given piece of software, for debugging/certifying such consumption with respect to specifications, and for generating dynamic optimization strategies. The system is highly adaptable to different languages, hardware, and resources because it is built around a customizable static analyzer with a versatile assertion language. It can help programmers significantly reduce resource usage of programs, including their energy use and/or total execution time, resulting in significant improvements in battery life (e.g., in smart phones and other small devices), or reductions in electricity consumption (e.g., at data centers). 29

In close collaboration with industry, IMDEA’s energy-aware tools are integrated into their products, and tested on concrete industrial applications. In particular, a part of this research on “greener software” is being performed within the European project ENTRA (see Chapters 5 and 7). a n n u a l r e p o r t

3.2. Formal Verification of Cyber-Physical Systems

Modern computers are not standalone devices sitting on our desktops, but are increas- ingly seen embedded in everyday devices, systems, and structures such as smart phones, software buildings, medical devices, and automobiles. The drastic reduction in the cost of sensing, actuating, computing, and communication technology has enabled the proliferation of a new genre of engineered systems, referred to as Cyber-Physical Systems (CPS), in which networked embedded processors interact tightly with a physical environment to achieve global complex functionalities.

Cyber-physical systems will be a key enabling technology of the future in tackling soci- etal and economic challenges arising in areas such as manufacturing, communication, infrastructure, energy, health-care, and transportation. Hence, governments around the world, including those of the United States and the European Union, have established several funding initiatives to exploit this potential. Cyber-physical systems invariably appear in safety-critical domains—such as automotive, aerospace, and medical devices—, so ensuring reliable performance is of utmost importance. However, the state-of-the-art techniques fall short in guaranteeing correct behavior, as is evident from the recent epi- sodes of software recalls in the automotive and medical devices industries to fix bugs. Therefore, the grand research challenge is to build techniques for the development of high-confidence cyber-physical systems.

While formal methods have been successfully applied to the analysis of stand-alone hardware and software, CPS differ from traditional software in the tight interactions with the physical system it controls, and in that CPS run on one or more embedded processors which communicate with each other. Hence, CPS are hybrid systems that encompass both discrete and continuous behaviors owing to the digital components and the physical environments, respectively. The central scientific challenge in CPS formal verification lies in dealing with this unprecedented complexity arising due to the tight coupling of computation, control, and communication.

Researchers at the IMDEA Software Institute are actively involved in this exciting new area by focusing on the development of the state-of-the-art technology for verification of cyber- physical systems, particularly, in the early design phase, where reliability has a huge impact 30 on the development cost of the products. The research carried out at IMDEA Software addresses the scalability of current verification techniques by designing novel state-space reduction algorithms and tools. Given the inter-disciplinary nature of the area, this scientific endeavor is carried out in collaboration with experts in control theory, dynamical systems, and formal methods from several institutes and universities in the US and Europe. a n n u a l r e p o r t 3.3. Architecture-Driven Verification: Tackling the Complexity of Modern Software

While the modern information society critically relies on software systems, with some of its most vital processes controlled by software, at the same time software is notoriously

software unreliable. This is a consequence of a systemic problem, and, given the current trends in software development, in the future the cost and dependability problems will only be exacerbated. The growing dependence of modern society on software systems makes this situation unsustainable.

Software verification has the potential to resolve this problem: its goal is to ensure the correctness of software by proving that it satisfies a given property in all possible situ- ations. Formerly a purely theoretical area, since the year 2000 software verification has experienced a resurgence of interest from practitioners and is now emerging as a cutting-edge approach to improving software quality. Although there is much excitement in the verification area, there is still a huge distance to go before we will be able to verify pieces of software as complex as a modern operating system kernel. This is because the cost-benefit ratio of current verification technology is not good enough to scale it to major software systems. Software verification is currently good at dealing with programs that are either big, but simple, or complicated, but small. Unfortunately, modern software is both big and complicated. IMDEA Software Institute researchers are developing radically new verification methods aiming to overcome this problem. The hypothesis underlying this research line is that the main reason for the inadequacy of the existing verification approaches when dealing with complex software is their 31 generality. The techniques they suggest are based on generic principles that come from properties of programming languages, which allows applying such techniques to arbitrary programs. However, since they cannot take advantage of the particular ways in which programs are usually written in those languages, they require too much labor and do not scale to big and complicated systems. At the IMDEA Software Institute, we are developing methods and tools for cost-effective verification of real-world systems a n n u a l r e p o r t software by exploiting the way programmers write it: in practice, they stick to informally described patterns, idioms, abstractions and other forms of structure contained in their software, which are together called its architecture. IMDEA researchers harness this trend to develop verification methods and tools that are tailored to the architectures used in modern systems software. software

3.4. Concurrent Software Reliability

The importance of software reliability has dramatically increased due to the popularization of concurrent software, because concurrent software is notoriously difficult to develop, and therefore high-quality concurrent software is very costly to produce.

Even further, modern concurrent software is ubiquitous and brings novel challenges for two reasons. On one hand, modern software needs to optimize the use of new multi-core and multi-processor hardware. On the other hand, because many systems are increas- ingly distributed and must respond to humans in a timely manner. The distributed nature of modern software is both present at a small scale—for example inside our mobile phones—, or at internet scale, for example in social networks and planet-wide

Satellites have to be autonomous up to a certain degree. The programs running in their computers continuously monitor for deviations from their scheduled trajectories and take the appropriate decisions to correct them. 32 a n n u a l r e p o r t

information systems. Modern concurrent software differs from classical approaches to concurrent programming in crucial aspects, like the structure of the synchronization— where large blocks are avoided by using fine-grain or lock-free algorithms—or the use of software asynchronous programming primitives.

Testing or reasoning about modern concurrent systems requires considering a large number of simultaneous interactions between the constituent components. This state explosion undermines the effectivity of testing and leaves verification as a more appeal- ing technique for software reliability.

New verification methods are needed to face the challenges of reliability of modern concurrent software both for specifying and assessing the correctness of concurrent programs. First, formal verification requires a description of those aspects of the behavior of a given software system that are considered crucial. New specification languages must provide this description in a way that is humanly usable and computationally tractable. Second, even though automatic verification techniques are desirable because they do not require intervention and can be applied to existing software, it is a big challenge to design automatic techniques that scale to the size of realistic code bases. Alternatively, deductive techniques can handle sophisticated cases but at the cost of a higher human intervention. The challenge with deductive techniques is to increase their automation and reduce the expertise necessary to use them.

Researchers at the IMDEA Software Institute are involved in the pursuit of novel auto- matic and semi-automatic software verification techniques, and richer specification logics for concurrent and reactive software. These techniques are aimed at a wide range of aspects of modern concurrent software: asynchronous program verification, fine-grain and lock free algorithms, concurrent data-types, refinement of concurrent object-oriented programs and distributed data manipulation. Apart from building the foundations to reason rigorously about these aspects of modern concurrent software, this research line also involves the development of verification tools, for example for the analysis of asynchronous concurrent software and for the deductive verification of concurrent fine-grained data-types. 3.5. Automated Software Testing and Failure Recovery 33 In addition to being complex, modern software poses the additional challenge that its structure evolves and often deteriorates as it grows, and it is usually unfeasible to estimate during the development phase how external factors in the execution environment will impact its behavior. This leads to faults that are difficult to anticipate. It is necessary to detect as many of these faults as possible before releasing a software artifact. However, since the complete elimination of faults is not always possible or economically feasible, a n n u a l r e p o r t it is also useful to instantiate techniques that can mitigate the effects of previously undetected faults while the software system is running.

The predominant industrial approach to achieving software reliability is testing, in which a piece of software is exercised repeatedly trying to gain confidence that the software software behaves as intended. Software testing is typically embedded in the software development life cycle to expose faults before deployment. Testing is an alternative and complemen- tary approach to verification, which typically requires higher human expertise and is less automated. While it cannot cover all scenarios, testing is readily applicable both for small and large systems. Designing, implementing, and running tests, though, can still be very expensive. The cost of software quality assurance activities, in general, often exceeds half the overall cost of software development and maintenance. It is therefore essential to find the right balance between cost and effectiveness of quality assurance techniques.

Researchers at the IMDEA Software Institute work on designing testing techniques that are highly automated, and as a consequence cost effective. Such techniques can auto- matically identify test inputs that exercise the relevant features of a software artifact, can decide whether the execution of a test case matches the expected behavior, and can automatically evolve the produced test suites together with the evolution of the software artifact under development, thus limiting the costs of test case maintenance.

Despite the best efforts at developing effective testing and analysis techniques to detect as many faults as possible during the development phase, some faults still escape the quality control, and can ultimately affect the functionality of deployed systems. As a con- sequence, researchers at the IMDEA Software Institute have also been working on designing and implementing cost-effective techniques that make deployed applications more resil- ient to failures. Such techniques are intended to maintain a faulty application functional in the field while the developers work on more permanent fixes. 3.6. Privacy in the Digital World 34 The ever increasing data processing and storage capabilities enabled by technological advances open up tremendous opportunities for society, for the economy, and for indi- viduals. However, the collection of massive amounts of electronic data raises concerns regarding the revelation of information that not only results in privacy breaches buy may also impact people’s freedom, or create unbalance in power relations which in turn may a n n u a l r e p o r t damage our democratic society. A deep understanding of the implications for privacy of the explosion of, for instance, Big Data analytics, pervasive sensors (e.g., wearables or smartphones), or personalized services (e.g., personalized medicine) is needed in order to fully exploit the benefits of these technologies without harming the fundamental values of our society such as freedom, democracy, or equality. software

In this context it is essential to provide ICT system designers with means to consider privacy requirements, as well as with appropriate tools to analyze the privacy proper- ties achieved by their . However, we currently lack general methodologies that allow engineers to embed privacy-preserving mechanisms in ICT designs or that allow to test these mechanisms’ efficacy. Instead, privacy-preserving solutions are designed and evaluated in an ad-hoc manner, hindering comparison and integration in real-world systems. Furthermore, privacy is typically in conflict with other requirements such as functionality, performance, usability, or cost. Hence, it is necessary to identify means to design systems that meet such requirements and at the same time protect the privacy of their users to a sufficient degree.

Researchers at the IMDEA Software Institute are working on the next generation of tools to put into practice the “Privacy by Design” paradigm both from the design and evaluation points of view. On the design side the research performed at the Institute involves two aspects. First, researchers work towards the articulation of principles that allow designers and engineers to reason about privacy. Such principles ease the elicitation of privacy requirements, and guide the designer towards best choices of system architechture and state-of-the-art privacy-preserving technologies when building ICT systems that offer optimal trade-offs between privacy protection and other requirements. A second line of 35 research involves the design of privacy-preserving cryptographic primitives that enable the outsourcing of computations without revealing data in the clear, hence preserving privacy, and the integration of such novel primitives into end-to-end secure systems that achieve concrete functionalities.

With respect to the evaluation of privacy-preserving systems, the research performed at a n n u a l r e p o r t the Institute tackles mainly two challenges. On the one hand the development of mean- ingful measures and metrics that allow users and analysts to agree on what it means for privacy to be “sufficiently” protected, and on the other hand the development of tools and methods that allow to systematically analyze the privacy protection offered by ICT systems with respect to the developed metrics. software

Recent developments at the IMDEA Software Institute in these research directions include tools to study the information leaked by cache memories, a novel method to measure privacy in location-based applications, and a means to prove correctness of a computa- tion over a set of data to a third party without this party learning any information about these data.

3.7. Fighting Cybercrime and Targeted Attacks

Cyberattacks have become a huge challenge to developed societies. Two main threats dominate this environment: cybercrime and targeted attacks. Cybercriminals compro- mise large numbers of Internet-connected hosts, and develop ways for monetizing those compromised hosts and their users. They focus on economies of scale; for them, any compromised host has some, even if low, value. Even if the value of each target is low, their large number makes the profit worth. Compromised hosts are valued for the user data they hold or as assets. Those assets can be used (or bought and sold) to launch malicious activities such as sending spam, launching denial-of-service (DoS) attacks, mining virtual currencies (i.e., Bit- coins), faking user clicks on online advertisements (i.e., click-fraud), or simply as stepping stones to hide the attacker’s real location. Users of compromised hosts can be phished to steal their credentials and can be convinced to buy licenses of rogue software.

Targeted attacks differ from cybercrime in that they focus on high-value targets. Targeted attacks have become a focus of the security industry, which has coined a new term for them: Advanced Persistent Threats (APTs) that refers to highly determined, well-funded, cyber-attackers, who persistently target an individual, a group, or an infrastructure. High-value targets include politicians, journalists, activists, enterprises, and critical 36 infrastructures.

Two components are at the core of both cybercrime and targeted attacks. The first key component are malicious programs (i.e., malware) that the attacker installs on Internet- connected computers without the owner’s informed consent. Malware includes bots, viruses, RATs, trojans, rootkits, fake software, and spyware. Malware enables attackers a n n u a l r e p o r t to establish a permanent presence in a compromised computer and to leverage that computer for their nefarious goals. The second key component are malicious servers, geographically distributed across the Internet, which attackers use to control the malware (e.g., send instructions) and to collect data exfiltrated from the compromised hosts.

software Researchers at the IMDEA Software Institute are developing novel defenses against cybercrime and targeted attacks. They have launched the commercial CADENCE system for detecting targeted attacks. They have developed novel Internet-wide scanning tech- niques to detect malicious servers on the Internet. They have proposed deanonymization techniques for malicious servers that may run as hidden services in the Tor anonymity network. And, they have analyzed the abuse by malware and potentially unwanted pro- grams of the Windows code signing solution. This research is being performed in part within the MALICIA and CADENCE projects (see Chapter 5).

3.8. Cryptography for Next Generation Cloud Computing

Cloud computing is a fast-growing paradigm in which users lease computation resources from powerful service providers. Virtual machines, remote storage, email, web-content, databases are only some examples of services that are nowadays outsourced to the Cloud. This paradigm is very appealing to individuals and businesses due to its significant benefits: reduced IT costs, increased mobile productivity, convenient access to remote resources from multiple devices, different geographic locations, etc. The downside of cloud computing is that keeping a clear control over the data and the computations that are outsourced to the Cloud is becoming more dif- ficult. This new working scenario exposes users to faults and attacks that are out of the their control and can seriously threaten privacy and integrity of data and computa- tions delegated to the Cloud. As an example, if the cloud provider falls under an attack, this may cause the tampering or the leakage of sensitive users data (such as credit card information or medical records) with devastating consequences. 37

To address these issues, researchers at the IMDEA Software Institute are working on securing the next-generation cloud infrastructure in such a way that users will be able to outsource their data and computations to untrusted providers in a fully reliable man- ner. The main goal of this research is to protect cloud users with respect to privacy and integrity. For privacy, cloud providers should be able to perform the operations delegated a n n u a l r e p o r t by the users without learning any unauthorized information about the users data. Impor- tantly, such strong form of privacy also prevents any attacker that would penetrate into the Cloud system from learning the content of the data therein stored. For integrity, the key idea is to enable users to verify that cloud providers have indeed operated correctly

(for example, to check that the original data has not been modified without the user’s software authorization) without, however, spending too many resources to perform this check.

To achieve these goals, our research builds on cryptography – the science of develop- ing methods for protecting information and communication against misbehaving par- ties. While initially focused on encrypted communications in the military or diplomatic domain, modern cryptography has expanded considerably and already plays a central role in the Internet. To play a similar role in the Cloud, one must design new, advanced, cryptographic mechanisms that can address privacy and integrity in this new scenario. Homomorphic encryption, verifiable computation protocols, and zero-knowledge proofs are some examples of cryptographic primitives useful in this context.

Researchers at the IMDEA Software Institute are therefore investigating novel crypto- graphic techniques that can achieve these advanced functionalities so that users will be able to outsource data and computations to the Cloud, and at the same time not to risk for their privacy and integrity.

3.9. Computer-Aided Cryptographic Proofs

The goal of modern cryptography is to design efficient algorithms that simultaneously achieve some desired functionality and provable security against resource-bounded adver- saries. Over the years, the realm of cryptography has expanded from basic functionalities such as encryption, authentication and key agreement, to elaborate functionalities such as zero-knowledge protocols, secure multi-party computation, and more recently verifi- able computation. In many cases, these elaborate functionalities can only be achieved through cryptographic systems, in which several elementary constructions interact. As a consequence of the evolution towards more complex functionalities, cryptographic proofs have become significantly more involved, and more difficult to check. Several cryptog- raphers have therefore advocated the use of tool-supported frameworks for building and 38 a n n u a l r e p o r t software

verifying proofs; the most vivid recommendation for using computer support is elaborated in a farseeing article of Halevi that describes a potential approach for realizing this vision.

Besides increasing confidence in cryptographic proofs, tool-supported frameworks have the potential to address another prominent difficulty with provable security: because cryptographic proofs are very complex, it is common practice to reason about algorithmic descriptions of the cryptographic constructions, rather than about implementations. As a consequence, implementations of well-known and provably secure constructions are vulnerable to attacks, and regularly fail to provide their intended security guarantees. This uncomfortable gap between provable security and cryptographic engineering may be due to (i) the mismatch between the powerful but abstract adversary models consid- ered in proofs and “real-world” adversaries that may glean information about the secret data not only from the input and output to computations, but also from a host of side- channels (timing, power consumption or electromagnetic radiations...), and may even be able to interfere with the computation itself; (ii) the fact that the object on which the security proof is performed is not the object that is implemented in practice, either due to a developer’s (possibly malicious) mistake or even to an unjustified refinement when turning abstract algorithms into standard documents and recommendations. These points are the focus of the recent “real world” security approach to provable security, developed, most notably by Degabriele, Paterson, and Watson.

Researchers at IMDEA are actively working on developing foundations and proving tool support for building and verifying the security of cryptographic constructions. To date, they constructed several tools, ranging from general frameworks that can be applied to many classes of constructions to specialized frameworks which target a single class of constructions, or tool for automatically analyzing and synthesizing secure instances within well-defined classes of cryptographic constructions. 3.10. Model-Driven Data Security and Privacy Management 39 The derivation of code from models (model-driven software development) offers the advantage of automating the coding of at least certain parts of applications, an approach which can avoid the introduction of errors that is frequent in manual software produc- tion. IMDEA Software researchers are applying this methodology to the problem of semi-automatic development of data-management applications that have strict security

and privacy requirements. a n n u a l r e p o r t

Data-management systems are focused around so-called CRUD actions that create, read, update, and delete data from persistent storage. These actions are the building blocks for numerous applications, for example dynamic websites where users create accounts,

store and update information, and receive customized views based on their stored data. software When the data managed is sensitive, then security is a concern and the use of these actions must be controlled.

Researchers at the IMDEA Software Institute, in collaboration with ETH Zurich, have developed a novel model-driven methodology for developing secure data-management applications. System developers proceed by modeling three different views of the desired application: its data model, security model, and GUI model. These models formal- ize respectively the application’s data domain, authorization policy, and its graphical interface together with the application’s behavior. Afterwards a model-transformation function lifts the policy specified by the security model to the GUI model. This allows a separation of concerns where behavior and security are specified separately, and subse- quently combined to generate a security-aware GUI model. We have also implemented a toolkit, called ActionGUI, which performs the aforementioned model transformation and, from the resulting security-aware GUI model, generates a deployable application, along with all support for access control. In particular, when the security-aware GUI model contains only calls to execute CRUD actions, then ActionGUI will generate the

Model-driven development of security- 3-tier architecture ActionGUI: An example of a security aware GUIs. model (screenshot) complete implementation automatically. Since experience shows that it is easy to make 40 logical errors and omissions in the models, we have also developed tools for analyzing non-trivial properties of the data, security, and GUI source models, in a way that is mathematically rigorous and automated.

IMDEA Software researchers have also developed applications that provide evidence of the applicability of ActionGUI, including a web application for managing eHealth a n n u a l r e p o r t records. The access-control policy regulates, in particular, the access to the patients’ highly sensitive records.

Motivated by the increasing concerns of both users and regulators about privacy breaches in data-management applications, interest is now focused on extending

software ActionGUI to include privacy models as primary artifacts in the model-driven software development process. Although related to security modeling, privacy modeling dif- fers substantially as it requires modeling privacy-related notions that are not part of standard security modeling languages. In particular, it must deal with policies that enable users to define: (i) the data that shall be accessible only upon the user’s explicit consent; (ii) the specific purpose that shall be pursued when accessing the user’s sensitive data; and (iii) the specific circumstances that shall trigger an immediate privacy notification to the user. people

4.1. Faculty [44] 4.2. Postdoctoral Researchers [54] 4.3. Visiting Faculty [58] 4.4. Research Assistants [59] 4.5. Interns [63] 4.6. Project Staff and Technology Transfer [63] 4.7. Technical Support and Infrastructures Unit [65] 4.8. REDIMadrid Staff [65] 4.9. Management and Administration [66]

a n n u a l r e p o r t The IMDEA Software Institute strives towards the level 42 of excellence and competitiveness of the highest-ranked Junior Faculty institutions worldwide. Success in this goal can only be Postdocs 13% 16% achieved by recruiting highly-skilled personnel for the sci- entific teams and support staff. The Institute considers this Senior one of the key critical factors and measures of its success. Faculty Research 12% Assistants a n n u a l r e p o r t Competition for talent in Computer Science is extremely 33% high at the international level, since essentially all devel- oped countries have identified the tremendous impact that Interns IT has on the economy and the crucial competitive advan- 33% tage that attracting truly first class researchers entails.

software To meet this challenge, the Institute offers a world-class Figure 4.1. Type of position, all researchers. working environment that is competitive with similar insti- tutions in Europe and in the US and which combines the best aspects of a university department and a research laboratory. Europe Spain (except Spain) Hiring at the Institute follows internationally-standard 24% 47% open dissemination procedures with public, international calls for applications launched periodically. These calls are advertised in the appropriate scientific journals and at conferences in the area, as well as in the Institute web page and mailing lists. Appointments at (or promotion to) the Assistant Professor, Associate Professor, and Full Profes- sor levels (i.e., tenure-track hiring, tenure, and promotion North decisions) are approved by the Scientific Advisory Board. America 21% In addition to faculty positions, the Institute also has its own programs for visiting and staff researchers, post-docs, Figure 4.2. Where PhD was obtained (by continent + Spain). graduate scholarships, and internships. In all aspects related to human resources, the Institute follows the recommenda- tions of the European Charter for Researchers and a Code of Conduct for their Recruitment (http://ec.europa.eu/), which it has duly signed. Status Europe 43 Spain (except Spain) In 2015, the scientific staff of the Institute was composed 36% 41% of ten senior faculty (full or associate professors, one part- time), thirteen junior faculty (tenure-track or researchers), ten postdoctoral researchers, twenty six research assistants (PhD candidates), twelve project staff, three system support

staff, and five administrative support staff (three part-time). a n n u a l r e p o r t North Four senior faculty visitors and twenty one interns spent a America Asia variable length of time (from one month to a year) at the South America 11% 5% 7% Institute collaborating with faculty members. Figure 4.1 shows the proportions of each category at the end of 2015

Figure 4.3. Location of previous institution, all (by continent (where 28% were faculty members vs. 72% non-faculty). software + Spain). Figure 4.2 summarizes where these researchers obtained their PhD (by continents plus Spain), and Figure 4.3 shows the location where the Institute researchers were working previously to joining IMDEA. Finally, Figure 4.4 presents the

Europe nationalities of researchers at or above the postdoc level. Spain (except Spain) 38% 47%

Asia 6% North America 9%

Figure 4.4. Nationality of researchers at or above postdoc level (by continent + Spain). a n n u a l r e p o r t 44 software prize in Computer Science, and he National Aritmel the and nology and Information Science and Tech Mathematics in Prize National ish received the Julio Rey Pastor Span both in Austin, Texas, USA. He has Texas, of U. the of Department CS the at Prof. Assoc. Adjunct and center research MCC the at leader project been also has He USA. Mexico, New of U. the at nology Tech and Science Information in Chair Endowed Asturias of P. the held he the Institute Software IMDEA joining to Previously UPM. Science at the Tech. U. of Madrid, Computer of Prof. full a also is He Institute. Software IMDEA the of Director Scientific and Professor Full is he 2007 1, January Since 1986. in USA, Austin, at Texas of and Engineering from the University Ph.D. degreeinComputerScience Manuel Hermenegildo received his Scientific Director Research Professorand Manuel Hermenegildo cited Spanish authors in Computer ferences. He is also one of the most con of number large a of member PC and chair and journals, several international projects, area editor of and national many of investigator principal and/or coordinator been also has He areas. these in ences confer major in talks invited and keynotes numerous given has and monographs and papers scientific refereed 200 than more published has He others. among Dagstuhl, and INRIA of boards scientific the demia Europaea. He is a member of Aca the of member elected an is ------Science. He served as General General as served He Science. international duties. and national other among opment, Industrial and Technological Devel Research Council and the Center for Scientific Spanish the of directors nology (ISTAG), and of the board of advisory group in information tech of the European Union’s high-level member as well as Spain, in unit funding research the for Director architecture. computer parallel and sequential visualization; execution tools; tion documenta automatic machines; abstract implementation; and ory the programming logic/functional constraint/ compilers; parallelizing and parallelism evaluation; partial debugging; abstract interpretation; analysis, optimization, verification, cation, and control; global program functional property analysis, verifi non- / resource computing, aware His areas of interest include energy- Research Interests - - - - - is actively supervising another one. the supervision of three PhD completed thesis and has He project. regionalresearchanational, and a principal investigator of a European, the currently is and Excellence of Network European S-Cube the for investigator principal UPM’s was He level. European and national, regional, the at projects research and workshops, and participated in conferences international many of has been organizer and PC member He 2011. ICSOC and 2005 ICLP at awards paper best received and journals, and conferences national inter in papers 70 over published Madrid node of EIT Digital. He has er and Scientific Coordinator of the Informatics Europe and CLC Manag and ERCIM at Software IMDEA of SpaRCIM and deputy representative and is now representative of UPM at platforms, technological INES and representative of UPM at the NESSI ty of Madrid. He has previously been Professor at the Technical Universi Software Institute, and an Associate IMDEA the at Director Deputy and rently Associate Research Professor same University in 2003. He is cur (UPM), and his PhD degree from the TechnicalMadridUniversitytheof from Science Computer in degree Manuel Carro received his Bachelor and DeputyDirector Associate ResearchProfessor Manuel Carro alization ofprogram execution. of declarative languages, and visu ming and parallel implementations been interested in parallel program teaching programming. He has long mal specifications in the process of tures, and the effective usage of for for compilation on hybrid architec program transformation techniques of use the systems, service-based software production, the analysis of guages for improving the quality of constraint-based) programming lan and (logic- high-level of mentation imple and design the including topics, several span interests His Research Interests ------Portugal; Chalmers University, University, Chalmers Portugal; Minho, of University the at tions posi held also He France. ranée, Méditer Sophia-Antipolis INRIA at security and methods formal on team Everest the of head was he Institute in Software April 2008. Previously, IMDEA the joined He 2004. in France, Nice, of versity in Computer Science from the Uni Habilitation à diriger les recherches an and 1993, in UK, Manchester, Mathematics from the University of in Ph.D. a received Barthe Gilles Research Professor Gilles Barthe coordinator of the FP6 FET inte FET FP6 the of coordinator scientific the as served and jects, pro European and national many of investigator dinator/principal ITP, QEST and SAS. He has been coor FAST, ETAPS, ESORICS, at speaker CSF, including venues, numerous invited an was and 2013, PPoPP and 2011 CRYPTO at Awards Paper Best the awarded was He papers. scientific refereed 100 than more published has He Netherlands. Nijmegen, of versity Uni Netherlands; CWI, Sweden; ------

Computer Security. Security. Computer of Journal the of and Reasoning Automated of Journal the of board editorial the of member a is He RICS, FM, ICALP, LICS, and POPL. ing CCS, CSF, EUROCRYPT, ESO more than 70 conferences, includ of member PC a been and 2012, ESSOS and 2011 SEFM 2011, FAST 2011, ESOP 2010, VMCAI of (co-)chair PC as served has He (2005-2009). devices mobile on Java for code proof-carrying bling ena for Security” and Ubiquity grated project “MOBIUS: Mobility, Research Interests computations. structions and differentially private con cryptographic of security the the development of tools for proving on and privacy and cryptography computer-aided for foundations building on focused has research his IMDEA, joining Since ence. sci computer and mathematics of foundations and methods formal cryptography, security, and system software verification, gram pro and languages programming include interests research Gilles’ ------

a n n u a l r e p o r t 45 software a n n u a l r e p o r t 46 software activities over the past couple of of couple past the over research activities primary His systems. type and interpretation abstract semantics, language gramming pro concurrency, logics, program verification, and analysis program language-based computer security, in lie interests research Anindya’s Research Interests tation. Higher-Order and Symbolic Compu is an associate editor of the journal He 2001. in Foundation Science National US the of Award Career the of recipient a was He 2008. 2007– in Research Microsoft at Languages and Methodology group Programming the in Visiting a Researcher and 2007 in Center T. IBM group, in the Advanced Programming Tools Visitor Academic an was He USA. University, State Kansas at ences of Computing and Information Sci Professor Full was Anindya tion, posi this to prior Immediately in Professor. Full as 2009 February Institute Institute Software IMDEA the joined He Aarhus. of and subsequently at the University (LIX) of École Polytechnique, Paris d’Informatique Laboratoire the in was a postdoctoral researcher, first Anindya PhD, his After 1995. in from Kansas State University, USA, Anindya Banerjee received his PhD Research Professor Anindya Banerjee the InstituteatNSF. from leave on currently is Anindya programs. such of properties rity secu of verification in and grams pro pointer-based of properties of verification interactive and matic auto around centered have years

J.

Watson Research Research Watson ------tion. He served as Deputy Director Deputy as served He tion. Software Institute upon its founda IMDEA the joined and 1996 since Department Science Computer has been Full Professor at the UPM He (Germany). Aachen RWTH at developed a large part of his Ph.D. of U. He 1989. in Spain (UPM), Madrid Technical the from ence Sci Computer in degree Ph.D. his Juan José Moreno-Navarro received Industrial Relations Director forInternationaland Research Professorand Juan JoséMoreno-Navarro Relations Relations for IST, FP6 IST Commit program, in charge on International research ICT Spanish the for sible respon been has He SpaRCIM. of director founding the been has He CSIC, ISCIII, IDAE,etc.) Universidad.es, Ciemat, CENER- UIMP, (ANECA, dations foun several of board steering the Technology Council, and and member of Science Spanish the of and Council University Spanish the of secretary infrastructures, research involved in the setting up of several been has Agency), Evaluation ity Activ Researcher (Spain’s CNEAI of chairman been has he period this During 2008-2009). vation, tion (Ministry of Science and Inno Director for Planning and Coordina and Innovation, 2009) and General Science of (Ministry Development Technology Transfer and Enterprise for Director General 2009-2012), sity Policies (Ministry of Education, Univer for Director General as ing research and university policy, serv in involved actively been has He in theISTfield. conferences many in tutorials and committees, and given invited talks program in served organized, has He journals. and books, ferences, con international in papers 100 tions. Hehaspublishedmorethan of International and Industrial Rela up to 2008. Currently he is Director ------and coordinator of the Spanish Turing Year. Spanish the of coordinator and 2013, Informatics of Conference Spanish the of chair general ing, Engineer Software of Society ish Span the of chair is he Currently Science. and Education of istry Contact Point for the Spanish Min tee member, and Spanish National specially specification languages, languages, specification specially techniques, development ware soft includes This technologies. development software rigorous and declarative to related aspects all include interests research His Research Interests impact evaluationandanalysis. analysis, bibliometry, and research policy scientific in involved rently the language Curry. He is also cur committee involved in the design of international the of activities the in part took and BABEL language the of implementation and design logic programming.Hehasledthe and functional of integration include the also interests His tion. descrip services software and specifications), from gramming (pro code of generation automatic ------reviewed papers which have over over have which papers reviewed peer- 60 approximately published andProgram Manipulation. hasHe PLAN workshop on Partial Evaluation steering committee of the ACM SIG tionfor Logic Programming and the executive committee of the Associa the conferences, international 60 program committee of approximately Programming and has served on the journal Theory and Practice of Logic the for editor area an is He 2007. February since Institute Software IMDEA the at appointment dual a holds and Lab Experience plinary interdisci the and Systems ligent group Programming, Logic and Intel of Roskilde, Denmark in the research has been a professor at the University versity of Bristol, UK. Since 2002 he Uni the at lecturer senior later and lecturer a was he 2002 and 1990 Between Germany. Hamburg, in development in a software company and research in employed was he Belgium(1989). From 1984-1987 and Katholieke Universiteit Leuven, tute of Science, Israel (1987-1989) appointments at the Weizmann Insti Collegeity(1983-4), post-docand Trin in assistantship research a held He respectively. 1983 and from Trinity College Dublin in 1976 degrees Science)(Computer Ph.D. (Mathematicswith Philosophy) and B.A. the received Gallagher John time) Research Professor(part- John Gallagher tor of the EU FET project ENTRA. topics. He is the scientific coordina European research projects on these in and led a number of national and participated has and programs, of properties other and consumption energy of verification and analysis systems, and languages of lation emu semantics-based logics, poral tem verification, software systems, constraint logic programming, rewrite gram transformation and generation, pro on focus interests research His Research Interests 2000 citations. ------national Fellow at the Computer Computer the at Fellow national Inter an was he studies, doctoral his During 2011. April until 2008 from Software IMDEA of Director Deputy was He leave). (on Madrid de Complutense Universidad the at Professor Associate an as well as Institute, Software IMDEA the at Professor Research Associate versity in 1998. Currently, he is an uni same the from Ph.D. his and 1992, in Navarra de Universidad elor’s degree in Philosophy from the Bach his received Clavel Manuel Associate ResearchProfessor Manuel Clavel rem proving. theo and deduction, automated languages, specification include interests Related code-generation. tion, modelqualityassurance,and eling languages, model transforma ware development, including: mod soft model-driven tool-supported rigorous, on focuses research His Research Interests refereed scientificpapers. 40 over published has he then, Since University. Stanford at tion the Study of Language and Informa tion was published by the Center for (1995 - 1997). His Ph.D. disserta University Stanford of Department Science Computer the at Scholar tional (1994 - 1997) and a Visiting Science Laboratory of SRI Interna ------

a n n u a l r e p o r t 47 software a n n u a l r e p o r t 48 software are based on the applications of of applications the on based are interests research general César’s Research Interests and Europe. USA the in groups research with collaborations active keeps He ACM Frank Anger Memorial Award. César was Science. the recipient of the 2006 Computer Theoretical and Theory Software in cializing spe 2001, in Science Computer in M.Sc. a receiving USA, versity, Uni Stanford to moved he Caixa, La from Fellowship a by Funded 1998. in granted Spain, (UPM), the TechnicalUniversityofMadrid de Telecomunicación (MSEE) from Ingeniería in degree a holds César sor at the IMDEA Software Institute. he was promoted to Associate Profes Research(CSIC) in2009. In2013 Scientific for CouncilSpainish the He at Researcher Scientific a become 2008. in Institute Software IMDEA the joined César USA, Cruz, Santa at California of University the at post-doc a After algorithms. ing deadlock freedom in distributed guarantee for methods formal of applications the studies thesis His 2007. in USA, University, Stanford from Science Computer in degree Ph.D. a received Sánchez César Associate ResearchProfessor César Sánchez concurrent softwaresystems. to express rich properties of modern cation, and specification languages distributed systems, runtime verifi fication of concurrent datatypes and research includes the temporal veri foundational His systems. tributed dis and embedded concurrent, of verification and development the emphasisreactiveon systemswith for methods formal of use the is research of line main Cesar’s lar, particu In devices. computational of verification the and standing, under the development, the for theory automata and games logic, ------published in prestigious venues venues prestigious in published nal and nineteen conference papers jour seven including publications (UCLA). He is the author of over 30 University of California, Los Angeles did a nearly two year postdoc at the Pierre institute, the joining Before 2007. late obtained he that Genova, Italy of University the from and Belgium Brussels, of versity in Computer Science from the Uni 2009. He holds a joint PhD degree Fall the since Institute Software Pierre is a researcher at the IMDEA Associate ResearchProfessor Pierre Ganty of analysisalgorithms. implementation to down way the all results theoretical from range into patients. Pierre’s contributions instruments medical or roads, the on cars drive to how like decisions critical make to allowed are puters of practical importance when com a given property. This is a problem infinitely many states) comply with possibly (with system computing given a not or whether determine to program computer a by ability the is, that states, many infinitely with systems of analysis rithmic Pierre’s research is about the algo Research Interests ships since he joined the Institute. intern eleven supervised has and currently supervising one PhD thesis tion of parameterized systems. He is verifica the on (Paran’10) project and 2013 he led a Spanish national four hundredscitations. Between 2011 to close accumulating and ------Research Interests in 2010. 2004, and of Ramon y Cajal Award a recipient of Siebel Scholarship in Assistant Research Professor. He is an as Madrid in Institute Software in Cambridge, before joining IMDEA Research Microsoft and University Harvard at researcher postdoctoral a been has and University, Mellon in Computer Science from Carnegie PhD his obtained Nanevski Aleks Associate ResearchProfessor Aleks Nanevski time andmaintainability. development readability, gance, ele proof’s the on improve thus and structure, more with proofs mathematical formal provide that should be replaced with better ones abstractions Such etc. currency, con flow, information pointers, with programs about reasoning for logics existing the of abstractions linguistic harmful arguably but programming, to identify often used structured of philosophy the on builds proving Structured proving. structured of idea the developing on been has focus recent His program correctnessinparticular. of and general, in mathematics in tate the construction of formal proofs facili to methodology programming cifically, he is interested in applying spe More verification. software for logics and languages gramming pro of implementation and design the in is interest research Aleks’ - - - - - Research Interests sity ofTrento,Italyintheprocess. ty, Ukraine, interning at the Univer Universi National Dnepropetrovsk at Mathematics Applied in studies master and undergraduate his did ber 2010. Prior to his Ph.D., Alexey Septem in IMDEA joining before a postdoctoral fellow at Cambridge was Alexey (EAPLS). Systems and ciation for Programming Languages tation Award of the European Asso Ph.D. thesis received a Best Disser and His USA. UK Labs, Berkeley Cadence Cambridge, Research Microsoft at interned Alexey ies, stud Ph.D. his During in 2009. UK Cambridge, of University from Science Computer in degree Alexey Gotsman received his Ph.D. Assistant ResearchProfessor Alexey Gotsman software. distributed and concurrent correct developing for tools and methods models, programming developing in are interests research Alexey’s ------Boris Köpf degrees ofsecurity. potentials while retaining adequate tools to tap unexplored practical performance with engineers provide to is work his of goal The systems. software in tradeoffs performance niques for reasoning about security/ Boris is working on principled tech Research Interests Ramón yCajalfellowship. a holds and Foundation Academic an alumnus of the German is National He M.Sc. a received he which from Konstanz, of University the and Campinas, de Federal sidade Univer the Chile, de Universidad that, he studied mathematics at the Before Systems. Software for tute Insti Planck Max the at postdoc a group of ETH Zurich and working as a Ph.D. in the Information Security completing after 2010 in Institute Software IMDEA the joined Boris Assistant ResearchProfessor - - - Juan Caballero and howtobuildsecuresoftware. forensics, network and computer security, to applications learning machine ecosystem, cybercrime the investigates also He malware. analyzing for and programs benign in vulnerabilities finding for them applies and binaries program on directly work that techniques ysis networks. He designs program anal and software, systems, in issues security including security, puter com on focuses research Juan’s Research Interests sity ofMadrid(UPM),Spain. Univer Technical the from degree Engineer Telecommunications a of Technology (KTH), Sweden, and Institute Royal the from neering Engi Electrical in M.Sc. a holds graduate studies in 2003. Juan also awarded the La Caixa fellowship for nia, Berkeley for two years. He was Califor of University at researcher student graduate visiting a was the IMDEA Software Institute, Juan joining to Prior USA. University, Mellon Carnegie from Engineering Computer and Electrical in degree Ph.D his receiving after 2010, November in Professor Research Assistant an as Institute Software IMDEA the joined Caballero Juan Assistant ResearchProfessor - - - - -

a n n u a l r e p o r t 49 software a n n u a l r e p o r t 50 software ods, hybrid dynamical systems systems dynamical hybrid ods, meth formal of intersection the at ical systems (CPS). Her research is in the formal analysis of cyber-phys Pavithra’s main research interest is Research Interests EU FP7program. the from Grant Integration Career She has also received a Marie Curie award. paper best mention orable Conference 2012 received an hon Systems: Computation and Control thesis. Her paper at the ACM Hybrid tute of Science for the best master’s Swamy medal from M.N.S the Indian Insti and Illinois of University the from fellowship Abbasi Sara and Sohaib the of recipient the is leave of absence from IMDEA. She on fellow Information) of ematics Math for (Center CMI a as nology Tech of Institute California the at spent the year between 2011-2012 and 2011, of since Software IMDEA faculty the on been has She India. in Warangal, Technology, of Institute National the from degree Science, Bangalore and a bachelors of Institute Indian the from ence a masters degree in Computer Sci has She Mathematics. Applied in masters a obtained also she where from 2011, in Urbana-Champaign at Illinois of University the from Science Computer in doctorate her obtained Prabhakar Pavithra Assistant ResearchProfessor Pavithra Prabhakar analysis ofCPS. for tools software building involves dational and practical aspects, and Her research focuses on both foun CPS. of synthesis and verification automated for methods scalable developing at aims research Her aeronautics. and robotics in tions applica with theory control and ------sity (USA). Univer York New the and center research Watson T.J. IBM the at PhD, he was also a visiting student his During (France). Supérieure Normale École and (USA), versity Uni York New (Germany), tems Sys Software for Institute Planck Max at positions postdoctoral held Institute in November 2013, Dario Prior to joining the IMDEA Software 2010. in Italy Catania, of versity Uni the from Science Computer in degree Ph.D. his received Dario Assistant ResearchProfessor Dario Fiore and foundationsofcryptography. encryption, homomorphic tems, sys proof zero-knowledge ticators, to the Cloud, homomorphic authen delegation of data and computation topics heworksoninclude:secure tions. More specifically, some of the applica computing Cloud to rity novel paradigms that provide secu developing on emphasis particular has work recent his and protocols, cryptographic provably-secure ing His research focuses mainly on design Security. and Cryptography in are interests research Dario’s Research Interests ------Fritz Kutter Award for the best best the for Award Kutter Fritz the received she which for work a failures, field from applications Web recover to technique healing self- a Workarounds, Automatic of notion the developed and defined she thesis Ph.D. her In 2011. in Switzerland Lugano, in Italiana Svizzera della Università the at ics informat in Ph.D. her completed sity of Milano-Bicocca in Italy. She computer science from the Univer her Bachelor’s and Master’s received degrees in Gorla Alessandra Assistant ResearchProfessor Alessandra Gorla detection formobileapplications. malware in interested also is She systems. software of security and techniques to improve the reliability analysis in and testing on particular and engineering, software in Alessandra’s research interests are Research Interests in MountainView. been a visiting researcher at Google also has she postdoc, her During Germany. in University Saarland at group engineering software the in researcher postdoctoral a was she 2014, December in Institute Before joining the IMDEA Software Switzerland. in science computer in thesis Ph.D. industry-related - - deputy director of the Artificial Artificial the of director deputy was and UPM at positions fessor pro assistant and associate held he position, this to prior diately Imme Institute. Software IMDEA the joined and (CSIC) Research Scientific for Council Spanish the at position Researcher Scientific a obtained he 2008 28, May In respectively. 2000, and 1994 in Spain (UPM), Madrid of versity Uni Technical the from Science Computer in Ph.D. a and degree MS a received López-García Pedro Researcher Pedro López-García constraint andlogicprogramming. automata; tree unit-testing; and verification static/dynamic bined com computing; distributed and parallel for analysis/control larity abstract granu (automatic) interpretation; debugging; formance per determinism; and non-failure execution time, user defined, etc.), ties such as resource usage (energy, proper program non-functional of automatic analysis and verification energy-aware software engineering; include interest of areas main His Research Interests national, and international projects. a researcher in many other regional, as participated also has He ency.” Transpar Energy “Whole-Systems ENTRA project FET FP7 European principal the of institute the at the investigator currently is and ASSurance,” Product-based ware project ES_PASS “Embedded Soft European the of coordinator local impact. He served as the scientific es and journals of high or very high papers, many of them at conferenc lished about54refereedscientific pub has He Department. Science Computer the at unit Intelligence ------Michael Emmi analysis tools. effective building and problems, analysis intractable for mations analysis, devising tractable approxi ing the theoretical limits of program his contributions include establish languages, and distributed systems, ning automata theory, programming span communities research eral sev from knowledge with trends technological Integrating tools. analysis program informative and effective programming abstractions for foundations the developing by software reliable of the construction enables research Michael’s Research Interests Center, andIBM. Research Ames NASA Research, Microsoft at internships held has and Diderot, Paris Université and UCLA at courses undergraduate for assistant teaching a been has Binghamton University (SUNY). He pleted his undergraduate studies at Paris. Prior to all that, Michael com dation Sciences Mathématiques de Fon La by awarded Diderot Paris postdoc fellowship at the Université ware Institute in 2013, following a Soft IMDEA the joined and 2010 in in UCLA from Science Ph.D. Computer his received Michael Researcher ------

a n n u a l r e p o r t 51 software a n n u a l r e p o r t 52 software the Coqproofassistant. of extension an CoqMT, of author counter-measures, and is the main study of formal the mathematics, of zation He is also interested in the formali which he is one of the main authors. of code, adversarial with putations com probabilistic of properties al toolset for reasoning about relation is currently focused on EasyCrypt, a He programming. web secure and typing, via verification program proofs, mathematical and rithms algo cryptographic of certification tants and their related type theory, interests assis proof proofs, formal include research Pierre-Yves Research Interests jing, China. Bei in institute LIAMA the at and France Paris, in Lab Joint INRIA Microsoft- the at position doctoral ware Institute in 2013, after a post- Soft IMDEA the joined He 2008. in France, Polytechnique, École from Science his Computer in Ph.D. received Strub Pierre-Yves Researcher Pierre-Yves Strub Differential Power Analysis ------

of abstractmachines. cation and automated construction ment of abstractions for the specifi develop the and properties, those using code low-level to translation highly-optimizing interpretation, abstract by properties program of inference programs: logic of tion mechanisms for the efficient execu Jose’s work to date has focused on starting in2005. Madrid, de Complutense versidad Uni the at position assistant ing Spain. Previously, he held a teach (UPM), Madrid of University nical Tech the from Science Computer in degree Ph.D his receiving after 2011, November in researcher al postdoctor a as Institute Software IMDEA the joined Morales F. Jose Researcher José FranciscoMorales code generation. compiler optimizations,andnative machines, abstract interpretation, abstract systems, type and guages ented programming), assertion lan object-ori and functional, logic, imperative, (combining languages interests include the design research of multiparadigm current His Research Interests ------Benedikt Schmidt models usedincryptography. attacker computational standard the to respect with guarantees provide and protocols, tographic cryptographic primitives, and cryp assumptions, cryptographic with (or even fully) automated, can deal mostly are methods these Namely, models. computational and bolic sym of advantages the combine that methods on working is and the computational model of attacks to focus his extended has he then, fully automated approaches. Since and approaches machine-checked interactive including protocols rity secu of analysis symbolic the on focused has work his PhD, his During systems. cryptographic ing analyz to application their in and rewriting and verification, gram pro proving, theorem of areas the in interested broadly is Benedikt Research Interests of DavidBasin. supervision the under Zurich, ETH from Science Computer in degree Ph.D. his received He 2013. ary a as Febru in researcher postdoctoral Institute the Software joined IMDEA Schmidt Benedikt Researcher ------of programs. security the to paradigm real/ideal cation of theoretical cryptography’s appli the researching is she And protocols. cryptographic information retrieval private of security the prove to EasyCrypt using also is She standard. algorithm hash secure SHA-3 NIST’s of security she is formalizing in EasyCrypt the puter-Assisted Cryptography Group, With Com IMDEA’s of members other security. cyber to guages lan programming and formal methods applies research Alley’s Research Interests Group in2015. Cryptography Computer-Assisted cyber security. She joined IMDEA’s ods and programming languages to meth formal of application the on of MIT Lincoln Laboratory, focusing was a member of the technical staff theory. From 2012 until 2015, she experimenting with formal language for toolset open-source an Forlan, implemented and designed she K-State, at While programming. functional include to research her expanded she where professor, associate an as University State Kansas joined she 1993, In tools. logic-based implementing in est inter an developed she where sex, Sus of University the at lecturer a then and fellow research a was she 1993, until 1986 From tics. for seman language programming problem abstraction” “full the on was research doctoral Her the 1987. in Edinburgh from of University science computer in PhD her received Stoughton Alley Researcher Alley Stoughton ------internship at Microsoft Research’s Research’s Microsoft at internship three-month a including groups, visitor at many well-known security research a was Carmela PhD her During Award. Thesis Ph.D. Best Management Trust and Security WG ERCIM the received Diaz, dia Clau Prof. and Preneel Bart Prof. by advised Technologies”, Privacy for methods Analysis and “Design thesis Her Group. COSIC the at student a was she where 2011, in Leuven KU in the from Ph.D. Engineering her received Carmela Researcher Carmela Troncoso sharing ofgeneticdata. safe enable to solutions finding in and privacy, genomic in interested very become has she Recently, to. infer from data she may have access can adversary an that information private the quantify systematically to techniques develop to how and privacy guarantees in their designs; strong embedding to engineers how help and systems preserving privacy- build to how aspects: two mainly tackles work Her research. privacy is interest main Carmela’s Research Interests Software InstituteasResearcher. IMDEA the joins Carmela 2015 secure communications. In October vehicle-to-cloud on patent one ing fil companies, international and private practical solutions with local and secure on worked Carmela ant Gradi At Lead. Technical Privacy where she became the Security and Telecommunications, Advanced in Center R&D Galician the Gradiant, of post-doc at KULeuven she joined year a After UK. Cambridge, in lab - - -

a n n u a l r e p o r t 53 software a n n u a l r e p o r t 54 software postdoctoral trical Engineer degree from the Fac Zorana Bankovic´ obtained her Elec Postdoctoral researcher Zorana Bankovic´ osmto i cmue sys computer in consumption energy of modeling and analysis program advanced using opment devel software “energy-aware” in are interests research current Her Research Interests Emerging Technologies(FET). 7th Framework Program Future and research project, funded by the EU ENTRA to related been mainly has research her 2012, October in Software IMDEA joining After each stateofadatacenter. applying optimization techniques to allows that system, reputation a of and allocation, as well as the design ning, dynamic resource scheduling in data centers, such as floor plan optimizations thermal–aware and detection anomaly networks, sor sen wireless for solutions security energy-efficient included interests During that time her main research publications. journal 10 and authored projects, development and She has participated in 11 research UPM. at Engineering Electronic of was a researcher at the Department Before joining IMDEA Software, she ecommunications School that year. as one of the four best theses of Tel award special UPM the given was dissertation Her 2011. in (UPM) Madrid de Politécnica Universidad 2005 and her Ph.D. degree from in the (Serbia) Belgrade of University ulty of Electrical Engineering at the ------of energy consumption early in the tems, aimed at making predictions improving resourceconsumption. at aim which stages optimization that provide necessary input to the analyses static of identification as (compiler, OS, algorithms), as well levels software all at techniques development of energy and optimization research includes work na’s usage of hardware resources. Zora greener IT through energy-efficient of development the enabling fore there and phase, design software - - to break the security of the system. capabilities abstraction-breaking their exploiting from adversaries lower-level prevent that niques tech compilation developing by and compilation, by preserved are properties security strong that ing be made ‘security aware’, by ensur can compilation how of study the is interest particular Of systems. cryptographic the of execution the side-channels or injecting faults in observing by example for tions, adversaries that strong may break of abstrac presence in protocols and schemes of implementations low-level on results security and correctness strong obtaining on world systems, especially focusing graphic security properties of real- crypto about reasoning formally for methods on working currently is theorem He cryptography. and proving verification, program in interested broadly is François Research Interests tion. implementa reference TPM’s the cryptographic security properties of fier for C, and applied it to proving veri general-purpose VCC the of he participated in the development and Cambridge. During those stays, at Microsoft Research in Redmond and Center, Innovation Microsoft European the at internships to him led and scholarship, Ph.D. Research Microsoft a by funded partially were studies Ph.D. His Jan Jürjens, and Bashar Nuseibeh. Gordon, Andy of supervision the under (U.K.) University Open the at Science Computer in Ph.D. his defended successfully He 2013. a as postdoctoral researcher in February Institute Software the IMDEA joined Dupressoir François Postdoctoral researcher François Dupressoir ------group at Microsoft Research Cam Research Microsoft at group ToolsProgramming Principlesand Danvy, and a research intern in the versity (Denmark), hosted by Olivier of Computer Science of Aarhus Uni ing Ph.D. fellow at the Department visit a was he studies doctoral his During 2012. November in Clarke gium) under the supervision of Dave puter Science from KU Leuven (Bel Com in degree Ph.D. his received DecemberHeresearcher 2012.in postdoctoral a as Institute ware Ilya Sergey joined the IMDEA Soft Postdoctoral researcher Ilya Sergey higher-order concurrentprograms. cation and checking of properties of a type-theoretic approach to specifi developing techniques, verification on Banerjee Anindya and Nanevski Aleks with at working is Ilya IMDEA, researcher a As verification. and programming computer-aided for tools improved of development mind: in goal concrete a with tion construc software of principles of understanding increase to is sion mis His verification. and analysis program for methodologies able manage intellectually and robust, interested in the design of scalable, mostly is Ilya venues. other many and ICFP, ESOP, POPL, PLDI, at papers published has He tion. implementa and design guages lan programming the of area the in dwell interests research Ilya’s Research Interests Peyton Jones. Simon by supervised (UK), bridge ------study properties of complex and and complex of properties study to methods, analysis program ing correspond the as well as ming, program and modeling constraint and logic employing on centrated con mainly studies doctoral His (UPM). Madrid of University nical Tech the from Science Computer in PhD and Hercegovina, and nia Bos Sarajevo, of University from Science and Electrical Engineering Computer in degrees M.Sc. and Dragan Ivanovic´ received his B.Sc. Software, IMDEA joining Before Postdoctoral researcher Dragan Ivanovic´ other non-functionalproperties. and performance their of terms in compositions, service of behavior probabilistic of study and tems, sys provision cloud of modeling His other interests include dynamic cloud. via provided compositions service as such systems, software lyze properties of complex adaptive ming techniques to model and ana tional logic and constraint program currently related are to using computa interests research main His Research Interests paper awardatICSOC2011. best the received He systems. ing comput oriented service adaptive ------

a n n u a l r e p o r t 55 software a n n u a l r e p o r t 56 software tic andprobabilistic behavior. systems with both non-determinis distributed for preorders testing ability for multithreaded programs, linearis including spectrum, wide of computation. These range over a ries in different concurrent models theo behavioral of understanding the in interested also is He bases. data geo-replicated of formances of per the boosting for techniques development the as well as mechanisms, control concurrency of verification formal the include these applications; practical to theory a such of applications the as well as databases, and distributed geo-replicated modern ing of underly theory mathematical the understanding the concerns research of line main Andrea’s Research Interests distributed database systems. mathematical foundations of modern programs, as well as investigating the niquesforhigher order, concurrent tech verification formal developing started also he where software, rent concur order, higher verifying for to the development of proof methods 2013, his research focuses switched as a postdoctoral researcher in June joined the IMDEA Software Institute probabilistic distributed systems. He emphasiswirelessto networks and distributed systems, with a particular algebrasandbehavioral theories to process of applications on focused work his Ph.D. his During Dublin. November 2012, from Trinity College Andrea Cerone obtained his Ph.D. in Postdoctoral researcher Andrea Cerone ------heterogeneous platforms. programming efficiently of plexity com the tackling for programs of transformation automatic on work applying his previous experience to is he Institute Software IMDEA Now at platforms. embedded and HPC like architectures computer heterogeneous of exploitation the for parallelization code and tion optimiza meta-heuristic like: areas different with related were interests research his past the In Research Interests in patientspecificdiagnosis. tro-mechanical models for assisting elec cardiac human of mentation imple GPU first the developed he KCL at stay his During problems. different scientific and engineering of computer for teams he worked within multidisciplinary where Institute Materials IMDEA and (KCL) London College King’s medical Engineering Department of a as postdoctoral researcher at the Bio worked he IMDEA joining supervision of Thierry Priol. Before Group at INRIA-Rennes, Middleware under the and Systems uted Distrib the like groups research and institutions European ferent dif at internships several did he PhD his During (Spain). Valencia of University from Science puter Com in degree PhD his received researcher inNovember2013.He Software Institute as a postdoctoral IMDEA joined Vigueras Guillermo Postdoctoral researcher Guillermo Vigueras ------Rémy prepared is Ph.D. in Comput Postdoctoral researcher Rémy Haemmerlé guages. analysis, as it applies to logical lan interested in compilation and static also is He language. this of ness complete about logical and confluence results several improved language. In particular he recently rules-based high-level a Rules) cifically CHR (Constraint Handling spe more and constraints, with languages programming logical of properties formal the in studying interested primarily is Rémy Research Interests Technical UniversityofMadrid. after a post-doctoral position at the IMDEA Software institute in the 2014, joined He 2008. January in Diderot Paris Université the from degree his received and France er Science at INRIA Rocquencourt, - - - - Giovanni obtained a BSc and and BSc a obtained Giovanni Postdoctoral researcher Giovanni Bernardi robustness criteriaforthem. on and databases, distributed for levels consistency weak of dations Software he is working on the foun IMDEA At types. these for duality of notions existing the questioned and types, session for subtyping standard the of explanation tic constructed a fully-abstract seman he work subsequent In types. sion ing Systems, and higher-order ses tings, the Calculus of Communicat for clients and peers within two set equivalences behavioural of series a unravels thesis PhD His rency. concur for systems type in and software, concurrent for guages lan programming of semantics denotational and chiefly operational in interested is Giovanni Research Interests he arrivedatIMDEASoftware. one at the Universidade de Lisboa, short a and Dublin, in one Docs, Post two after and Dublin, lege obtained the PhD from Trinity Col Giovanni Leiden. of University the one year studying bioinformatics spent at he master his During ice. Ven of University the Ca’Foscari, from science computer in MSc ------on parametrizedsystems. programs, with a special emphasis tion of rich properties in concurrent capable of dealing with the verifica procedures decision and theories techniques, verification deductive innovative of implementation and development formalization, in the interested particularly is He based data structures in the heap. pointer- manipulate dynamically liveness on concurrent systems that and safety of properties of temporal verification formal the is est inter research main Alejandro’s Research Interests of Madrid. ence from the Technical University obtained his PhD in Computer Sci he 2015, September in more recently, and Madrid of University Complutense the from Technology MSc in Programming and Software Student. In 2011, he obtained his PhD a as later and intern research a as first 2009, in Institute ware Soft IMDEA the joined Alejandro University of Córdoba in Argentina, National the from Science puter Com in BSc his obtaining After Postdoctoral researcher Alejandro Sanchez - - - - - nica de Madrid, where he lectured Politéc Universidad Informáticos, he was an Assistant Professor at ETSI 2015 to 2010 From house. Back C. Roland Professor was supervisor thesis His Technology. Computer Science and Information of School the from studentship a Kingdom, where he was funded by United the Nottingham, of University from Science Computer in PhD a holds He 2015. November mid in Institute the Software IMDEA joined has Nogueira Pablo Postdoctoral researcher Pablo Nogueira concurrent datastructures. fine-grained for abstraction and Sanchez in program transformation Associate Research Professor César with working also is He formation. lambda calculi and program trans His latest work has focused around calculi. lambda and semantics, al program transformation, operation by optimisation and verification unification, and algebra relational debugging, proof-directed theory, category and types data abstract as generic functional programming, such topics varied on worked has implementations, and tools. Pablo applications, foundations, their ming and programming languages, the theory and practice of program His research interest at large is on Research Interests in Spain and the United Kingdom. positions and research fellowships post-doctoral held he that, Before Programming. Functional and Structures Data and Algorithms as such courses postgraduate and graduate several coordinated and - - - - -

a n n u a l r e p o r t 57 software a n n u a l r e p o r t 58 software Sep. 2014–Jan.2015 Visiting during University ofWashington,USA Visiting Professor Michael Ernst

Oct. 2014–Sep.2015 Visiting during University ofVerona,Italy Visiting Professor Roberto Giacobazzi

Apr. 2015–Jul. Visiting during University ofBristol,UK Visiting Professor Bogdan Warinschi

Sep. 2015–Jun.2016 Visiting during University ofWisconsin,USA Visiting Professor Somesh Jha

software systems. of validation and modeling ported sup tool rigorous security; and engineering, software verification, Research: de Madrid(UCM),Spain Degree: Research Assistant Miguel AngelGarcíadeDios Universidad Complutense Complutense Universidad Formal specification and - graduate programs,andalsoatUniversidadComplutensedeMadrid(UCM). UniversityofMadrid (UPM), with whom theInstitute collaborates inthedevelopment of agreements with. Many of our Research Assistants obtain their degrees from the researcher,Technical and they undertake their Ph.D.senior or at junior a one of of supervision the the Universities under lines thatresearch theInstitute’s the Institute of one has within Research Assistants hold full scholarships or contracts at the Institute, performing research gramming languages;semantics. pro functional computing; tum tion toprogram verification; quan interpreta abstract and methods Research: Rosario (UNR),Argentina Degree: Research Assistant Julian Samborski-Forlese Universidad Nacional de de Nacional Universidad Applications of formal formal of Applications - - - software systems. reliable and secure validating and building modeling, for techniques and tools on working particular, In security. and methods formal Research: Córdoba (UNC),Argentina Degree: Research Assistant Carolina InésDania Universidad Nacional de de Nacional Universidad Software engineering, engineering, Software computational effects perspective. a from coroutines, and currency con fork/join continuations, e.g., with unstructured stateful features rectness of, higher-order programs soning about, and proving the cor rea at aimed theories ently-typed depend new of implementation and design the on lately focused Research: Rosario (UNR),Argentina Degree: Research Assistant Germán AndrésDelbianco Universidad Nacional de de Nacional Universidad Germán’s research has has research Germán’s - - - -

a n n u a l r e p o r t 59 software a n n u a l r e p o r t 60 software and malicious infrastructures detection. infrastructures malicious and deployment patch vulnerability cybercrime: of aspects damental Research: Milano, Italy Degree: Research Assistant Antonio Nappa ics (PDEs,dynamicalsystems). hybrid systems; applied mathemat techniques; model-checking on Research: Hamburg of University and L’Aquila of sity Univer Engineering, in Modeling Degree: Research Assistant Miriam García Università degli Studi di di Studi degli Università MSc in Mathematical Mathematical in MSc Stability analysis based analysis Stability Investigating two fun two Investigating - - - off precision/performance/energy. analysis and optimizations trading- multi-language for framework sis analy transformation-based ing, to Energy-aware software engineer applications its and etc.) energy, program properties (execution time, non-functional of verification and Research: sity of Technology (TUD), Germany Madrid (UPM) and Dresden Univer Degree: Research Assistant Umer Liqat specification, program instrumen program specification, program for use and design their Research: Madrid (UPM),Spain of University Technical ligence, Degree: Research Assistant Nataliia Stulova Programming. Logic (Constraint) to Applications analyses. program dynamic and static of Combination debugging. and verification software run-time Assertion-based documentation. code source automatic and tation Technical University of University Technical MSc in Artificial Intel Artificial in MSc Static resource analysisresource Static Assertion languages, languages, Assertion - - - - - Research: versity, Germany Degree: Research Assistant Goran Doychev attacks. Favorite application: Side-channel op economically justified defenses. devel to them using and systems, computer for guarantees security TRAnsparency” (ENTRA). ENergy “Whole-Systems project FP7 the on working is He cutions. exe program (concurrent) about information consumption energy inferring for analysis static based Research: del Comahue(UNCo),Argentina Degree: Research Assistant Maximiliano Klemen M.Sc. from Saarland Uni Saarland from M.Sc. BS, Universidad Nacional Nacional Universidad BS, Abstract interpretation- Abstract Obtaining quantitative quantitative Obtaining - - - Research: Madrid (UPM),Spain Degree: Research Assistant Artem Khyzha non-blocking algorithms. as such memory shared a on ating grained concurrent programs oper fine- of linearisability proving for compositional reasoning technique gramming languages featuring constraints andtabling. featuring languages gramming pro logic including languages, programming advanced of tation Research: Madrid (UPM),Spain Degree: Research Assistant Joaquín Arias Technical University of University Technical Technical University of of University Technical Developing a generalized Design and implemen and Design - - - Binary Analysis,WebSecurity. Research: Islamabad, Pakistan (NUST), Technology and ences Degree: Research Assistant Irfan UlHaq tional verification. composi in analysis reachability of application system, dynamical linear non parameter, uncertain with system dynamical linear of Research: Kolkata, India Degree: Research Assistant Ratan Lal Indian Statistical institute, National University of Sci Reachability analysis analysis Reachability Malware Unpacking, Unpacking, Malware - - security, homomorphic signatures. computing cloud to applications Research: Bicocca, Italy Milano- di Studi degli Università Degree: Research Assistant Luca Nizzardo shared resources. concurrent programming based on methodologies, model-driven tion, verifica and specification ware soft programming, concurrent to Research: (UNRC), Argentina Universidad Nacional de Río Cuarto Degree: Research Assistant Raul Alborodo BS in computer Science, Science, computer in BS M.Sc. in Mathematics, Mathematics, in M.Sc.

Formal methods applied Cryptography and its its and Cryptography - - Research: tia Degree: Research Assistant Damir Valput transducers, andverification. processing, signal languages, mal for in problems solving to theory cybercrime. security, network analysis, ware Research: Piraeus, Greece. of University security Degree: Research Assistant Platon Kotzkias University of Zagreb, Croa M.Sc in Digital Systems Systems Digital in M.Sc Applications of automata System security, mal security, System - - - Research: de Madrid(UCM),Spain Degree: Research Assistant Miguel Ambrona Signature schemes. Preserving Structure on emphasis particular with proofs tographic of malware analysis environments. rity, development and optimization secu to applied learning machine cybercrime, classification, and Research: (UPM), Spain. Madrid of University Technical dor. MSc in Software and Systems, Ecua Nacional(EPN), Politécnica Escuela Computing, and Systems Degree: Research Assistant Richard Rivera

Engineering in Information Universidad Complutense Complutense Universidad Computer-aided cryp Computer-aided Malware analysis analysis Malware - - -

a n n u a l r e p o r t 61 software a n n u a l r e p o r t 62 software ware detectiontechniques. mal and testing automated using applications mobile of security Research: Italiana, Lugano,Switzerland Degree: Research Assistant Paolo Calciati tion ofcomputerprograms. Research: Madrid (UPM),Spain Degree: Research Assistant Luthfi Darmawan Università della Svizzera Svizzera della Università Universidad Politecnica de Resource usage verifica Improve quality and and quality Improve - - with focus on Game theoretic theoretic Game on focus with proofs security aided Computer Protocols. Exchange Key Public on emphasis with Security able Research: Bordeaux, France Degree: Research Assistant Giuseppe Guagliardo techniques. through hardwarearchitecture. attacks channel side against rity secu the targetting processes, ic security guaranties for cryptograph Research: de Madrid(UCM),Spain Degree: Research Assistant Pablo Cañones Universidad Complutense Complutense Universidad Université de Bordeaux, Bordeaux, de Université Cryptography and Prov and Cryptography Information theory and and theory Information - - - rity andside-channelattacks. (and countermeasures), NFC secu attacks browser web client-based web application security, specially include interests research his and security, computer on PhD his on Research: tester foraninternationalfirm. as a security consultant/penetration Universidad de Zaragoza and worked studied Computer Engineering at the SoftwareinNovember 2015, Pepe Degree: Research Assistant Pepe Vila Degree: Research Assistant Martín Moreau (UPMC), Paris,France Curie Marie et Pierre Université Performance, and Reliability rity measures. channel attacks and their counter side- of analysis the as well as implementation its of verification Research: MSc in Numeric Secu Numeric in MSc Before joining IMDEA IMDEA joining Before Currently he is working working is he Currently Cryptography and the the and Cryptography - - - and technology transfer unit CS - Technical University of Madrid Degree: & ProjectStrategyManager Business Developer, EIT Digital Jesús Contreras (UPM), Spain being carriedoutattheInstitute.Theyaretypicallyco-fundedbysuchprojects. contracts and projects of development the for support additional provide Staff Project Pablo Rauzy Rana FaisalMunir Guillermo Ramos Thomas Espitau Simón Cancela Leo Stefanesco Justin Hsu Daniel Henri-Mantilla Xavier Garceau-Aranda Santiago Cuellar Renzo Verastegui Alejandro Ranchal Santiago Cervantes Anca Nitulescu Massimo Neri Cecile Baritel Ignacio Queralt Pedro Valero Victor deJuan Elena Gutierrez Marcos Sebastián Intern MBA - CEREM and PhD in Jan. –Feb.2015 Nov. 2014–Feb.2015 Jul. 2013–Jun.2015 Mar. –Aug.2015 Oct. 2014–Jul.2015 May –Aug.2015 May –Jul.2015 Jun. –Aug.2015 Jun. –Sep.2015 Jul. –Sep.2015 Jun. 2015–Apr.2016 Sep. 2014–2015 Sep. 2014–2015 Mar. –Sep.2015 Oct. 2015–Jan.2016 Oct. 2015–Aug.2016 Sep. –Dec.2015 Sep. 2015–Feb.2016 Jun. 2015–Jan.2016 Jun. 2015–Feb.2016 Oct. 2014–Mar.2016 Period Spain Madrid, University, Complutense - Degree: AMAROUT-II Project Manager, Juan JoséCollazo B.Sc. in Economic Sciences

Business School,USA Harvard - Management preneurial Degree: EIT Digital Business Developer, Francisco Ibáñez France Pakistan Spain France Spain France United States Spain Spain Colombia Romania Spain Spain Romania Italy France Spain Spain Spain Spain Spain Nationality MBA Finance & Entre & Finance MBA

-

a n n u a l r e p o r t 63 software a n n u a l r e p o r t 64 software London, UK of University College, Goldsmiths Degree: EIT Digital Social Media&WebManager, David García Sevilla, Spain de Universidad IMSE-CNM-CSIC, Degree: Lead, EITDigital Doctoral TrainingCenter Susana Eiroa PhD in Microelectronics – Microelectronics in PhD MA Visual Anthropology, Visual MA Henares, Spain de Alcalá de Universidad opment, Degree: Unit Telefónica JointResearch Technical ProjectStaff, Leandro Guillén spell College,Argentina Degree: Digital Administrative Assistant,EIT Andrea Iannetta B.Sc. in Economics – God MS in Professional Devel Professional in MS - - Project Assistant,N-GREENS Silvia Díaz-Plaza Spain Valladolid, Cervantes, de Miguel Degree: Unit Telefónica JointResearch Technical ProjectStaff, Guillermo Jiménez Spain Madrid, Carlos, Juan Rey versidad Uni - Management Business and Degree: B.Sc., European University B.Sc. in Administration in B.Sc. - and infrastructures unit staff co-funded bydifferentprojectsandagreements. currently are They etc. communications, farms, computing harnesses, experimentation platforms, integration continuous tools, collaboration research systems, control version environments, virtualization include These Institute. the at researchers the to vided pro infrastructures research the for support provide Staff Technical Support Research Spain - Technical University of Valladolid, Degree: Engineer REDIMadrid Network David Rincón (UPM), Spain Eng. Technical University of Madrid Degree: Communication Infrastructures Computing and Roberto Lumbreras BS in Telecommunications MSc. Elec. & Computer Computer & Elec. MSc. Madrid, Spain Cierva, la de Juan Instituto cian, Degree: Computer Operations REDIMadrid Technicianand Carlos RicardodeHiges (UPM), Spain Eng. Technical University of Madrid Degree: Engineer Network andSystems Juan Céspedes Licensed Electrical Techni MSc. Elec. & Computer Computer & Elec. MSc. - Carlos, Madrid,Spain Juan Rey Universidad – istration Degree: Accounting Assistant Carlota Gil Administration, El Rincón, Las Las Palmas, Spain Rincón, El Administration, Degree: Systems Administrator Gabriel Trujillo M.Sc. in Business Admin Business in M.Sc. AD in Network Systems Systems Network in AD - -

a n n u a l r e p o r t 65 software a n n u a l r e p o r t 66 software Political Sciences Degree: (part-time) IMDEA CommonServices Begoña Moreno Degree: General Manager María Alcaraz Madrid, Spain CEREM, – Negocios de nacional Ph.D. in Economics and and Economics in Ph.D. B - sul Inter Escuela - MBA & administration - Technical University of Madrid (UPM), Spain. Madrid of University Technical Degree: Infrastructure Manager Laura Bellmont Spain Madrid, Complutense, versidad Degree: (part-time) Human ResourcesAssistant Paola Huerta M.A. in Art History – Uni – History Art in M.A. M.Sc. in Architecture – Architecture in M.Sc. - icana JoséSimeónCañas istration – Universidad Centroamer Degree: (part-time) Administrative Assistant Tania Rodríguez M.Sc. in Business Admin - - research p r o j e c t s a n d contracts

5.1. Projects Running in 2015 [69] 5.2. Some Recently Granted Projects (not started in 2015) [83] 5.3. Fellowships [86]

a n n u a l r e p o r t An important source of funding and technology transfer opportunities for the Institute 68 are cooperative projects, awarded through competitive calls for proposals by national and international funding agencies, and contracts with industry. During 2015, the Insti- tute participated in a total of 30 funded research projects and contracts, the majority of which (23, the 77%) involve collaboration with industry. Of the 30 projects, 19 are from international agencies (16 funded by the European Union and 3 by the US agen- cies ONR and NIST), 5 of them are direct industrial funding, and the rest are funded by a n n u a l r e p o r t national (5) and regional (1) agencies. Figure 5.1 shows the origin of project funding. In the same year, the Institute benefited from 14 fellowships.

The trend of external funding for the period 2008-2015 is shown in Figure 5.2 (the value for 2015 is estimated and that for 2016 is a forecast). The amount of external funding (and the percentage of external to total funding) has risen from around 1.1 M€ (30%) in software 2013 to 1.8 M€ (42%) in 2015, which is slightly above the forecast for 2015 performed at the end of 2014 (1.75 M€), partially due to activities performed in the realm of EIT Digital. The level of external funding is forecast to grow to 1.9M€ in 2016, with the percentage of external funding with respect to the total Institute budget rising to 47%.

National 4 Regional 1

US European 3 11

Industry 5 EIT 5 Figure 5.1. Projects by origin of funding.

2,200,000 2,000,000 1,800,000 1,600,000 1,400,000 1,200,000 1,000,000 800,000 600,000 400,000 200,000 0 2008 2009 2010 2011 2012 2013 2014 2015 2016 Figure 5.2. Evolution in external funding since 2008. 5.1. Projects Running in 2015 69 SynCrypt Automated Synthesis of Cryptographic Constructions

Funding: US Office of Naval Research (ONR), through Stanford University

Duration: 2015-2018 a n n u a l r e p o r t Project Coordinator: Res. Prof. Gilles Barthe

SynCrypt is a joint project with Stanford University, University of Pennsylvania, and SRI, funded by ONR and which runs from September 2015 until August 2018. SynCrypt

is the continuation of AutoCrypt project and the budget allocated for IMDEA Software software is over 1 Million Euros. SynCrypt aims to develop synthesis techniques and tools for cryptographic constructions, and for cryptographic implementations. Building on their previous work, IMDEA researchers will develop synthesis tools for generating, transform- ing, and hardening cryptographic constructions.

Within the project, the IMDEA Software team plans to extend their EasyCrypt tool (http:// www.easycrypt.info) to handle proof generation for lattice-based systems. This will require a fair amount of enhancements to EasyCrypt. IMDEA will extend the logical rules for proving security of cryptosystems to reason about noise growth and will apply these tools to analyze lattice-based identity-based systems and attribute-based encryption schemes.

SHA3 Verified standards: SHA3

Funding: US National Institute of Standards and Technology (NIST) Duration: 2015-2016 Project Coordinator: Res. Prof. Gilles Barthe

SHA3 research project is funded by NIST and runs from September 2015 until August 2016. The goal of the project is to demonstrate that the EasyCrypt tool can be used for building machine-checked, independently verifiable proofs of security for the new SHA3 standard.

The technical work will be performed in two steps. IMDEA researchers shall first consider indifferentiability from a random oracle, which is among the strongest properties for hash functions and extendable-output functions, and will formalize a detailed game-based proof of indifferentiability in EasyCrypt for the sponge construction used in the SHA3 standard.

Finally, the IMDEA Software team will generate a C implementation from the formaliza- tion, and validate the correctness of the implementation experimentally. GOBIERNO MINISTERIO DE ESPAÑA DE ECONOMÍA 70 EIT Digital Spain APG Y COMPETITIVIDAD APG Spain EIT Digital Coordination and Joint Activities

Funding: Spanish Ministry of Economy and Competitiveness Duration: 2015-2016 Principal Investigator: Res. Prof. Manuel Hermenegildo a n n u a l r e p o r t EIT Digital, as explained in section 2.3, is the Knowledge and Innovation Community (KIC) in the ICT sector of the European Institute of Innovation and Technology. The Spanish node is currently the last one to join the KIC. The Spanish node, formalized through the Associate Partner Group Spain (APG Spain), includes the following members: IMDEA Software Institute (node coordinator), Technical University of Madrid, ATOS, software Indra, Telefónica, and the Barcelona Supercomputing Center. The coordination includes boosting the network in collaboration with members of APG with a twofold objective. On one hand to improve knowledge of the KIC possibilities in order to take maximal profit from the innovation program. On the other hand to spread the activities of the APG in the national ICT sector at all levels: large companies, SMEs, entrepreneurs, students, academia and researchers. This project aims at providing support for these coordination activities in order to strengthen the position of Spain in EIT Digital.

CADENCE Cyber Attack Detector Engineering for Commercial Exploitation

Funding: European Institute of Innovation and Technology Duration: 2015 Principal Investigator: Asst. Res. Prof. Juan Caballero

The CADENCE project is an action part of the EIT Digital activities in 2014 and 2015 in its Action Line on Privacy, Security, and Trust.

The project concentrates on development of a sensor able to detect advanced cyber attacks in network traffic by applying innovative anomaly detection technology, with the goal of advancing cyber-defense expertise and creating more secure ICT environments in both governments and businesses. CADENCE aims at addressing the needs of a segment of a market whose size is estimated at 250 billion EUR in Europe with specific innova- tive product and service prototypes. The project was developed together with TNO in Netherlands, and the Reply Spa. group in Italy. More information appears in Chapter 7. I3H 71 Incubating Internet Innovation Hubs

Funding: European Union – 7th Framework Program Duration: 2014–2016 Principal Investigator: Res. Prof. Juan José Moreno a n n u a l r e p o r t The objective of the I3H project is to contribute to the sustainability of the Future Internet PPP (FI-PPP) by creating a European network of Internet Innovation Hubs (IIH), regional or thematic clusters that bring together web entrepreneurs, mentors, investors, students, academia, industry, and public sector innovators to speed up the transformation of FI-PPP results to services and applications addressing the needs of European citizens, software companies, and society. The starting point is the network of EIT Digital hubs in Buda- pest, Eindhoven, Helsinki, Madrid, Paris, and Trento, where nodes of EIT Digital have their co-location centers. The seed network will grow organically with a robust life-cycle incubation stage gate process for identifying candidate hubs and guiding them through tangible milestones towards full-fledged IIH’s with hands-on coaching, resources and support, including knowledge and best practice transfer.

FI-CORE

Funding: European Union – 7th Framework Program Duration: 2014–2016 Principal Investigator: Res. Prof. Manuel Hermenegildo

The FI-Core project aims to complete the FI-PPP vision and support a truly open innova- tion ecosystem around FIWARE Lab, a working instance of FIWARE that is distributed across multiple data centers in Europe and is effectively operated using the suite of FIWARE Ops tools. In this project, the FI-Core consortium is delivering:

Universidad Rey Juan Carlos • Technology extensions, introducing new capabilities to the platform, with focus on 72 those believed to carry substantial economic potential and future relevance. Examples include new Generic Enablers (GEs) in the areas of Robotics, Open Data, and Network Function Virtualization.

• Means for platform availability, including initiatives and processes for ensuring the effective adoption of FIWARE GE’s well beyond the initial FI-PPP community. These a n n u a l r e p o r t means include the launch of operational FIWARE nodes across Europe with resources and tools to support them, as well as extensive FIWARE education and training pro- grams for Web entrepreneurs and SMEs.

• Processes and tools for platform sustainability, ensuring outreach and dissemination

software of current and on-going results from FI-Ware and Xifi projects, and their take-up by the European and global ecosystems, based on the large involvement of SMEs which will use the platform to create new value networks.

N-GREENS Next-Generation Energy-Efficient Secure Software

Funding: Regional Government of Madrid Duration: 2014–2018 Project Coordinator: Res. Prof. Gilles Barthe

The N-GREENS Project addresses the ever-growing economic and strategic significance of the software industry, the presence and ubiquity of software and computer devices in everyday life, and the resulting need for revolutionary solutions to enable citizens to access myriads of such services in a secure and sustainable way. Along with a strong research component carried out by a world-class expert consortium, the project has a strong technology transfer component. N-GREENS aims at developing disruptive tech- nologies in some of the key areas with a high social impact. Its technical areas include: green computation, cloud security, cyber-physical systems, parallelism for the masses, and the resulting software tools.

N-GREENS is a consortium involving groups from Universidad Complutense de Madrid, Universidad Politécnica de Madrid, and the IMDEA Software Institute, which is the project coordinator. VeriStab 73 Formal Verification of Stability of Embedded Control Systems

Funding: European Union – 7th Framework Program Duration: 2013–2015 Principal Investigator: Asst. Res. Prof. Pavithra Prabhakar

The VeriStab project addresses the challenge of building high-confidence embedded a n n u a l r e p o r t control systems by verifying their stability (resistance to perturbation in the initial state or inputs) using automated formal verification techniques that will be developed within the project. The objective is to facilitate the development of fully automated and scalable methods for stability verification, thereby addressing the shortcomings of state-of-the-art deductive techniques. An algorithmic approach to stability verification is a challenging software task, since even fundamental notions for abstraction and composition, which form the backbone of scalable algorithmic verification, have not been well explored. VeriStab proposes a three-phase plan which covers from the development of theoretical founda- tions to algorithm design and software tool development.

ADVENT Architecture-Driven Verification of Systems Software

Funding: European Union – 7th Framework Program – FET Young Explorers Duration: 2013–2016 Project Coordinator: Asst. Res. Prof. Alexey Gotsman

IMDEA Software is the main partner and coordinator of the ADVENT research project (http://advent-project.eu). The project was awarded during the year 2012 and runs from April 2013 to 2016. It is funded by the very competitive EU 7th Framework Program, Future and Emerging Technologies (FET) Young Explorers Initiative, and has an overall budget of 1 million Euro. In addition to IMDEA Software, the consortium includes as partners Tel Aviv University (Israel), The Max Planck Institute (Germany), and Katholieke Universiteit Leuven (Belgium).

The ADVENT project develops innovative methods and tools for cost-effective verifica- tion of real-world systems software, making it possible to guarantee an unprecedented level of reliability. ADVENT will achieve this by exploiting a trend among programmers to use informally described patterns, idioms, abstractions, and other forms of structure contained in their software, which are together called its architecture.

Building on the emerging technology of separation logic, ADVENT will formalize such software engineering concepts used by systems programmers to reason about their soft- ware informally, and will use the results to drive the design of verification techniques. 74 This is a radically novel approach to the problem of verifying complex software: it departs from the common practice of building generic verification tools that, not being able to take advantage of programmers’ knowledge and intuition, do not scale to big and com- plicated systems.

The architecture-driven verification techniques resulting from the project have the poten- a n n u a l r e p o r t tial to yield a dramatic leap in the cost-benefit ratio of verification technology. This will allow verification to scale to systems of real-world size and complexity that so far have been beyond the reach of quality assurance methods guaranteeing correctness.

software POLCA Programming Large Scale Heterogeneous Infrastructures

Funding: European Union – 7th Framework Program Duration: 2013–2016 Principal Investigator: Assoc. Res. Prof. Manuel Carro

The POLCA project explicitly addresses the programmability concerns of both embed- ded and high performance computing. Both domains have generated strongly focused approaches for solving their specific problems that are now confronted with the increas- ing need for parallelism even in Embedded Systems and the need for addressing non- functional criteria in High Performance Computing. Rather than improving both domains separately, POLCA takes a bold step forward by proposing a hybrid programming model that decisively increases programming efficiency in both areas and enables realization of multi-domain use cases.

This model thereby allows efficient parallelization and distribution of the application code across a highly heterogeneous infrastructure, not through automatic methods, but through exploitation of fundamental mathematical axioms behind the execution logic. The model is strongly oriented towards mathematical application cases of both domains, ranging from sensor evaluation, over monitoring-control-loops to complex simulation and modeling. POLCA is thereby explicitly geared towards exploitation of reconfigurable hardware to make use of their high efficiency under the right usage criteria. In principal it even allows for exploitation of run-time reconfigurations, given an application with a suitable profile.

The project builds up on existing collaboration between experts from embedded comput- ing and high performance computing, to combine complementary expertise from the two domains into an accessible and productive programming model of the future. ENTRA 75 Whole-systems energy transparency

Funding: European Union - 7th Framework Program - FET proactive MINECC call Duration: 2012-2015 Project Coordinator: Res. Prof. John Gallagher a n n u a l r e p o r t ENTRA is an FP7 “Future and Emerging Technologies” project under the proactive “MINECC” objective - “Minimizing Energy Consumption of Computing to the Limit”. The ENTRA project proposes radical advances in energy-aware software design and management with the objective of providing an important key to the pervasive realization of energy-aware computing. Though huge advances have been made in power-efficient software hardware, most of the potential energy savings are wasted by software that does not exploit energy-saving features of hardware, and by poor dynamic management of tasks and resources. The budget of the project is approximately 2.7M Euros.

The project is built around the central concept of energy transparency at every stage of the software lifecycle. The project develops novel program analysis and energy modeling techniques, making energy usage transparent through the system layers. This will enable energy optimizations both during code development and at run-time, and promote energy efficiency to a first-class software design objective.

AutoCrypt Automation in Cryptology

Funding: US Office of Naval Research (ONR), through Stanford University Duration: 2012-2015 Project Coordinator: Res. Prof. Gilles Barthe

AutoCrypt is a joint project with Stanford University, University of Pennsylvania, and SRI, funded by ONR and which runs from July 2012 until July 2015. It has an overall budget of 2 Million Euros. AutoCrypt aims to use computer technology to provide mathematical guarantees that a cryptographic algorithm is secure, and that it is adequate for a given product, process, or service.

Within the project, the IMDEA Software team use their EasyCrypt tool (http://www. easycrypt.info) to develop a systematic classification of cryptographic algorithms and to create a cryptographic atlas that will be used by researchers and companies to choose the most suitable algorithm for their needs. 76 VARIES Variability in safety critical embedded systems

Funding: ARTEMIS- European Union - 7th Framework Program Duration: 2012-2015 Principal Investigator: Assoc. Res. Prof. Aleksandar Nanevski a n n u a l r e p o r t VARIES is an ARTEMIS Joint Undertaking project granted under the FP7 ARTEMIS-2011-1 Call. The 26 partner-strong international consortium includes the participation of national partners Hi-Iberia, Integrasys, and Tecnalia. The main goal of the VARIES project is to help Embedded Systems (ES) developers to maximize the full potential of variability in safety-critical ES. The objectives of this project will be therefore (i) to enable companies

software to make informed decisions on variability use in safety-critical ES; (ii) to provide effective variability architectures and approaches for safety-critical ES; and (iii) to offer consistent, integrated, and continuous variability management over the entire product life cycle.

The VARIES project develops the VARIES Platform: a complete, cross-domain, multi- concern, state-of-the-art reference platform for managing variability in safety-critical ES. Special attention is given to aspects specific to safety-critical ES, in particular the impact of reuse and composition on certification.

In addition to this ambitious goal, the VARIES project will create a Center of Innovation Excellence (CoIE) for managing variability in ES. The VARIES CoIE will support the European ES industry on the 3 aforementioned objectives.

GOBIERNO MINISTERIO StrongSoft DE ESPAÑA DE ECONOMÍA Y COMPETITIVIDAD Sound Technologies for Reliable, Open, New Generation Software

Funding: Spanish Ministry of Economy and Competitiveness Duration: 2013–2016 Principal Investigator: Assoc. Prof. Gilles Barthe

The goal of the StrongSoft project is to define, implement, evaluate, and disseminate disruptive technologies that are able to keep pace with the rapid evolution of software systems and address the challenges it implies. The project provides solutions for sup- porting the cost-effective development of a new generation of software systems that are reliable, efficient, and secure while connected to an open, untrusted world, across different application domains. The workplan is organized in a number of coordinated lines that cover security and cryptography, verification, debugging and testing, language technology, and tools. To achieve its objectives the StrongSoft consortium coordinates some of Spain’s leading research groups in reliable software technologies together with a number of key foreign researchers and highly interested industrial end users. Centro para el MINISTERIO Desarrollo DE ECONOMÍA Y COMPETITIVIDAD Tecnológico Industrial e-TUR2020 77 e-TUR2020. TUrismo & Retail

Funding: Spanish Ministry of Economy and Competitiveness - CDTI Duration: 2015-2019 Principal Investigator: Asst. Res. Prof. Juan Caballero a n n u a l r e p o r t e-TUR2020 is a 4-year Spanish joint industrial research project funded by the Centre for the Development of Industrial Technology (CDTI). The aim of e-TUR2020 is to create a new on-line software platform for the tourism sector that will enrich the sector’s mobile applications with new services for tourists, tourist sector agents, and companies from other sectors. The e-TUR2020 project involves 6 industrial partners (Compartia, Eurona, Groupalia, SoluSoft, Tecnocom, Zemsania). The industrial partners subcontract parts of the work to 4 research and development centers (Eurecat, IMDEA Software Institute, PCT, and Universidad Carlos III de Madrid). Within e-TUR2020, the IMDEA Software Institute will manage the security aspects. To this end, the Institute will contribute to research and develop techniques to secure the information exchange.

EUROPEAN COOPERATION IN SCIENCE AND TECHNOLOGY ARVI Runtime Verification Beyond Monitoring

Funding: European Union, COST Action Duration: 2014–2018 Investigator: Assoc. Res. Prof. César Sánchez

Runtime verification (RV) is a computing analysis paradigm based on observing a system at runtime to check its expected behavior. RV has emerged in recent years as a practical application of formal verification, and a less ad-hoc approach to conventional testing by building monitors from formal specifications. There is a great potential applicability of RV beyond software reliability, if one allows monitors to interact back with the observed system, and generalizes to new domains beyond computer programs (like hardware, devices, cloud computing, and even human-centric systems). Given the European leadership in computer- based industries, novel applications of RV to these areas can have an enormous impact in terms of the new class of designs enabled and their reliability and cost-effectiveness. 78 CryptoAction EUROPEAN COOPERATION IN SCIENCE AND TECHNOLOGY Cryptography for Secure Digital Interaction

Funding: European Union, COST Action Duration: 2014–2018 Investigator: Asst. Res. Prof. Dario Fiore a n n u a l r e p o r t As increasing amounts of sensitive data are exchanged and processed every day on the Internet, the need for security is paramount. Cryptography is the fundamental tool for securing digital interactions, and allows much more than secure communication: recent breakthroughs in cryptography enable the protection – at least from a theoretical point of view – of any interactive data processing task. This includes electronic voting, outsourcing software of storage and computation, e-payments, electronic auctions, etc. However, as cryptog- raphy advances and becomes more complex, single research groups become specialized and lose contact with “the big picture”. Fragmentation in this field can be dangerous, as a chain is only as strong as its weakest link. To ensure that the ideas produced in Europe’s many excellent research groups will have a practical impact, coordination among national efforts and different skills is needed. The aim of this COST Action is to stimulate interaction between the different national efforts in order to develop new cryptographic solutions and to evaluate the security of deployed algorithms with applications to the secure digital interactions between citizens, companies and governments. The Action will foster a network of European research centers thus promoting movement of ideas and people between partners.

AMAROUT II Europe

Funding: European Union, Marie Curie Action (PEOPLE-COFUND) - 7th Framework Program Duration: 2012-2016 General Coordinator: Res. Prof. Manuel Hermenegildo

AMAROUT-II Europe is a PEOPLE-COFUND Marie Curie Action which continues the AMAROUT action sharing with it the objectives of fostering and consolidating the Euro- pean Research Area by attracting top research talent to Europe and, in particular, to the region of Madrid. As in the previous AMAROUT program, “experienced” and “very experienced” researchers from any country can apply for AMAROUT II fellowships at any of the seven IMDEA Institutes participating in the program (Energy, Food, Materials, Nanoscience, Networks, Software, and Water). The program is seeking to attract, over 4 years, more than 150 experienced researchers to carry out research projects within the IMDEA network of research Institutes. The program keeps a call open permanently until month 36. Applications are evaluated by batches, according to quarterly cut-off dates. To promote the program and its calls, both nationally and abroad, best practices 79 developed during the previous AMAROUT program are being applied. The IMDEA Software Institute is the single beneficiary of the AMAROUT-II program, the same role that was performed during the previous AMAROUT program.

As in AMAROUT, the AMAROUT-II Program is a joint initiative from the seven IMDEA

research institutes. The IMDEA Software Institute was in charge of writing and submit- a n n u a l r e p o r t ting the proposal and is the beneficiary, acting as the administrator of the program for the other institutes. software

GOBIERNO MINISTERIO DE ESPAÑA DE ECONOMÍA Y COMPETITIVIDAD MINECO Co-Funding for AMAROUT

Funding: Spanish Ministry of Economy and Competitiveness Duration: 2013–2015 Principal Investigator: Res. Prof. Gilles Barthe

This project awarded by MINECO funds one part of the complementary mobility costs for the researchers that have been awarded fellowships within the AMAROUT II Marie Curie PEOPLE-COFUND action described above. In 2014-15 this has been extended to co-funding researchers from other IMDEA institutes within a proposal coordinated by the IMDEA Software Institute.

GOBIERNO MINISTERIO DE ESPAÑA DE ECONOMÍA EUIN Grants Y COMPETITIVIDAD

Funding: Spanish Ministry of Economy and Competitiveness Duration: 2015

Europa Investigación Grants, funded by MINECO, support the submission of propos- als from Spanish research groups to calls belonging to the H2020 Framework Pro- gramme. IMDEA Software has obtained three of these grants to support the submission of three research proposals to the European Research Council (for Consolidator Grants and Starting Grant, made by Pavithra Prabhakar, Alexey Gotsman and Aleksandar Nanevski) in 2015. Smart Energy Systems Future Urban Life & Mobility Future Networking Solutions Smart Spaces Future Cloud Action Cyber-Physical Systems Health & Wellbeing lines Master School Smart Energy Systems Future Urban Life & Mobility Privacy, Security & Trust Doctoral School Future Networking Solutions Smart Spaces Future Cloud Action Cyber-Physical Systems Health & Wellbeing lines Master School Privacy, Security & Trust Doctoral School

Helsinki

Stockholm

80 EIT Digital CLC Helsinki Co-Location Center Berlín StockholmEindhoven Londres The headquarters of the IMDEA Software Institute host the Madrid Co-Location Center (CLC) of EIT Digital Madrid. The CLC is the central place for organizing and implement- París Budapest Eindhoven Berlín ing EIT Digital activities in Spain, and the main meeting point for the SpanishLondres Associate Trento Partner Group (APG), led by the IMDEA Software Institute, which includes some of the a n n u a l r e p o r t most prominent actors in the ICT innovation arena, such as Telefónica, Indra, Atos,París and Madrid Budapest the Technical University of Madrid (UPM). Trento

Madrid

software EIT Digital Business Development Accelerator

The Digital Business Development Accelerators (BDAs) are part of the EIT Digital BDA network, and provide a group of 50 specialists helping in bringing ideas to market and providing services such as coaching, access to finance, or soft landing, at a pan-European level. This has also included participation in and organization of events related to innova- tion and entrepreneurship. In 2015 the business acceleration activities of the Madrid APG led by the IMDEA Software Institute have been expanded (from one person to two people) with a new additional expert Francisco Ibáñez establishing relationships with the Spanish venture capital and investment ecosystems.

EIT Digital Higher Education Schools

During 2015, the Spanish APG, led by the IMDEA Software Institute, started the EIT Digital Doctoral and the Master School. The first 20 students of the the EIT Digital Master School started innovation and entrepreneurship lectures at the Co-location Centre (CLC) in the IMDEA Software premises. In the Doctoral School, the first six PhD students started the EIT Digital program attending the first courses (Raising Awareness), also at the Co-Location Center in the IMDEA Software Institute. Microsoft Research 81

The strong cooperation between scientists in IMDEA Software and Microsoft Research was boosted through the opening of the Joint Research Center and the organization of the Microsoft Research and IMDEA Software Institute Cooperation Workshops (MICW). Within the Microsoft Research – IMDEA Software Joint Research Center, scientists from both sides work together on a number research topics, such as cryptography and privacy, a n n u a l r e p o r t concurrency and memory models, and programming languages and verification. The MICW has been established as an annual forum for presenting the results of the joint work. On April 9-10, 2015 the second edition of the Microsoft Research and IMDEA Software Institute Collaboration Workshop (MICW 2015) took place, focused on three main topics: Scalable and correct data management in the cloud, verification for cryptography and software security, and secure Distributed Programming. MICW 2015 aimed at discussing collabo- rative work on chosen software projects and, when possible, to bring those advances to Microsoft’s businesses. 82 Telefónica I+D

Since 2012, IMDEA Software has cooperated with Telefónica I+D on research and development of components for automatic management of cloud scalability towards their integration into Claudia, a product developed within the European FI-WARE initiative. Claudia facilitates the definition and automatic deployment and management of virtual machines, storage, and connectivity resources that comprise the virtual infrastructure a n n u a l r e p o r t on which cloud applications are run.

The Institute is in charge of providing advice on the software architecture and high-level design of the software components, within the FI-WARE requirements, and participates in their development and testing. The component integration is based on the OpenStack software cloud architecture.

As mentioned before, Telefónica Digital and the Institute also established during 2013 a Joint Research Unit (JRU) within their more global strategic partnership.

LogicBlox

In 2013, the IMDEA Software Institute started cooperation with LogicBlox, located in Georgia, USA, applying IMDEA’s expertise in logic engines within the LogicBlox commer- cial deductive (smart) database system. The smart database and its high-level declarative query language (LogiQL) enable users used to build applications that combine trans- actional, analytical, graph, probabilistic, and mathematical programming. This makes possible new classes of hybrid applications that are hard or impossible to build on a traditional technological stacks that involve a cocktail of multiple programming languages and databases. This system includes sophisticated logic for optimizing database query execution, and is able to take advantage of multi-core and cloud programming, while abstracting away much of their intrinsic complexity. 5.2. Some Recently Granted Projects (not started in 2015) 83

NEXTLEAP NEXt Generation Technosocial and Legal Encryption Access and Privacy

Funding: European Union - H2020 Framework Program a n n u a l r e p o r t Duration: 2016-2018 Project Investigator: Asst. Res. Prof. Dario Fiore

The objective of the NEXTLEAP project is to build the fundamental interdisciplinary

internet science necessary to create decentralized, secure, and rights-preserving pro- software tocols for the next generation of collective awareness platforms. The longterm goal of NEXTLEAP is to have Europe take the “next leap ahead” of the rest of the world by solving the fundamental challenge of determining both how to scientifically build and help citizens and institutions adopt open-source, decentralized and privacy-preserving digital social platforms. This paradigm is in contrast to proprietary, centralized, cloud- based services and pervasive surveillance that function at the expense of rights and technological sovereignty.

GOBIERNO MINISTERIO DE ESPAÑA DE ECONOMÍA TRACES Y COMPETITIVIDAD Technologies and tools for Resource-Aware, Correct, Efficient Software

Funding: Spanish Ministry of Economy and Competitiveness Duration: 2016-2018 Project Investigators: Assoc. Res. Prof. Manuel Carro - Res. Prof. Manuel Hermenegildo

The focus of TRACES Project relies in the need of change in the fundamental tools and approaches which underlie the software engineering techniques to be applied in the very near future. For this purpose TRACES includes three main research lines: 1) Resource-aware computing: being able to determine safe (or at least approximate) bounds for the resource consumption of software in a given hardware, and optimize it as much as possible, is necessary to ensure the correctness of embedded devices in terms which are more general than just functional correctness. 2) Advanced techniques to ensure functional correctness: these include not only infinite-state verification, but also debugging, synthesis of concurrent software, probabilistic / heuristic methods, and lean methods, such as testing and runtime / dynamic verification. These are necessary when, for example, the boundaries of a computer system are not well known in advance, or the interactions with the outside world can only be probabilistically modeled. 3) New language technologies: new environments, tasks, and missions make it necessary to adapt existing languages to them or to create languages anew. Contrary to widespread 84 belief, new languages and programming models are constantly created not only in aca- demia but also in industry with the aim of either taking advantage of new devices or of performing tasks (e.g., knowledge-related) which would be too complex to write (and to ensure correct!) in traditional languages. a n n u a l r e p o r t

GOBIERNO MINISTERIO DEDETIS DE ESPAÑA DE ECONOMÍA Y COMPETITIVIDAD Detecting and Defending Against Threats to the Information Society

Funding: Spanish Ministry of Economy and Competitiveness Duration: 2016-2018 software Project Investigators: Asst. Res. Prof. Juan Caballero - Asst. Res. Prof. Boris Köpf

The goal of the DEDETIS project is to deliver the next generation of detection and defense techniques and tools against cyber threats. While our techniques and tools will be useful in multiple application scenarios, the emphasis of the project is on protecting the booming mobile and cloud computing environments against today’s and tomorrow’s threats. The work plan of the project is organized in 3 research lines that cover: 1) The fight against cybercrime, including novel system and network security approaches for detecting malicious software (malware) in mobile devices, classifying and recovering the software lineage of malware, and disrupting malicious server infrastructures hosted on cloud hosting services. 2) The detection and analysis of software vulnerabilities, including novel program analysis techniques to detect vulnerabilities with high coverage as well as algorithmic vulnerabilities, e.g., side-channel attacks on cryptographic modules and denial of service attacks through resource starvation. 3) Privacy and integrity in cloud computing, including novel cryptographic protocols based on homomorphic encryption and zero-knowledge verifiable computation to securely outsource data and computations to untrusted cloud service providers. GOBIERNO MINISTERIO DE ESPAÑA DE ECONOMÍA Y COMPETITIVIDAD RISCO 85 Rigorous Technologies for the Analysis and Verification of Sophisticated Concurrent Software

Funding: Spanish Ministry of Economy and Competitiveness Duration: 2016-2018 Project Investigators: Assoc. Res. Prof. Pierre Ganty - Asst. Res. Prof. Alexey Gotsman a n n u a l r e p o r t

The overall goal of the project is to develop new foundations for production and rigorous formal reasoning about modern concurrent and distributed computations. Formally prov- ing that concurrent and distributed programs behave as expected is an old problem, and

many of its facets have been well understood. However, modern applications, hardware software platforms and language standards, keep imposing new and stringent requirements on the development and deployment of such programs. The specific goal of this project is to bridge the gap between the low-level details essential to implementation of programs on modern concurrent and distributed architectures, and the high-level understand- ing necessary for formal verification. We will tackle the problems using a two-pronged approach, as follows: 1) We will study how the gap can be bridged in an automated way, by investigating complexity of the verification problems for the above modern concurrent and distributed computational models. We will design efficient decision procedures for reasoning about high-level abstract data types in such models, and implement them in tools. 2) We will study how the gap can be bridged in the context of human-assisted (i.e., interactive) proof development. In that setting, the challenge is to come up with proof abstractions that reduce the number and complexity of the required proof obligations, thus enabling humans to develop the correctness proofs by hand. 86 a n n u a l r e p o r t

5.3. Fellowships software

1. Microsoft Research PhD Scholarship funds (2), active in 2012-2015 (Alexey Gotsman and Boris Köpf).

2. Juan de la Cierva Postdoc Incorporación grant, Spanish Ministry of Science and Innovation, awarded in 2015 and ending in 2017 (Dario Fiore).

3. Ramón y Cajal grant, Spanish Ministry of Science and Innovation, awarded in 2010 and ending in 2015 (Aleksandar Nanevski).

4. Ramón y Cajal grant, Spanish Ministry of Science and Innovation, awarded in 2015 and ending in 2020 (Boris Köpf).

5. Marie Curie AMAROUT II Incoming Fellowships (8), European Union – 7 Framework Program, awarded in 2012 and active in 2015 (Dario Fiore, Michael Emmi, François Dupressoir, Benedikt Schmidt, Pierre-Yves Strub, Ilya Sergey, Giovanni Bernardi and Alessandra Gorla).

6. FPI Doctoral Grant, Spanish Ministry of Science and Innovation, active in 2015 (Miriam García).

7. FPU Doctoral Grant, Spanish Ministry of Education, Culture and Sports, awarded in 2012 and ending in 2015 (Julián Samborski-Forlese). dissemination of results

6.1. Publications [88] 6.1.1. Refereed Publications [88] 6.1.2. Articles in Books and other Collections [94] 6.1.3. Edited Volumes [94] 6.1.4. Doctoral, Master and Bachelor Theses [95] 6.2. Invited Talks [95] 6.2.1. Invited and Plenary Talks by IMDEA Scientists [95] 6.2.2. Invited Seminars and Lectures by IMDEA Scientists [97] 6.2.3. Invited Speaker Series [99] 6.2.4. Software Seminar Series [100] 6.3. Scientific Service and Other Activities [100] 6.3.1. Conference and Program Committee Chairmanship [100] 6.3.2. Editorial Boards and Conference Steering Committees [101] 6.3.3. Participation in Program Committees [102] 6.3.4. Association and Organization Committees [105] 6.4. Awards [106] 6.5. Dissemination Events [106]

a n n u a l r e p o r t a n n u a l r e p o r t 88 software 2015. on, Vol. 45, Num. 2, pages 276–290, February Transactions IEEE Systems, Cybernetics: and TechniquesMonitoring Process Business Predictive and Combining Comparing Carro Manuel Ivanovic 6. Elsevier, February2015. XMOS Chips for Scheduling and Allocation based chastic vs. Deterministic Evolutionary Algorithm- 5. Heidelberg, February2015. Vol. 14, Num. 1, pages 15–33, Springer Berlin Security, Information of Journal International Operations Download Drive-by of Analysis and Caballero 4. Computer Science, Vol. 11, Num. 2, April 2015. Mutually Testing Processes 3. June 2015. ACM, 1–32, pages 1, Vol.Num. (TISSEC), 18, Transactions on Information and System Security Channels Side Cache of Analysis Static borgne 2. 741, CambridgeU.Press,September2015. Special Issue, Vol. 15, Num. 04-05, pages 726– (ICLP’15) Programming Logic on Conference Int’l. 31st Programming, Logic of Practice and Caching Property Unobtrusive via king Manuel Hermenegildo 1. Journals 6.1.1. 6.1.

Giovanni Bernardi Giovanni Doychev Goran Stulova Nataliia Andreas Metzger, Philip Leitner, Philip Metzger, Andreas Bankovic Zorana Nappa Antonio

. Neurocomputing, Vol. 150, pages 82–89,

Publications , Jan Reineke. Refereed Publications , Eric Schmieders, Roslin Franklin, Franklin, Roslin Schmieders, Eric , . The MALICIA Dataset: Identification Dataset: MALICIA The , Schahram Dustdar, Klaus Pohl. Pohl. Klaus Dustdar, Schahram , , , M. Zubair Rafique, Zubair M. , , , Boris Köpf Boris CacheAudit: A Tool for the . Pedro Lopez-Garcia Pedro José Francisco Morales Francisco José Practical Run-time Chec , Hennessy, Matthew. Matthew. Hennessy, , . Logical Methods in , . System, Man, Man, System, . Laurent Mau Laurent . Theory Theory . Dragan Dragan . ACM ACM . . Juan Juan Sto - - - , . 14, Num.1,pages3–4,2015. Methods neider. 12. 2015. Security Privacy, Vol. 13, Num. 5, pages 86–89, phy: Cryptographic Software We can Trust 11. Computer Science,Vol. 11,Num.1,2015. Systems Wireless in tions Merro. simo 10. 3, pages1–42,2015. Vol.Num. Methodologies, 24, and Engineering Web Applications of Redundancy Intrinsic the Exploiting Pezzè. Mauro Perino, 9. Vol. 25,2015. Coq Mtac: A Monad for Typed Tactic Programming in Krishnaswami, 8. University Press,January2015. Cambridge 1–58, pages FirstView, Vol. ming, Prolog of Dialect a in Machines Abstract of mization Hermenegildo Manuel 7. naro, Konstantinos Vamvourellis. Konstantinos naro, 15. 525–557, 2015. ses Proces State Infinite for Invariance metrized 14. Vol. 25,Num.2,pages457–479,2015. Science, Computer in Structures Mathematical systems cryptographic in flow information 13.

Antonio Carzaniga, Antonio R. Neelakantan Dreyer, Derek Ziliani, Beta Morales Francisco José

. Acta Informatica, Vol. 52, Num. 6, pages pages 6, Num. 52, Vol. Informatica, Acta . . Journal of Functional Programming (JFP), Programming Functional of Journal . Dario Catalano, Dario Sánchez Alejandro Michael, Backes, Barthe Gilles Barthe Gilles Cerone Andrea . Theory and Practice of Logic Program Logic of Practice and Theory . SEFM: Software Engineering and Formal . Software and System Modeling, Vol. Modeling, System and Software . Modelling Mac-Layer Communica Mac-Layer Modelling . ACM Transactions on Software Transactionson ACM . Aleks Nanevski , Alberto Pardo, Gerardo Sch Gerardo Pardo, Alberto , . High-Assurance Cryptogra High-Assurance , Matthew Hennessy,Mas Matthew , Dario Fiore Dario Automatic Workarounds: Workarounds: Automatic Alessandra Gorla Alessandra Boris Köpf Boris . , Description and Opti and Description Cesar Sanchez Cesar . Logical Methods in in Methods Logical . , , Viktor Vafeiadis. aul Carro Manuel , Rosario Gen Rosario , . Quantifying Quantifying Algebraic Algebraic , Nicolò , . . IEEE Para ------, . 46, Num.2,pages105–134,2015. systems hybrid rectangular for CEGAR automata-based rala, Sayan Mitra, Mahesh Viswanathan. 20. 133–139, 2015. pages Vol.317, Sci., Theor. tr.Comput. Notes RIST: An Algorithmic Verifier for Stability 19. pages 3210–3225,2015. IEEE Trans. Automat. Contr., Vol. 60, Num. 12, Systems Hybrid for Bisimulations and lations Mahesh Viswanathan. 18. Journal, May2015. tion-Aware Mapping Techniques Communica Accelerating for GPU of Use the 17. tures, Vol. 125, Num. 0, pages 542–557, 2015. lations of composites fracture CZM implementation for massively parallel simu Mariano Vázquez, Antoine Jérusalem. Molina-Aldareguia, M. Jon Makradi, Ahmed Houzeaux, Guillaume Casoni, Eva Tjahjanto, bal Samaniego, Ling Wu, Ludovic Noels, Denny 16. 592, pages143–165,Springer, 2015. applications (trapdoor) one-way functions: Constructions and Weakening Additivity in Adjoining Closures Order, 2015. Adjoining in Additivity Weakening 23. Comput. Sci.,Vol. 577,pages74–97,2015. abstract interpretation of code properties Saumya K. Debray. 22. 1–17, 2015. Theoretical Computer Science, Vol. 574, pages decidable class of planar linear hybrid systems Dullerud. E. Geir Viswanathan, Mahesh rou, 21.

Pavithra Prabhakar Prabhakar Pavithra Prabhakar Pavithra Vigueras Guillermo Vigueras Guillermo Isabella Mastroeni, Isabella Preda, Dalla Mila Prabhakar Pavithra . Formal Methods in System Design, Vol. . Theoretical Computer Science, Vol. Unveiling metamorphism by Stability Preserving Simu , Parasara Sridhar Duggi , Federico Sket, Cristó Sket, Federico , , Orduña, Juan M.. Juan Orduña, , , Vladimeros Vladime Vladimeros , , Roberto Giacobazzi Roberto Roberto Giacobazzi Roberto , Geir E. Dullerud, Dullerud, E. Geir , Miriam García Miriam . Composite Struc . The Computer An XFEM/ . Theor. Hybrid . . Elec AVE On On A ------. . , . . 2015. October Analysis, Dynamic on Workshop tional Interactions Ernst. 2. pages 429–440,November2015. on Automated Software Engineering, ASE 2015, of the 30th IEEE/ACM International Conference tion for Android: Are We There Yet? Alessandro Orso. 1. Conferences Antonio Nappa Antonio Hoand Damon McCoy, Chris Grier, Vern Paxson, Grant Pearce, Paul Provos, Niels Abu, Moheeb 7. May 2015. Engineering, ICSE 2015, pages 426–436, ACM, of the 37th International Conference on Software Abnormal Usage of Sensitive Data Rasthofer,gfried Bodden. Eric Gorla sandra 6. 2015. June Springer-Verlag, 105–114, pages 9131, Aspects of Declarative Languages, LNCS, Num. Programs C for Transformation Program Rule-Based a of Carro 5. Communication Security, October2015. of the 22nd ACM Conference on Computer and TorServices nonymizing Hidden Dea for Leaks Location Detecting CARONTE: 4. tion Security, October2015. ACM Conference on Computer and Communica Signing Code ticode Juan Caballero 3.

Irfan Ul Haq, Ul Irfan Choudhary,Roy Shauvik Kurt Thomas, Elie Bursztein, Nav Jagpal, Jagpal, Nav Bursztein, Elie Thomas, Kurt Kuznetsov, Konstantin Avdiienko, Vitalii Salvador Tamarit, Srdjan Matic, Platon Kotzias, Platon Kotzias, Srdjan Matic, Richard Rivera, , Julio Mariño. Julio , Ayudante: Identifying Undesired Variable . International Symposium on Practical . Proceedings of the 13th Interna 13th the of Proceedings . , Andreas Zeller, Steven Arzt, Sie Arzt, Zeller,Steven Andreas , . Certified PUP: Abuse in Authen , Alexandros Kapravelos. Alexandros , Automated Test Input Genera Juan Caballero Juan Guillermo Guillermo Vigueras . Proceedings of the 22nd 22nd the of Proceedings . A Haskell Implementation Implementation Haskell A Alessandra Gorla Alessandra Mining Apps for Apps Mining Juan Caballero . Proceedings Proceedings . . Proceedings , Michael D. D. Michael , Proceedings , Manuel Ales Ad Ad ------, .

a n n u a l r e p o r t 89 software a n n u a l r e p o r t 90 software 2015), LNCS, pages 333–358, Springer, 2015. (ESOP Programming on Symposium European Subjectivity and Histories with jee 10. 77–87, ACM,2015. Design and Implementation (PLDI 2015), pages SIGPLAN Conference on Programming Language Programs Concurrent Vol. 9032, pages585–609,Springer, 2015. LNCS, UK, London, Programming, on posium replicated data types 14. Dagstuhl, 2015. 58–71, pages 42, Vol. LIPICS, Spain, Madrid, International Conference on Concurrency Theory, tency models with atomic visibility Gotsman 13. 9363, pages388–404,Springer, 2015. Distributed Computing, Tokyo, Japan, LNCS, Vol. isolation Yang. 12. SSBSE 2015, pages 248–254, Springer, 2015. posiumon Search-Based Software Engineering, Guava Gorla 11. jee 9. May 2015. 36th IEEE Symposium on Security and Privacy, Patching Vulnerability on Code Shared of Impact the of Study A Clones: Juan Caballero 8. 151–167, IEEEComputerSociety, May2015. IEEE Symposium on Security and Privacy, pages tisement Modifications Adver Deceptive Assessing Scale: at Injection

. Ilya Sergey Antonio Nappa .

Specifying and Verifying Concurrent Algorithms Andrea Cerone Andrea Andrea Cerone Andrea Mattavelli, Alberto Goffi, Sergey Ilya Alexey Gotsman Mechanized Verification of Fine-grained Fine-grained of Verification Mechanized . Transaction chopping for parallel snapshot . Proceedings of the 7th International Sym Synthesis of Equivalent Method Calls in in Calls Method Equivalent of Synthesis . DISC’15: International Symposium on . A framework for transactional consis , , Tudor Dimitras. , Aleks Nanevski Aleks Nanevski Aleks , Richard Johnson, Leyla Bilge, , , , Hongseok Yang. Alexey Gotsman . ESOP’15: European Sym Giovanni Bernardi Giovanni . Proc. of the 36th ACM ACM 36th the of Proc. . . Proceedings of the 36th . Proceedings of the the of Proceedings . .Proc. of the 24th , The Attack of the , Anindya Baner Anindya Baner Anindya . CONCUR’15: , Hongseok Alessandra Alessandra Composite , Alexey ------Schmidt 15. Conference, LPAR-20 2015, Suva, Fiji, Novem Intelligence, and Reasoning - 20th International Proofs phic Cryptogra to Applications and Definitions sive Implicit Computational Complexity of Subrecur 18. Springer, 2015. Computer Science, Vol. 9057, pages 689–718, in Notes Techniques,Lecture Cryptographic of Applications and Theory the on Conference nal Internatio Annual 34th - 2015 EUROCRYPT - Key Exchange Protocols Modular Machine-checked Proofs of One-round ne Lakhnech, 17. 457–485, Springer, 2015. pages 9056, Vol. Science, Computer in Notes April 26-30, 2015, Proceedings, Part I, Lecture Bulgaria, Sofia, Techniques, Cryptographic of Applications and Theory the on Conference nal Internatio Annual 34th - 2015 EUROCRYPT - Higher-OrderMasking Grégoire, Dupressoir 16. 2015. ACM, 1156–1168, pages Security, nications Commu and Computer on Conference SIGSAC Cryptography Springer, 2015. Computer Science, Vol. 9450, pages 387–401, ber 24-28, 2015, Proceedings, Lecture Notes in Conference, LPAR-20 2015, Suva, Fiji, Novem Intelligence, and Reasoning - 20th International Coupling tic Yves Strub Stefanesco, Léo Hsu, Justin Grégoire, 19. Springer, 2015. Computer Science, Vol. 9450, pages 203–218, ber 24-28, 2015, Proceedings, Lecture Notes in

Gilles Barthe ils Barthe Gilles Gilles Barthe Gilles Patrick Baillot, Barthe Gilles . Pierre-YvesStrub . Automated Proofs of Pairing-based of Proofs Automated , Pierre-Alain Fouque, Benjamin Benjamin Fouque, Pierre-Alain , Relational Reasoning via Probabilis . Logic for Programming, Artificial Artificial Programming, for Logic . . Logic for Programming, Artificial Artificial Programming, for Logic . . Proceedings of the 22nd ACM ACM 22nd the of Proceedings . Benedikt Schmidt , Benjamin Grégoire, , , Thomas Espitau, Benjamin Benjamin Espitau, Thomas , Juan Manuel Crespo Manuel Juan Sna Belaïd, Sonia , Gilles Barthe . Advances in Cryptology in Advances . . Advances in Cryptology . Verified Proofs of of Proofs Verified . , Ugo Dal Lago. Mind the Gap: François François Benedikt , Yassi, Pierre------Conference on Artificial Intelligence Applica Intelligence Artificial on Conference Faster Energy Estimation combining Evolutionary and YDS Algorithms with by Environments Multicore in Scheduling cient Garcia (CSF’15), IEEE,2015. Symposium Foundations Security Computer tection Against Timing Attacks 24. Verification (CAV ’15),Springer, 2015. Aided Computer on Conference International Verificationand Interpolation tive Rybalchenko. 23. luation of Systems (QEST ’15), Springer, 2015. Eva Quantitative on Conference International Performance and Security between 22. ce, Vol. 9020, pages 355–376, Springer, 2015. Cryptography, Lecture Notes in Computer Scien Workshop on Theory and Practice in Public Key Bounds Lower Signatures from Type II Pairings: Synthesis and Tibouchi. Fiore 21. pages 55–68,ACM,2015. 2015, 15-17, January India, Mumbai, 2015, POPL Languages, Programming of Principles on Symposium SIGPLAN-SIGACT ACM Annual Privacy Differential and Design Mechanism for Types Refinement Strub Yves Roth, Aaron Hsu, Justin Arias, Gallego 20. 26. LNCS, Vol. 9206, pages 30–48, Springer, 2015. Conf. on Computer Aided Verification (CAV’15), HyperLTL and HyperCTL* Sánchez 25.

Goran Doychev Goran Klaus von Gleissenthall, Köpf Boris Barthe Gilles Gilles Barthe Zorana Bankovic Rabe, N. Finkbeiner,Markus Bernd , Andre Scedrov, . A Practical Approach for Energy Effi . Strongly-Optimal Structure Preserving . Higher-Order Approximate Relational loihs o Mdl Checking Model for Algorithms Symbolic Polytopes for Quantita for Polytopes Symbolic . PKC 2015: 18th International International 18th 2015: PKC . . Reasoning about the Trade-offthe about Reasoning , Marco Gaboardi, Emilio Jesús , Edvard Fagerholm, Edvard , , . Proceedings of the 42nd 42nd the of Proceedings . , Boris Köpf Boris Benedikt Schmidt Umer Liqat . The 11th International . Proc. of the 27th Int’l Boris Köpf . Proc. 28th IEEE . , Rational Pro Rational Pedro Lopez- . Proc. 27th 27th Proc. . . Proc. 12th Proc. . , Andrey , Mehdi Pierre- César César Dario Dario ------Signatures with Shorter Public Keys Public Shorter with Signatures (Homomorphic) to Application and tructions Programmable Hash Functions go Private: Cons 32. munication Security, pages 1518–1529, 2015. – 22nd ACM Conference on Computer and Com Data Encrypted on Functions Degree-2 Evaluate to Encryption Homomorphic 31. 331, Springer, 2015. 317– pages 8981, Vol. LNCS, (LOPSTR’14), Transformation and Synthesis Program Based Logic- on Symposium International 24th the of gildo 30. 2015), pages1353–1354,ACM,2015. (GECCO Conference Computation Evolutionary tiobjective Evolutionary Algorithm Mul a using Environments Multicore enabled gy Efficient Allocation and Scheduling for DVFS- 28. Springer InternationalPublishing,2015. Computer Science, Vol. 9121, pages 690–701, in Notes Lecture 2015), (HAIS Systems gent Scheduling sis-based Analy Static and Perforation Loop Combining Algorithms Evolutionary via Processors ticore Garcia 29. Springer InternationalPublishing,2015. 153–163, pages 368, Vol. Computing, and Systems Intelligent in Advances 2015), (SOCO Applications Environmental and Industrial in Models Computing Soft on Conference tional Taskof Modeling based Dependences Copula- via Algorithms Evolutionary on based Scheduling Stochastic Energy-aware Improved 27. Vol. 458,pages478–493,Springer, 2015. in Information and Communication Technology, tions and Innovations (AIAI’15), IFIP Advances

Dario Catalano, Dario Catalano, Morales Francisco José Zorana Bankovic Zorana Zorana Bankovic Zorana Bankovic . Pre-Indexed Terms for Prolog . Trading-off Accuracy vs. Energy in Mul Dario Fiore Dario Fiore , , Pedro Lopez-Garcia . Hybrid Artificial Intelli Artificial Hybrid . Umer Liqat , Pedro Lopez-Garcia Pedro , Manuel Hermene Manuel . ACM CCS 2015 CCS ACM . . , Using Linearly- Luca Nizzardo. , . Genetic and . Proceedings Pedro Lopez- . Advances . . Interna . . Ener ------.

a n n u a l r e p o r t 91 software a n n u a l r e p o r t 92 software 2015, Proceedings, Part II, pages 95–107, 2015. 95–107, pages II, Part Proceedings, 2015, 6-10, July Japan, Kyoto, 2015, ICALP quium, Collo International 42nd - Programming and lity to State Reachability tin Enea, Jad Hamza. 37. 2015. Machinery, Computing for Association 85–90, pages 2015, 15-17, January India, Mumbai, PEPM, Manipulation, Program and Evaluation Partial on Workshop 2015 the of Proceedings traint Specialisation in Horn Clause Verification 36. pages 209–226,Springer, 2015. Lecture Notes in Computer Science, Vol. 8931, Proceedings, 2015. 12-14, January India, bai, Mum 2015, VMCAI Conference, International 16th - Interpretation Abstract and Checking, verification clause Horn to application with refinement automata-based 35. Mechanics Conference,ESMC2015,2015. fracture composites of lations CZM implementation for massively parallel simu Molina-Aldareguia, Mariano Vazquez. M. Jon Makradi, Ahmed Houzeaux, Guillaume Casoni, Eva Tjahjanto, Denny Noels, Ludovic Wu, Ling Samaniego, Cristobal Sket, Federico 34. Computer Society, 2015. IEEE 2015, (Oakland) Privacy and Security on on Proofs Data Authenticated Privacy-Preserving and Practical Fiore 33. 2015. II, LNCS, Vol. 9216, pages 254–274, Springer, Part Proceedings, CA, 2015, 16-20, August USA, Barbara, Santa Conference, Cryptology Annual 35th – 2015 CRYPTO – Cryptology in

Ahmed Bouajjani, Kafle, Bishoksan Kafle, Bishoksan Jerusalem, Antoine Barbosa, Manuel Backes, Michael , Raphael M. Reischuk. . 36th IEEE Symposium IEEE 36th . On Reducing Linearizabi John P.John Gallagher Michael Emmi John P.John Gallagher . Automata, Languages, Guillermo Vigueras Guillermo . Verification, Model Model Verification, . ADSNARK: Nearly . European Solid Solid European . , Constan An XFEM/ . . Cons Dario Dario Tree ------. , ESOP 2015, Held as Part of the European Joint Programming, on Symposium European 24th - nization Synchro Event-Based with Programs chronous Rosa-Velardo.dar,Fernando 40. pages 451–454,2015. Proceedings, 2015. 11-18, April UK, London, ETAPSSoftware, of Practice and Theory 2015, on Conferences Joint European the of Part as Held 2015, TACAS Conference, International the Construction and Analysis of Systems - 21st petition Contribution) maric. Emmi 39. 260–269, ACM,2015. pages 2015, 15-17, June USA, OR, Portland, 2015, PLDI Implementation, and Design ge Langua Programming on Conference PLAN Reasoning Hamza. 38.

Arvind Haran, Montgomery Carter,Montgomery Haran, Arvind Emmi Michael Michael Emmi , Akash Lal, Shaz Qadeer, Zvonimir Raka SMACK+Corral: A Modular Verifier - (Com . Programming Languages and Systems Monitoring Refinement via Symbolic Symbolic via Refinement Monitoring . Proceedings of the 36th ACM SIG ACM 36th the of Proceedings . , Pierre Ganty , Constantin Enea, Jad Jad Enea, Constantin , . Tools and Algorithms for Analysis of Asyn of Analysis , Rupak Majum Michael ------Dania 43. 218–232, Springer, 2015. pages 9033, Vol. Science, Computer in Notes Lecture Proceedings, 2015. 11-18, April UK, London, 2015, ETAPS Software, and of Practice Theory on Conferences Joint European the of Part as Held 2015, FASE Conference, International 18th - Engineering Software to Applications ment Data-Manage about Reasoning Formal Based 42. 15-17, 2015,pages651–662,ACM,2015. January India, Mumbai, 2015, POPL guages, Symposium on Principles of Programming Lan SIGPLAN-SIGACT ACM Annual 42nd the of Objects Concurrent for Checking Hamza. Jad Enea, tantin 41. Proceedings, pages535–559,2015. ETAPS 2015, London, UK, April 11-18, 2015. Conferences on Theory and Practice of Software, ce, Vol. 8931, pages 318–335, Springer, 2015. Proceedings, Lecture Notes in Computer Scien 2015. 12-14, January India, Mumbai, 2015, VMCAI Conference, International 16th - tation Interpre Abstract and Checking, Model cation, Systems Hybrid of Analysis Stability for Abstraction Predicate Quantitative of dations 45. pages 256–269,2015. Proceedings, 2015, 2-4, September Spain, Madrid, 2015, FORMATS Conference, tional Interna Timed13th of - Analysis Systems and Systems Hybrid Linear tonic Viswanathan. 44. lian ComputerSociety, 2015. 2015, CRPIT, Vol. 165, pages 91–100, Austra lling, APCCM 2015, Sydney, Australia, January Mode Conceptual on Conference Asia-Pacific Policies Control Access Fine-Grained

Miguel Ángel García de Dios Carolina Inés Dania Bouajjani, Ahmed Pavithra Prabhakar Pavithra Prabhakar Pavithra , Manuel Clavel Manuel Deciding Concurrent Planar Mono . Fundamental Approaches Approaches Fundamental . . Formal Reasoning about Reasoning Formal , , , Nima Roohi, Mahesh Mahesh Roohi, Nima , Michael Emmi Michael Manuel Clavel Miriam García Miriam TractableRefinement . Formal Modeling Modeling Formal . , . Proceedings Proceedings . Carolina Inés . , Cons , . Verifi. . Model- . 11th 11th . Foun ------Pierre Ganty 48. Concurrency Theory, 2015. tocols Rupak Majumdar. 47. Computer Society, 2015. IEEE Design, System for Models and Methods Formal on Conf. Int. ACM-IEEE Terminationto fication Prabhakar Pavithra 46. pages 329–341,2015. 2015, 15-17, January India, Mumbai, 2015, POPL Languages, Programming of Principles on Symposium SIGPLAN-SIGACT ACM Annual analysis of executables similarity syntactic/semantic Mixed Automata: Lakhotia, Isabella Mastroeni. 52. January 15-17,2015,pages261–273,2015. India, Mumbai, 2015, POPL Languages, ming Program of Principles on Symposium SIGACT Proceedings of the 42nd Annual ACM SIGPLAN- Francesco Ranzato. 51. ACM, IEEE,2015. (EMSOFT), Software Embedded on Conference linear systems parameterized of computation flowpipe error 50. of ComputationTheory, LNCS,Springer, 2015. Fundamentals on Symp. Int. 20th Proc. ’15: Programs Integer Flat for Reachability 49. Springer, 2015. Computer Aided Verification, LNCS, Vol. 9206, Systems Shared-Memory Asynchronous Parameterized

Antoine Durand-Gasselin, Javier Esparza, Esparza, Javier Durand-Gasselin, Antoine Javier Esparza, Ganty Pierre Mila Dalla Preda, Giacobazzi Roberto Lal, Ratan Ganty Pierre . CONCUR ’15: Proc. 26th Int. Conf. on on Conf. Int. 26th Proc. ’15: CONCUR . . CAV ’15: Proc. 25th Int. Conf. on on Conf. Int. 25th Proc. ’15: CAV . , Rupak Majumdar. . Proceedings of the International Pavithra Prabhakar Pavithra , Radu Iosif. Radu , , Samir Genaim, Ratan Lal, Lal, Ratan Genaim, Samir , Verification of Population Pro Population of Verification Pierre Ganty Analyzing Program Analyses . From Non-Zenoness VeriNon-Zenoness From Roberto Giacobazzi . Proceedings of the 42nd . MEMOCODE ’15: 13th ’15: MEMOCODE . , Francesco Logozzo, Logozzo, Francesco , Abstract Symbolic , Jérôme Leroux, Interprocedural Interprocedural Model Checking . Bounded Bounded , Arun . FCT . - - - .

a n n u a l r e p o r t 93 software a n n u a l r e p o r t 94 software 3. Conference, Amsterdam,2015. Reloaded Design by Privacy neering 2. 1-14, arXiv:1512.03862. pages 2015, 199, EPTCS ’15), (VPT Transformation Program and Verification on verification clause Horn Ganty 1. Workshops arXiv:1512.09369. 2015. arXiv:1501.03064, (HIP3ES), Systems Embedded Efficient Energy Performance High Analysis Static via Verification Hermenegildo Klemen Maximiliano 4. 1433, CEUR-WS.org, 2015. Extended Abstract. ber 4, 2015, CEUR Workshop Proceedings, Vol. (ICLP 2015), Cork, Ireland, August 31 - Septem International Conference on Logic Programming 31st the of Communications Technical the of Abstract) (Extended Execution a Generic Interface to Integrate CLP and Tabled

Joaquín Arias Herrero Gurses, S. Kafle, Bishoksan Pedro Lopez-Garcia Pedro . Decomposition by tree dimension in in dimension tree by Decomposition Carmela TroncosoCarmela . Towards Energy Consumption Consumption Energy Towards John P.John Gallagher , , Umer Liqat Umer , Manuel Carro . 3rd Int. Workshop Workshop Int. 3rd . Remy Haemmerle Remy , C. Diaz. C. , . Workshop on on Workshop . . Proceedings Proceedings . , . Privacy Privacy . . Manuel Manuel Towards , Pierre Pierre Engi - - , 257–284, MorganKaufmann,2015. pages Data, Software Analyzing of Science and Anomalies for Apps Android Mining Zeller. Andreas Gross, Tavecchia,Florian Ilaria 2. College Publications,January2015. 55, Vol. Foundations, and Logic Mathematical An Overview Cryptography: in Proofs Computer-Aided Grégoire, 1. 6.1.2. Springer, 2015. Lecture Notes in Computer Science, Vol. 8978, Proceedings 2015. 4-6, Italy,March, Milan, 2015, ESSoS Symposium, International 7th - lova. 2. Leibniz-Zentrum fuerInformatik,2015. (Dagstu Dagstuhl– Schloss 123–141, pages 4, Num. Programming 15181) Seminar hl Probabilistic in Trends McIver.Annabelle Katoen, ter 1. 6.1.3.

Konstantin Kuznetsov, Konstantin Gilles Barthe Frank Piessens, Barthe Gilles Engineering Secure Software and Systems

and otherCollections Articles inBooks Edited Volumes . All about Proofs, Proofs for All (APPA), Benedikt Schmidt Benedikt , François Dupressoir, Benjamin , Andrew D. Gordon, Joost-Pie Gordon, D. Andrew , Juan Caballero . Dagstuhl Reports, Vol. 5, 5, Vol. Reports, Dagstuhl .

, Alessandra Gorla Alessandra Pierre-YvesStrub Challenges and and Challenges , Nataliia Bie . The Art Art The . - - - . . , (IMDEA SoftwareInstitute). Madrid (UPM). July 2015. Advisor: Manuel Carro execution a modular interface to integrate CLP and tabled 5. Software Institute). July 2015. Advisor: Pedro Lopez-Garcia (IMDEA (UPM). Madrid of TechnicalUniversity Thesis. other Resources via Abstract Interpretation sis and Verification of Energy Consumption and 4. Gorla (IMDEASoftwareInstitute). Alessandra Advisor: 2015. July (UPM). Madrid Evaluation ting Tools: Development of a Benchmark for the 3. chez (IMDEASoftwareInstitute). Sán César Advisor: 2015. September (UPM). Concu res Parametrized for Structu Data Concurrent and Programs rrrent Properties Temporal 2. Clavel (IMDEASoftwareInstitute). de Madrid (UCM). April 2015. Advisor: Manuel tions Applica Data-Management Secure of lopment 1. 6.1.4. (IMDEA SoftwareInstitute). Caballero Juan Advisor: 2015. January Madrid (UPM). of University Technical Thesis. BSc Module Reputation Endpoint an of mentation 7. (IMDEA SoftwareInstitute). Strub Pierre-Yves Advisor: 2015. July (UPM). Madrid of University Technical Thesis. MSc Framework EasyCrypt the for Engine Rewriting 6.

. PhD Thesis. Technical University of Madrid Marcos Sebastián Alarcón. Ramos. Guillermo Joaquín Arias. Maximiliano Klemen. Tahir Javaid Cheema. Sánchez. Alejandro Miguel A. García de Dios. . PhD Thesis. Universidad Complutense Complutense Universidad Thesis. PhD .

Doctoral, MasterandBachelorTheses . MSc Thesis. Technical of Thesis. University MSc . . MSc Thesis. Technical University of Design and implementation of Implementing a Term Term a Implementing Formal Verification of of Verification Formal Improved Static Analy Testing of Android Tes Model-driven Deve Design and Imple . MSc ------. . 1. 6.2.1. 6.2. Spain. October2015. Madrid, Summit, South Startup Spain at tion” educa and innovation digital in Entrepreneurs 6. San LorenzodelEscorial,Spain.June2015. Conference, Society Telecommunication tional Interna Regional European 26th the at curity” 5. Tallin, Estonia.May2015. on Types for Proofs and Programs (TYPES 2015). Invited talk at the 21st International Conference 4. Siena, Italy. July2015. Synthesis and Transformation (LOPSTR 2015). Program Logic-Based on Symposium national Implementations. Invited talk at the 25th Inter 3. N’Fis, Marrakesh,Morocco.December2015. Meridien Le 2015). (CANS Security Network 14th International Conference on Cryptology and the at talk Invited implementations. tographic 2. December 2015. Zealand. New Auckland, 2015). (ASIACRYPT Security Information and Cryptology of tion Applica and Theory the on Conference tional Interna Annual 21st the at talk phy.Invited Institute). Software (IMDEA Fiore Dario Advisor: 2015. sis. Technical University of Madrid (UPM). July Implementing Outsourcing Schemes 8.

Gilles Barthe Gilles Juan Caballero Juan Caballero Juan Gilles Barthe Gilles Barthe Barthe Gilles Rosario Sebastiano Russo. Sebastiano Rosario

Invited Talks by IMDEAScientists Invited andPlenaryTalks . Towards Verified Cryptographic . Computer-Aided Cryptography. . Towardscryp . high-assurance . Computer-Aided Cryptogra Computer-Aided . . Invited panel on “European “European on panel Invited . . Invited panel on “Cyberse on panel Invited . A Framework for for Framework A

. MSc The ------

a n n u a l r e p o r t 95 software a n n u a l r e p o r t 96 software 2015, Madrid,Spain.November2015. new tools and results. Invited talk at CyberCamp signatures: digital homomorphic via computing 12. September 2015. France. Paris, (WISE), Evaluation and Security Invited talk at the Workshop on Implementation: tographic Proofs for Low-Level Implementations. 11. Chi MinhCity, Vietnam. November2015. Computing and Applications (ACOMP 2015). Ho talk at the International Conference on Advanced Invited Applications. Data-Management of sis 10. Compostela, June2015. in research management in Spain”. Santiago de formulas “Success on series the at talk Invited 9. tems Week. Oslo,May2015. Sys Computing workshop, Systems Hybrid the at talk Invited Architectures. Hybrid for mation 8. Valencia, May2015. 7.

Manuel Manuel Carro Manuel Carro Carro Manuel

Dario Fiore Dario François Dupressoir Manuel Clavel . The IMDEA Software Institute. . Ensuring integrity in Cloud Cloud in integrity Ensuring . . Rule-Based Program Transfor . Formal Methods in Industry. in Methods Formal . . Model-Based Formal Analy . Computer-Aided Cryp - - - - note at 12th International Conference on Quan between Security and Performance. Invited key 19. la, Sweden.February2015. UPMARC Workshop on Memory Models, Uppsa the at talk Invited Isolation. Snapshot Parallel 18. Soft ware Engineering.September2015. Secure in Advances Recent in Workshop at Keynote anomalies. mining in challenges 17. Nebraska, USA.November2015. Lincoln, workshop, TESTBEDS at talk Keynote apps. of trustworthiness assess to tools testing 16. Melbourne, Australia.May2015. Melbourne, of University lecture, Invited Merit Programs. in VeilingInformation and Unveiling 15. September 2015. Santander,2015), (PROLE LEnguajes y Spain. Invited keynote at Jornadas sobre PROgramación Programs. in VeilingInformation and Unveiling 14. matical Institute,India.February2015. talk at the ACTS 2015 Workshop, Chennai Math Asynchronous Shared-Memory Systems. Invited 13. Spain. November2015. Barcelona, WorldCongress. Expo City Smart at Panel the at talk Invited reality? or utopia City: 21. Semantics. Nijmegen, Netherlands. Programming June 2015. of Foundations Mathematical the on Conference 31st the at keynote Invited fication and Verification of Concurrent Programs. 20. Madrid, Spain.September2015. 2015). (QEST Systems of Evaluation titative

Roberto Giacobazzi Roberto Giacobazzi Roberto Ganty Pierre Carmela Troncoso Aleks Nanevski Boris Koepf Alexey Gotsman Gorla Alessandra Gorla Alessandra . Reasoning about the Trade-off . Parameterized Verificationof Parameterized . . Dependent Types for Speci . Analysing and Optimising . Privacy-preserving Smart . Towards using Android Android using Towards . . Advances and current current and Advances . . Obscuring Code – Code Obscuring . – Code Obscuring . ------Park, USA.January2015. College at Maryland of University Workshop, MC2 at talk Invited Applications. Security its 7. INRIA RhoneAlpes,France.November2015. at talk Invited types. session model to tracts 6. University ofGenova,Italy. August2015. at talk Invited types. session model to tracts 5. University ParisDiderot,France.May2015. at talk Invited types. session model to tracts 4. August 2015. rings. Invited talk at MFCS 2015, Milano, Italy. Refacto Structure Data Behavior-Preserving 3. Israel. May2015. rings. Invited talk at Tel Aviv University, Tel Aviv, Refacto Structure Data Behavior-Preserving 2. mington, USA.February2015. University,Indiana Bloo at talk Invited rings. Refacto Structure Data Behavior-Preserving 1. 6.2.2. Técnicas Activas de Detección de Infraestruc de Detección de Activas Técnicas 10. Mali of in Dallas,USA.May2015. Detection Active cious Servers. Invited talk at University of Texas Internet-Scale Towards 9. Mali of Italy. April2015. Detection Active cious Servers. Invited talk at Università di Trento, Internet-Scale Towards 8.

Juan Caballero Juan Caballero Juan Juan Caballero Bernardi Giovanni Bernardi Giovanni Bernardi Giovanni Banerjee Anindya Banerjee Anindya Banerjee Anindya

Juan Caballero Juan

by IMDEAScientists Invited SeminarsandLectures . Internet-Wide Scanning and . CyberProbe & AutoProbe: AutoProbe: & CyberProbe . AutoProbe: & CyberProbe . . Malware, Cibercrimen y Cibercrimen Malware, . . Using higher-ordercon Using . higher-ordercon Using . higher-ordercon Using . . Modular Reasoning for for Reasoning Modular . for Reasoning Modular . for Reasoning Modular .

------Towards Internet-Scale Active Detection of Mali of Antipolis, France.September2015. Detection Active Sophia- Eurecom, at talk Invited Servers. cious Internet-Scale Towards 12. Madrid, Spain.September2015. meeting, FTR TrendMicro at on talk Invited Services. Tor Hidden Deanonymizing for Leaks 11. Universidad deLeón,Spain.July2015. Verano en Diseño Seguro y Análisis de Sistemas. turas Maliciosas. Invited seminar at Escuela de Spain. February2015. Madrid, III, Carlos Universidad at lecture ted ques for Secure Outsourcing to the Cloud. Invi 19. (RWC 2015),London,UK.January2015. WorkshopReal-WorldCryptography the at talk Invited Compilers. Masking Optimizing Secure 18. 2015. University of Maryland, College Park, USA. June Cryptography.Computer-Aided on School IACR tographic Proofs for Low-Level Implementations. 17. July 2015. France. Rennes, INRIA Security, and Methods Formal on Seminar the at talk Invited tations. Implemen Low-Level for Proofs Cryptographic 16. Ger Berlin, TU at talk many.Invited September2015. Attacks. Timing 15. at talk Schloss Dagstuhl.May2015. Invited Isolation. Snapshot Parallel 14. Lucca, Italy. January2015. IMT at talk Invited Isolation. Snapshot Parallel 13.

Juan Caballero Juan Juan Caballero Dario Fiore Dupressoir François François Dupressoir Dupressoir François Goran Doychev Cerone Andrea Andrea Cerone . Advanced Cryptographic Techni . Caronte: Detecting Location . Formalising and Optimising . Rational Protection Against . Analysing and Optimising Optimising and Analysing . . CyberProbe & AutoProbe: AutoProbe: & CyberProbe . . Computer-Aided Cryp . Towards Provably- Towards . . Computer-Aided Computer-Aided . ------

a n n u a l r e p o r t 97 software a n n u a l r e p o r t 98 software Tokyo Japan.March2015. computer security. Tokyo Shonan Village Center, to applications and analysis code level Low on Meeting Shonan the at talk Invited Automata. 28. Canada. July2015. thy apps on untrusted platforms. Irdeto, Ottawa, 27. Japan. October2015. Tokyo Center, Village Shonan Tokyo Privacy. and Security Verificationin and Methods Logic on Meeting Shonan the at talk Invited rence. 26. tember 2015. Sep Ireland. Cork, 2015). (ICLP Programming Logic on Conference International 31st CLP. and verification of imperative programs through 25. celona, Spain.September2015. Bar UPC, at Day Seminars Cryptography Keys. Public Short with Signatures (Homomorphic) to Applications and Constructions Private: go 24. September 2015. Spain. Murcia, RSME, Investigadores, Jovenes phic Encryption. Invited lecture at Congreso de 23. 2015. April Bochum. Cryptography, in Workshop Keys. Public Short with Signatures morphic) (Homo to Applications and Functions Hash 22. meeting, Warsaw, Poland.March2015. WG1 CryptoAction Data. Encrypted on tation 21. Paris, France.March2015. Supérieure, Normale École Data. Encrypted on phic Encryption to Evaluate Degree-2 Functions 20.

Roberto Giacobazzi Roberto Giacobazzi Roberto Giacobazzi Roberto Gallagher John Dario Fiore Fiore Dario Fiore Dario Fiore Dario Fiore Dario . Programmable Hash Functions . Efficiently Verifiable Compu Verifiable Efficiently . . Boosting Linearly-Homomor Boosting . Linearly-Homomor Boosting . . Asymmetric Programmable Programmable Asymmetric . . Invited tutorial on analysis on tutorial Invited . . Analysis for Trustworfor Analysis . . Abstract Non-Interfe Abstract . . Abstract Symbolic Symbolic Abstract . ------University. April2015. Timing Attacks. Invited talk at CISPA, Saarland 36. UK. March2015. Parallel Snapshot Isolation. University of Oxford, 35. University, Israel.August2015. Technionsystems. distributed in choices tency 34. Web Services,Herndon,VA, USA.June2015. Amazon systems. distributed in choices tency 33. App StoreAnalytics.October2015. help? Invited talk at Shonan meeting on Mobile tools generation input test Can apps: Android 32. 2015. June Spain. Cadiz, Testing, On Research And Training on School Summer International 11th the at course Invited Testing. Mobile in nities 31. March 2015. Italy. Verona, Verona, of University security. 30. Melbourne, Australia.May2015. Melbourne, of University Interpretation. tract 29. ming. April2015. Challenges and Trends in Probabilistic Program Seminar Dagstuhl talk Invited TimingAttacks. 38. ge Park,USA.November2015. Formal Methods for Information Security. Colle on Workshop NSF at talk Invited Attacks. nel 37.

Alessandra Gorla Roberto Giacobazzi Giacobazzi Roberto Boris Koepf Boris Koepf Boris Koepf Boris Alexey Gotsman Gotsman Alexey Gotsman Alexey Gorla Alessandra . The Economics of Side Chan Side of Economics The . . Rational Protection Against Against Protection Rational . Against Protection Rational . . Analysing and Optimising . Reasoning about consis about Reasoning . consis about Reasoning . . Challenges and Opportu . Big Code and software . Mining behavior of of behavior Mining . . Completeness in Abs in Completeness . ------dencies. generation for classes with environment depen test Automated Germany: University, Saarland 1. and thetitlesoftheirtalks. large. The following list shows the speakers at community academic the and campus the to open are talks and seminars our of invited to give talks at IMDEA Software. All were speakers external 21 2015, During 6.2.3. Invited talkatCEALIST. Saclay, France. ble Security using the EasyCrypt Proof Assistant. 43. College London,UK.April2015. Concurrent Resources. Invited talk at University 42. ted talkatGoogle,London,UK.April2015. 41. versity ofSaarland,Germany. November2015. of Malicious Infrastructures. Invited talk at Uni 40. shop, Malaga,Spain.May2015. Tools.WorkAnalysis ENTRA Resource CiaoPP 39. Germany: A Predictable Unification Algorithm Algorithm Unification Predictable A Germany: Saarbruecken, Systems, Software for titute 4. sing Science,UniversityofOulu, FI). the of lines Proces Information of (Department M-GROUP working of Overview Finland: 3. via Crowd-Sourcing. Research: Program Boosting: Program Synthesis 2.

Beta Ziliani Beta Oivo Markku Livshits Ben P.Juan Galeotti

Pierre-Yves Strub Ilya Sergey Ilya Sergey Antonio Nappa Liqat Umer

Invited SpeakerSeries . PhD Student, Max Planck Ins Planck Max Student, PhD . . Programming with Proofs. Invi . Programming and Proving with . Research Scientist, Microsoft Scientist, Research . . Professor, University of Oulu, Oulu, of University Professor, . . Recent Developments in the the in Developments Recent . . Active Detection Technique . Post-doctoral Researcher, Researcher, Post-doctoral . . An introduction to Prova ------pean Research Council: Funding opportunities opportunities Funding Council: Research pean Euro Department, Management Scientific of 7. modal BioSignalWearable Systems. Multi of Design Power Ultra-Low Switzerland: 6. Gesture-Based Programming. for Privacy and Security PrePose: Research: 5. Overloading. and Polymorphism Universe Featuring Coq for vations. A Controlled Experiment and Think-Aloud Obser Development: Software during Test Generation Unit Automated UK: Sheffield, of University 14. Search for Object-Oriented Test Suite Generation? Sheffield,of RandomGeneticUK:orAlgorithm 13. tems withDifferenceConstraintsArithmetic. Sys Horn Decidable France: Grenoble, CNRS, VERIMAG/ Group, Systems Complex and buted 12. Systems. Replicated in Levels Consistency of Choice the Automating Germany: Systems, Software for te 11. dancy toAutomaticallyGenerateTest Oracles. Lugano, Switzerland: Exploiting Intrinsic Italiana, Redun Svizzera della Università Students, 10. nation. termi University,Probabilistic land Germany: 9. versity, Germany:MiningSandboxes. 8. in theEuropeanResearchCouncil.

Jose Manuel Fernandez de Labastida de Fernandez Manuel Jose Atienza David Livshits Ben Luis Maria Ferrer Fioriti Andreas Zeller

Jose Miguel Rojas Miguel Jose Shamshiri Sina Radu Iosif Cheng Li Mattavelli Andrea and Goffi Alberto . PhD Student, Max Planck Institu . CNRS Researcher (CR1), Distri . Research Scientist, Microsoft Scientist, Research . . Full Professor, Saarland Uni . Associate Professor,EPFL, Associate . . PhD Student, University Student, PhD . . Research Associate, Associate, Research . . PhD Student, Saar . Head Head . . PhD PhD . ------

a n n u a l r e p o r t 99 software a n n u a l r e p o r t 100 software lient MaskingSchemes. University of Bochum, Germany: Leakage Resi 21. gium: AdvancedWeb Tracking Mechanisms. 20. tric Authenticationsystems. den: Attacks against Privacy-Preserving Biome 19. riants forParameterizedSystems. Munich, Germany: Synthesizing Cardinality Inva 18. Probabilistic Programs. Aachen, Germany: Understanding and Analyzing 17. expected valuesinprobabilisticprograms. Boulder,Colorado on of Invariants versity USA: 16. Proofs ofFine-GrainedConcurrentPrograms. tom Monitors: A Simple Foundation for Modular MIT,VerificationPhan Group, & USA: guages 15.

Sebastian Faust Günes Acar Elena Pagnin Gleissenthall von Klaus Katoen Joost-Pieter Sankaranarayanan Sriram Chlipala Adam . PhD Student, KU Leuven, Bel . PhD Student, Chalmers, Swe . Associate Professor,Lan Associate . . Assistant Professor, Ruhr- . Full Professor, RWTH Professor, Full . . PhD Student, TU TU Student, PhD . . Professor,Uni . ------(TGC 2015). Computing Global Trustworthy on Symposium 1. Pierre Ganty on SystemsSecurity(EuroSec2015). 2. Systems (ESSoS2015). and Software Secure Engineering on posium 1. Juan Caballero: 6.3.1. 6.3. given in2015. of total A collaboration. and communication foster to series nar semi internal an holds also Institute The 6.2.4.

Program co-chair of the 10th International International 10th the of co-chair Program TPC Co-chair of the 8th European Workshop Sym International 7th the of Co-chair TPC

Scientific Service and OtherActivities Conference andProgramCommittee Software SeminarSeries Chairmanship

32 seminars were seminars - -

& other activities Manuel Carro: (ETAPS). Conferences on Theory and Practice of Software 4. posium onSecurityandPrivacy(EuroS&P). 3. Security. 2. Reasoning. 1. Gilles Barthe: 6.3.2. of ComputerSecurity(FCS2015). 1. Boris Koepf: Engineering (ASE2015). International Conference on Automated Software 1. Alessandra Gorla: Area Editor for Technical Notes and Rapid Rapid and Publications. Notes Technical for Editor Area Univ.Press). (Cambridge Programming Logic 1. John Gallagher: 1. Dario Fiore: Logic Programming(ALP). 1.

Editorial board of Theory and Practice of of Practice and Theory of board Editorial Editorial boardofIETInformationSecurity. Conference Coordinator of the Association for Joint European the of committee Steering Sym European IEEE of committee Steering Computer of Journal the of board Editorial Automated of Journal the of board Editorial PC Co-chair of the Workshop on Foundations Tool Demonstrations co-chair, IEEE and ACM

Steering Committees Editorial BoardsandConference - Alexey Gotsman: and Protection. Security Information on School Summer tional 3. posium (SAS). 2. ples ofProgrammingLanguages(POPL). 1. Roberto Giacobazzi: nal oftheIGPL”(OxfordUpress). guages and Software Engineering, of the “Jour 7. (Elsevier North-Holland). 6. ration Computing”(Springer-Verlag). 5. ge U.Press). (Cambrid Programming” Logic of Practice and “Theory of implementation) and (architecture 4. Abstract Interpretation(VMCAI). and Checking, Model Verification, on ference 3. (FLOPS). Programming Logic and Functional on posium 2. Symposium (SAS). 1. Manuel Hermenegildo: Data (PaPoC),affiliatedwithEuroSys. ples and Practice of Consistency for Distributed 1.

Scientific Advisory Board of the 6th Interna Sym Analysis Static of Committee Steering Steering Committee of Symposium on Princi Area Editor, Algorithms in Programming Lan Logic” Applied of “Journal of Editor Area Associate Editor of the “Journal of New Gene Editor Area former and Advisor Editorial Steering Committee of the International Con Steering Committee of the International Sym Analysis Static the of Committee Steering Princi Workshopon of committee Steering ------

a n n u a l r e p o r t 101 software a n n u a l r e p o r t 102 software Methods (FM2015). 5. (ESOP 2015). 4. Logic InComputerScience(LICS2015). 3. niques (EUROCRYPT 2015). Theory and Applications of Cryptographic Tech 2. Communications Security(ACMCCS2015). 1. Gilles Barthe: 2015). Intelligence Applications and Innovations (AIAI 2. 2015). (EANN Networks Neural of Applications ring 1. Zorana Bankovic: 6.3.3. truction. Cons Program of Mathematics on Conference 1. Pablo Nogueira: tions ofComputerSecurity(FCS). 2. rity FoundationsSymposium(CSF). 1. Boris Koepf:

16th International Conference on Enginee on Conference International 16th International the of Committee Steering Steering committee of Workshop on Founda Steering committee of IEEE Computer Secu 20th International Symposium on Formal Formal on Symposium International 20th 24th European Symposium on Programming on Symposium ACM/IEEE Annual Thirtieth 34th Annual International Conference on the and Computer on Conference ACM 22nd Artificial on Conference International 11th

Participation inProgramCommittees - - - - - Manuel Clavel: (PROLE 2015). 4. posium (SOCA2015). Sym PhD Applications, & Computing Oriented 3. Oriented Computing(ICSOC2015). 2. gramming (ICLP2015). 1. Manuel Carro: rity Symposium(NDSS2015). 5. Security 2015). 4. logies (WOOT2015). 3. Ciberseguridad (JNIC2015). 2. Communications Security(ACMCCS2015). 1. Juan Caballero: Systems (PROOFS2015). 1. Francois Dupressoir: tems (MODELS2015). Sys and Languages Engineering Driven Model 2. (OCL 2015). Textual Modeling Applications and Case Studies 1.

24th USENIX Security Symposium (USENIX 9th USENIX Workshop on Offensive Techno en Investigación de Nacionales Jornadas I and Computer on Conference ACM 22nd Workshop on Security Proofs for Embedded Embedded for Proofs Security on Workshop ACM/IEEE 18th International Conference on and OCL on Workshop International 15th LEnguajes y PROgramación de Jornadas XV 8th IEEE International Conference on Service Service on Conference International 17th Pro Logic on Conference International 31st 2015 Network and Distributed System Secu - - - - - Automata, Logics and Formal Verification (Gan 1. Pierre Ganty: and ProgramTransformation (VPT2015). 2. cation andSynthesis(HCVS2015). 1. John Gallagher: Ciberseguridad (JNIC2015). 6. Communications Security(ACMCCS2015). 5. (CRYPTO 2015). 4. 2015). (PKC Cryptography Key Public in Theory and 3. 2015). Cryptography and Encrypted Computing (WAHC 2. Computing (SCC2015). 1. Dario Fiore: 2015. tection (SPRO 2015), in conjunction with ICSE 2. sium (SAS2015). 1. Roberto Giacobazzi: (SSS 2015). tion, Safety, and Security of Distributed Systems 2. dALF 2015).

1st International Workshop on Software PRO Sympo Analysis Static International 22nd Stabiliza on Symposium International 17th Games, on Symposium International 6th Third International Workshop on Verification Second Workshop on Horn Clauses for Verifi en Investigación de Nacionales Jornadas I and Computer on Conference ACM 22nd Conference Cryptology International 35th Practice on Conference International 18th Homomorphic Applied on Workshop 3rd International Workshop on Security in Cloud - - - - - 4. (member oftheExpertReviewPanel). on Automated Software Engineering (ASE 2015) 3. (FSE 2015)(ArtifactEvaluationcommittee). sium on the Foundations of Software Engineering 2. lopment Lifecycle for Mobile (DeMobile 2015). 1. Alessandra Gorla: (ESOP 2015). 4. guages andSystems(APLAS2015). 3. of Concurrency to System Design (ACSD 2015). 2. (PLACES 2015). currency- and Communication-cEntric Software 1. Alexey Gotsman: Software Engineering(ICSE). and ACM-SIGSOFT International Conference on ring (SCORE-it) 2015, co-located with the IEEE 7. Software Engineering(ICSE). and ACM-SIGSOFT International Conference on tems (SEAMS) 2015, co-located with the IEEE Engineering for Adaptive and Self-Managing Sys 6. 2015), SoftwareEngineeringInPracticetrack. (ICSE Engineering Software on Conference nal 5. Testing andAnalysis(ISSTA 2015).

ACM International Symposium on Software Software on Symposium International ACM 30th IEEE and ACM International Conference Sympo International SIGSOFT ACM 10th 3rd International Workshop on Software Deve 24th European Symposium on Programming 13th Asian Symposium on Programming Lan 15th International Conference on Application Con to Approaches Language Programming Italian Student Contest on Software Enginee Software on Symposium International 10th Internatio ACM-SIGSOFT and IEEE 37th ------

a n n u a l r e p o r t 103 software a n n u a l r e p o r t 104 software tion (VMCAI2015). Interpreta Abstract and Checking, Model tion, 3. of HybridSystems(IFAC ADHS2015). 2. 2015). 1. Pavithra Prabhakar: Proofs andPrograms,(TYPES2015). 1. Aleks Nanevski: ming (ICLP)DoctoralConsortium2015. 1. José Morales: ve EvaluationofSystems(QEST2015). 2. Symposium (CSF2015). 1. Boris Koepf: (LOPSTR 2015). Transformation and Synthesis Program Based 3. rce Analysis(FOPARA 2015). 2. Analysis (TAPAS 2015). 1. Manuel Hermenegildo: ficial Intelligence(IJCAI2015). 1. Rémy Haemmerlé:

12th International Conference on Quantitati Foundations Security Computer IEEE 28th Logic- on Symposium International 25th Foundational and Practical Aspects of Resou 6th workshop on Tools for Automatic Program Arti on Conference Joint International 24th 16th International Conference on Verifica on Conference International 16th 5th IFAC Conference on Analysis and Design (ACC Conference Control American 55th Typesfor on Conference International 21st Program Logic on Conference International ------rity (FCS2015). 1. Benedikt Schmidt: systems (VERY* 2015). 5. Aspects ofSoftwareEngineering(TASE 2015). 4. Architectures andProgramming(SOAP2015). Service-Oriented on Track (SAC) Computing 3. damentals ofSoftwareEngineering(FSEN’15). 2. MATS’15). Modeling and Analysis of Timed Systems (FOR 1. Cesar Sanchez: 2. tography andDataSecurity2015. 1. Carmela Troncoso: grams (STOP2015). 1. Ilya Sergey: (HSCC 2015). Control and Computation Systems: Hybrid 6. Verification (RV 2015). 5. Software Verification (NSV2015). 4.

13th International Conference on Formal on Conference International 13th Selected AreasinCryptography2015. Cryp Financial on Conference International Pro to Scripts on Workshop International Secu Computer of Foundations on Workshop 2nd Workshop on formal verification for self-* 9th International Symposium on Theoretical Applied On Symposium ACM Annual 30th Fun on Conference International IPM 6th 18th ACM International Conference on on Conference International ACM 18th Runtime on Conference International 15th Numerical on Workshop International 8th - - - - - and its Implementation in eHealth Systems, Ho 1. Manuel Clavel: Group. nator of the EIT Digital Madrid Associate Partner 3. Informatics Europe. 2. 1. Manuel Carro: Brazil. July2015. mation Security and Protection. Rio de Janeiro, 1. Roberto Giacobazzi: in ProbabilisticProgramming. 2. Design (FOSAD). School on Foundations of Security Analysis and 1. Gilles Barthe: 6.3.4. phy Seminar. January2015. 2. graphy forSecureDigitalInteraction.” 1. Dario Fiore: Chi MinhCity, Vietnam. February 2015.

Co-organizer of the first Itinerant Cryptogra Itinerant first the of Co-organizer “Crypto IC1306 Action COST of Vice-chair Management Privacy Data on Workshop 1st Coordi Scientific and Manager Co-Location Deputy representative of IMDEA Software in Representative ofUPMinERCIM. Infor on School Summer International 6th Trendsand Challenges on seminar Dagsthul International the of committee Organizing

Committees Association andOrganization - - - - 4. board. evaluation department Europe Informatics ber 3. tive board. 2. Group. 1. Manuel Hermenegildo: Technologies Symposium(PETS). 2. Enhancing Technologies (PoPETs). 1. Carmela Troncoso: Maryland, CollegePark,USA,June2015. of Cryptography,Computer-Aided University on 1. Benedikt Schmidt: Computational Logic (IFCoLog) Advisory 0Board. 9. Logic Programming. 8. ware) scientificboard. 7. sory board. 6. 5.

Elected PresidentofSpaRCIM. Mem Europe. Informatics Vice-Presidentof execu Europe Informatics member Elected Director, EIT Digital Madrid Associate Partner Steering Committee of Privacy Enhancing Enhancing Privacy of Committee Steering Privacy on Proceedings Board Editorial School Summer IACR the of Co-organizer for Federation International the of Member Secretary of the International Association for Member IRILL (French Institute for Free Soft Member of Schloss Dagstuhl scientific advi Member Academia Europaea . - - - -

a n n u a l r e p o r t 105 software a n n u a l r e p o r t 106 software petition onSoftwareVerification (SV-COMP 2015). and one bronze medal at the 4th International Com medal, silver one medals, gold two of winner the SMACK+Corral, the tool described in that paper, was truction and Analysis of Systems (TACAS 2015). Cons the for ToolsAlgorithms on and ference Modular Verifier. In Proc. 21st International Con A SMACK+Corral: Rakamaric. Z. and Qadeer, 1. Other Awards: and Innovations(AIAI2015). Conference on Artificial Intelligence Applications with Faster Energy Estimation. 11th International Algorithms YDS and Evolutionary combining by Efficient Scheduling in Multicore Environments Lopez-Garcia 5. PEPM workshop2015. Verification. Clause Horn in Specialisation int 4. Best paperaward(category“Shortpapers”). de Investigacion en Ciberseguridad (JNIC 2015). res with Shorter Public Keys. I Jornadastions and Applications Nacionalesto (Homomorphic) Signatu Construc Private: go Functions Hash grammable 3. vacy (Oakland2015). cations. 2015 IEEE Symposium on Security & Pri Scale: Assessing Deceptive Advertisement Modifi nio Nappa Ho, Damon McCoy, Chris Grier, Vern Paxson, Grant Pearce, Paul Provos, Niels Abu, Moheeb 2. vacy (Oakland 2015). of TLS. 2015 IEEE Symposium on Security & Pri the Union: Taming the Composite State Machines Strub Pironti, Alfredo Kohlweiss, Markulf Fournet, Cedric Delignat-Lavaud, Antoine van, 1. Conference PaperAwards: 6.4.

Dario Catalano, Jagpal, Nav Bursztein, Elie Thomas, Kurt Bharga Karthikeyan Beurdouche, Benjamin A. Haran, M. Carter, M. Haran, A. Bankovic Zorana Bishoksan Kafle,

, Jean Karim Zinzindohoue. A Messy State of Awards , Alexandros Kapravelos. Ad Injection at . A PracticalApproach for Energy Energy for PracticalApproach A . Dario Fiore John P. Gallagher , Best practicalpaperaward. Distinguished paper award. Umer Liqat Umer Best paperaward. M. Emmi, M. , Luca Nizzardo Best paperaward. , and , A. Lal, S. S. Lal, A. Pierre-Yves . Constra Pedro Pedro Anto . Pro ------tive/2015/science-movie-scientists-does- http://www.imdea.org/events/imdea-initia Full description: and ManuelCarro(deputydirector). researchers Manuel Hermenegildo (director) Institute Software IMDEA by participated was show The movies. in shown is what to similarare work andcharacter, drivetheir drove them to pursue their research, and if art... and, above all, of themselves: of what sciences that nurture the so-called seventh image of science and movie scientists, of the layout of a live talk show, they spoke of the industry and science. To do so, following film the of the facets many the showed tutes ing point, researchers from the IMDEA Insti tion? fic surpass reality Does scientists: movie “ topic unifying as had year initiative“Researchers’ Night”, whichthis Institute participated in the European-wide Software IMDEA the years, previous in as Night. Researcher’s dissemination and the promotion of science. participated to a number of events related to In 2015 IMDEA Software researchers have 6.5. reality-surpass-fiction

” Taking their field of expertise as start Dissemination Events

In September 2015, 2015, September In Science and and Science - - - -

events 2015 includedthefollowing: entrepreneurship-oriented events, which in and industrial of range wide a in ticipates par and organizes Institute the end, this of the return on investment of research. To awareness create to and results seminate dis to are missions additional important transfer), such of accelerators significant Digital, EIT of node associate Spanish the of activities the all to results of tion exploita commercial the to committed partners industrial with projects research (from before mentioned collaboration and transfer of forms the all to addition In try. indus with collaboration and transfer ogy strongly committed to supporting technol Events. Entrepreneurship-Oriented and Industrial The IMDEA Software Institute is is Institute Software IMDEA The - - - - - 1. 7. 6. 5. 4. 3. 2.

EIT Digital EIT UPM. December2015. with Workshops, Industrial Innovatech November–December 2015. Digital EIT October 2015. Summit. South / Startup Spain EIT: September 2015. day. info / Demo Liaison FI-PPP EIT come Day.September2015. Wel Master Science Data EIT/UPM: EIT INNOVEIT.May2015. ary 2015. Transfiere Raising I&E Awareness I&E Raising (Malaga). Febru (Malaga). - - .

a n n u a l r e p o r t 107 software scientific highlights

7.1. The FREAK Attack [110] 7.2. Computer-Aided Cryptographic Proofs [112] 7.3. Cyber-Attack Detection from Network Traffic [114] 7.4. Medals in International Verification Competition [116] 7.5. Energy Transparency for Developing Energy-Efficient Software [118]

a n n u a l r e p o r t a n n u a l r e p o r t 110 software Rocquencourt, France, and Cedric Fournet and Markulf Kohleiss of Microsoft Research. gavan, Antoine Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of INRIA This work was performed in collaboration with Benjamin Beurdouche, Karthikeyan Bhar mentations. “FREAK”isoneofthevulnerabilitiesdiscovered. suggest potential vulnerabilities, and were to converted into exploits in actual TLS imple responses Inadmissible implementations. existing by accepted fact in were responses those of any whether test and protocol, the by disallowed be should which responses ill-formed generate systematically to able were they protocols, TLS of implementations reference formally-verified building By family. protocol (SSL) Layer” Sockets “Secure ubiquitous the to successor increasingly-popular the is which (TLS), Security” Layer “Transport as know protocols authentication of family the on focused researchers The as awhole. Internet the of and users Internet of security the compromise to hackers by exploited be could unnoticed, if attack, FREAK publicized the including which, vulnerabilities several uncovered and protocols, authentication of implementations in vulnerabilities discover to technique automated an developed have colleagues his and Institute, ware ingly secure Internet authentication software. Pierre–Yves Strub, from the IMDEA Soft This discovery was made within the miTLS project, which is aimed at developing increas large numberofwebserversandclientshasthusreceivedmajormediaimpact. a affects problem The websites. malicious with interacting into browsers web trick to pages securely. The flaw, dubbed “FREAK: Factoring RSA Export Keys” can be exploited encryption mechanism, known as TLS, that is used widely on the Internet to access web popular a in vulnerability a uncovered UK Cambridge, Research Microsoft and France IMDEA Software Institute researchers, together with colleagues at INRIA Rocquencourt, The FREAKAttack - - - - [1] Related publications

sium onSecurityandPrivacy2015,S&P2015. Zinzindohoue “A Messy State of the Union: Taming the Composite State Machines of TLS.” in IEEE Sympo J.-K. Strub, P.-Y. Pironti, A. Kohlweiss, M. Fournet, C. Delignat-Lavaud, A. Bhargavan, K. Beurdouche, B. -

a n n u a l r e p o r t 111 software a n n u a l r e p o r t 112 software algorithms, using for instance laser beams to reset a register to a default value. In col In value. default a to register a reset to beams laser instance for using algorithms, of embedded systems, where adversaries can tamper with the execution of cryptographic elliptic curve implementations [3]; such attacks are particularly effective in the setting on attacks fault new discover to techniques synthesis applied also have they Moreover, discovery of a new scheme with improved efficiency compared to existing constructions. structure preserving signatures in the generic group model. The toolchain has lead to the Software Institute have developed an automated toolchain [4] to synthesize and analyze In collaboration with researchers at University of Pennsylvania, researchers at the IMDEA University of Pennsylvania, started in 2015 and has already made significant progress. called is which project, The (ONR). Research Naval of Office US the from funding attracted recently has work of line second The [2]. orders arbitrary at analysis power differential against countermeasures with Keccak or AES as such algorithms of implementations enhances that compiler certifying a is achievement recent Another [6]. Naxos as such protocols exchange key one-round for security of proof modular a and [1], compiler) verified CompCert the with combination in EasyCrypt (using standard PKCS#1 the of the first line of work, recent achievements include a formally verified x86 implementation graphic systems and automated analysis and synthesis of cryptographic constructions. In The team is exploring two main directions of research: applications to real-world crypto attracting between30and70participants. — 2015 in Maryland of University the at and 2014 November in Paris in 2013, July in Pennsylvania of University the at place took ecosystem this to dedicated workshops Research-INRIA joint centre (in the context of the MiTLS project). Summer schools and by multiple external research groups including MIT Lincoln Laboratory and the Microsoft proofs of widely deployed cryptographic algorithms and protocols. It has also been used bilistic computations with adversarial code and has been used to build machine-checked the EasyCrypt is tool. EasyCrypt is research dedicated to of reasoning about line relational properties of this proba of results main the of One proofs. security cryptographic checking and writing, finding, for tools developing are INRIA and Institute Software To deal with the rising complexity of cryptographic proofs, researchers from the IMDEA SynCrypt and involves the IMDEA Software Institute, Stanford University, and and University, Stanford Institute, Software IMDEA the involves and Computer-Aided CryptographicProofs - - - [6] [5] [4] [3] [2] [1] Related publications reasoning principlesinpen-and-paperproofs. previous knowledge of formal methods and is based on a logic that formalizes standard constructions in the standard model. The tool can be used by cryptographers without any also developed an automated tool for proving the security of pairing-based cryptographic laboration with researchers at INRIA, researchers at the IMDEA Software Institute have

One-Round Key Exchange Protocols” in 34th European Conference on Advances in Cryptology, Eurocrypt 2015. of Proofs Machine-checked Modular Gap: the “Mind Schmidt, B. and Lakhnech, Y. Crespo, J.M. Barthe, G. ence onComputerandCommunicationsSecurity,CCS2015. G. Barthe, B. Grégoire, B. Schmidt, “Automated Proofs of Pairing-Based Cryptography”, in 22nd ACM Confer and TheoryofPublic-KeyCryptography,PKC2015. ing Signatures from Type II Pairings: Synthesis and LowerG. Barthe, Bounds”,E. Fagerholm, D. in Fiore, IACRA. Scedrov, InternationalB. Schmidt, M. Tibouchi, Conference“Strongly-Optimal Structure Preserv on Practice graphic implementations,” in 21th ACM Conference on Computer and Communications Security, CCS 2014. crypto on attacks fault of “Synthesis Zapalowicz, J. and Grégoire B. Fouque, P. Dupressoir, F. Barthe, G. Cryptology, Eurocrypt2015. Pierre-Yves Strub, “Verified Proofs of Higher-Order Masking,” in 34th European Conference on Advances in Gilles Barthe and Sonia Belaïd and François Dupressoir and Pierre-Alain Fouque and Benjamin Grégoire and Communications Security,CCS2013. provably secure machine code from high-level implementations,” in 20th ACM Conference on Computer and efficient cryptography: computer-aided “Certified Dupressoir, F. and Barthe G. Barbosa, M. Almeida, J.B. - - -

a n n u a l r e p o r t 113 software a n n u a l r e p o r t 114 software TNO, as part of their security services to Italian clients in the banking and energy sectors. by Reply Communications Valley, with the support of the IMDEA Software Institute and ing, in December 2015 the CADENCE system was launched commercially. It is offered in Milan to demonstrate the technology. After nearly two years of developement and test the enterprise network and may have been compromised. A showroom was also created During 2015, the emphasis was on detection on mobile devices that may be present on leading tocommercializationofresearchresultsatthe10thMadri+dawards. The CADENCE project was awarded an honourable mention for public-private cooperation partners andconvertingthemintoaproduct. focuses on innovation with the goal of maturing previous technologies developed by the Threats (APTs) and malware communication with its remote infrastructures. The project which monitors network traffic in an enterprise network and detects Advanced Persistent The goal of the CADENCE project is to develop and commercialize the CADENCE sensor, (The Netherlands), Reply Communications Valley (taly), and the IMDEA Software Institute. TNO partners: European 3 comprises consortium CADENCE The 2015. and 2014 during techniques. CADENCE is a project funded by EIT Digital (formerly known as EIT ICTsor Labs) capable of detecting cyberattacks in network traffic byCADENCE (Cyber applyingAttack Detector novelENgineering for Commercial anomalyExploitation) is detectiona security sen Cyber-Attack DetectionfromNetworkTraffic - - [2] [1] Related publications

attacktraffic ourselves allowing ustodetermine t such environment homogeneous fairly [10 a in is detection exception notable A [8]. [7], attacks (D)DoS detection intrusion on focused has detection based hete an of perimeter network the within from coming of because approaches other from differs method Our traffic and known attack traffic. Based on these da ob to order in traffic attack simulated inserted we ex conducted we cases, use these of each For proxy. & command for traffic http(s) using exfiltration, ca use representative three present we purpose that dete anomalystatistical and [5] flows network only the whether question the on focus we paper this In the APTrather activity (elements 3-7). to not is problem this to solution A void. security the to inside the from communicate APTs installed, the through pass easily therefore and email as such typically APTs outside. the from coming threat the su solutions security perimeter network Also, time. security the disable will it machine, the infected signaturesand exist signatures no target, of each for customized list a against executable an anti compare as such solutions security host-based example, ine are and 2) (element beca place taking from solutions infection security existing bypass easily APTs APT. typical Thedistincta of The elements 1 Figure

Intrusions andDefenses,St.Lucia,October,2013. Attacks, in Research on Symposium International 16th the of Proceedings In Behaviors”. Network Mixed M. Zubair Rafique and Juan Caballero. “FIRMA: Malware Clustering and Network Signature Generation with of Drive-byDownloadOperations”InInternationalJournalInformationSecurity,June2014 Analysis and Identification Dataset: MALICIA “The Caballero. Juan and Rafique, Zubair M. Nappa, Antonio detection of the elements 3, 4 and 7 are the subject the 3, and 4 are 7 elements the of detection solution and remain on the host for a long period o period long a for host the on remain andsolution he effectiveness of the detection. detection. the of effectiveness he try to detect the initial infection (element 2), b ta sets developedwe new detection methods. control, and extending access by use of a rogue a of use by access extending and control, [6], such as port scanning activity [7], [8], [9] a [9] [8], [7], activity scanning port as such [6], using detected be can APT an of activity network piggy back on allowed communication channels channels communication allowed on back piggy network perimeter security. Furthermore, once against protect they because fail firewalls as ch detection fails. Furthermore, once the APT has ction in case of attack elements 3, 4 and 7. For For 7. and 4 3, elements attack of case in ction ffective once the infection has taken place. For place. taken has infection the once ffective tain unique data sets containing both baseline baseline both containing sets data unique tain periments in a real operational network where network operational real a in periments wee h rsaces oue a anomaly at focused researchers the where ] s tee ouin fcs t rvnig the preventing at focus solutions these use ses, namely applying DNS tunnelling for data for tunnelling DNS applying namely ses, vrs otae r bpse bcue they because bypassed are software -virus rogeneous office network. Traditionally flow- Traditionally network. office rogeneous two reasons. Firstly, we focus on the threat s dt cne. eody w isre the inserted we Secondly, center. data a as usd efciey edrn te perimeter the rendering effectively outside f nw mlae Sne Ps r highly are APTs Since malware. known of

of this research. this research. of

a n n u a l r e p o r t 115

software nd ut ut f a n n u a l r e p o r t 116 software medals total. more earned entries three only and medals, gold more earned entry one Only verifiers. top-performing the among it placing — bronze one and silver, one gold, two — egories named entry, competition Institute’s In collaboration with the University of Utah and Microsoft Research, the IMDEA Software highest-scoring verifiersareawardedmedals:gold,silver,and bronze. awarded according to the accuracy of classification. In each problem category, the three are Points problem. per seconds 900 of limit time a within “unknown”, or “incorrect”, ten in the C programming language. The verifiers classify problems either as “correct”, writ code source as provided are problems the and code, executable as submitted are verifiers The verifier. the by verified be must correctness whose program computer a is “problem” each and “verifier”, a called program computer a is entry competition Each verification problems. Research, and the IMDEA Software Institute competed across 13 categories of software Normale Supérieure ( Ecole University, York New including institutions research top from entries 22 which in event, increasingly-competitive an of installment annual 4th the marked year This together thetopinternationalminds. both simultaneously. surmounting in challenge the and obstacles, engineering practical limitations, philosophical fundamental to due develop, to challenging extremely been has verifiers since the dawn of computer science, the technology enabling widespread use of software can cost lives and great monetary loss. Though the goal of verified software has existed bugs software functionality: correct its on dependent more and more becomes society as area research important unarguably an is verification Software software. computer the invention of new methods, technologies, and tools for the automated verification of The International Competition on Software Verification ( Medals inInternationalVerificationCompetition SV-COMP ENS ) of Paris, University of Freiburg, Tsinghua University, Microsoft aims to advance software verification technology by bringing SMACK +Corral, was awarded medals in four cat four in medals awarded was +Corral, SV-COMP ) is a driving force for - - [2] [1] Related publications by theauthorsofeachentry,andanofficialannouncementcompetitionresults. presentation short a included event The London. in (TACAS), Systems of Analysis and as part of the 21st International Conference on Tools and Algorithms for the Construction The SV-COMP 2015 post-competition event was held on the week of April 13th, 2015, tion asapowerfulverifierofC-languageprograms. mathematical representation should be classified as “correct”. Combined, the two func given the whether decide to algorithms reasoning novel applies Research, Microsoft by developed Corral, provers”. “theorem as known engines logical-reasoning automated by processed more-easily be can which representations mathematical into problems verification C-language the translate to is smack of role The Institute. Software IMDEA the of Emmi Michael and Utah, of University the of Rakamaric Zvonimir by led project open-source an is SMACK programs. two of fusion the is SMACK+Corral Technically,

Proc. 26thInternationalConferenceonComputerAidedVerification(CAV’14). Springer,2014. Z. (TACAS ’15).Springer,2015. Systems of Analysis and Construction the for Algorithms and Tools on Conference International 21st Proc. A.

Rakamaric and M. Haran, M. Haran,

Carter, M. Carter,

Emmi. SMACK: Decoupling Source Language Details from Verifier Implementations. In

Emmi, A. Emmi,

Lal, S. Lal,

Qadeer, and Z. and Qadeer,

Rakamaric. SMACK+Corral: A Modular Verifier. In Verifier. Modular A SMACK+Corral: Rakamaric. -

a n n u a l r e p o r t 117 software a n n u a l r e p o r t 118 software above can be arbitrarily large, depending on the extent to which a program is designed is program a which to extent the on depending large, arbitrarily be can above mentioned tools and techniques the applying by achieved savings energy the Although be optimizedfirst,becauseof theirgreaterimpactonthetotalenergyconsumption. traditional resource analyses, as it allows identifying the parts of a program that should the than development software energy-aware for aid valuable more a is It developed. Most recently, a novel tool for profiling parametric accumulated cost statically has been systems. multi-core for techniques scheduling task with together hardware current by offered features useful exploit that [4,5,6] techniques optimization program and [8], been developed, such as a system for the verification of energy consumptionlevel. In addition,specifications other techniques and tools based on the energy transparency view have intermediate representation (LLVM IR), as well as upwards reflection to the source-code compiler the and assembly including levels, different at consumption energy infer to the programs [9], and uses low-level models of machine instructions or basic blocks [2] performed at compile-time (using abstract interpretation), i.e., without actually running mates the energy consumed by programs as functions on input data size. The analysis is energy transparency, such as, this e.g., enable a multi-level that static tools program and analysis techniques [3,7,9] of that esti number a include project the of results The the programmer’stoolbox. to tools energy-related adding and programmers for issue first-class a to consumption energy raising allows This used. or designed is software which at layer the at visible immediately be should layer hardware the at consumption energy that implies code, Achieving University ofBristol(UK)andXMOSLtd(describedinChapter5). Systems Energy Transparency,” in collaboration with Roskilde University (Denmark), the Whole- “ENTRA: project FET FP7 EU the of context the in performed is development An important part of the IMDEA Software Institute’s research on energy-efficient software energy transparency Energy TransparencyforDeveloping through the system layers, from machine code to source Energy-Efficient Software -

optimal utilization optimal minimum of minimum Systemefficiency Minimum energy Minimum currentsoftware hardwaredesign when running running when achievable byachievable consumption Theoretical Zero of hardware existing

energy ideal

developmentmethods Currentsystem Energy Energy Transparency System Energy Characteristic Breakdown Whole-Systems

realised by SW efficiency capabilities and between HW Substantial gap

ENTRA [4] [3] [2] [1] Related publications energy-aware toolsinthesoftwarelife-cycle. decisions on energy, and developing a set of recommendations for the integration of such mization, in order to enable engineers to understand and quantify the impact of design Current work focuses on maturing the prototype tools for analysis, verification, and opti factor ofthreetofivebeyondwhatcanbeachievedthroughenergyefficienthardware. addition, an estimate from Intel is that energy-efficient software can realize savings of a In 50%. to 6% of factor a by efficient energy increased show studies case with results taking energy efficiency into account and uses energy saving features, our experimental [5] development - enabled efficient

in ComputerScience,Vol.8901,pages72–90,Springer,2014. and Transformation, 23rd International Symposium, LOPSTR 2013, Revised Selected Papers, Lecture Notes Energy Consumption Analysis of Programs based on XMOS ISA-level Models. Logic-Based Program Synthesis U. Scheduling forXMOSChips Z. in ComputerScience,Springer.Toappear. of Resource Analysis. Fourth International Workshop FOPARA 2015, Revised Selected Papers, Lecture Notes ring Energy Consumption at Different Software Levels: ISA vs. LLVM IR. Foundational and Practical Aspects U. and LogicProgramming(FLOPS2016),volume9613ofLNCS,pages163-180.Springer,March2016. tional Approach to Parametric Accumulated-cost Static Profiling R. Programming (ICLP’14)SpecialIssue Interpretation Using Sized Types. A.

Haemmerlé, P. Bankovic´P. and Serrano, P. enhancements energy tracks Software closely available hardware efficiency on improvement Significant software energy running when Systemefficiency Liqat, K. Liqat, S.

future future HW - optimized

in in SW

Kerrison, A. Georgiou, S.

Lopez-Garcia, and M.

Lopez-Garcia, U.

Lopez-Garcia.

Serrano, K. Kerrison, P. . Neurocomputing,Vol.150,pages82–89,Elsevier,February2015. Theory and Practice of Logic Programming, 30th Int’l. Conference on Logic

Stochastic vs. Deterministic Evolutionary Algorithm-based Allocation and Allocation Algorithm-based Evolutionary Deterministic vs. Stochastic Liqat, M.

Georgiou, P. Hermenegildo. Resource Usage Analysis of Logic Programs via Abstract

Lopez-Garcia, M. , 14(4-5):739–754,2014.

Klemen, J.

Lopez-Garcia, N.

P. V.

Gallagher and Manuel Hermenegildo. Hermenegildo, J. . 13th International Symposium on Functional

Grech, M.

P.

V.

Gallagher, and K.

Hermenegildo, and K. A Transforma

Eder. Infer

Eder. - - -

a n n u a l r e p o r t 119 software editor imdea software institute graphic design base 12 diseño y comunicación photos on pages 13 and 14 Daniel Schäfer photo in page 11 Víctor Castelo legal deposit number M-8312-2016

Madrid, Spain Madrid, Alarcón de Pozuelo 28223 Montegancedo de Campus Software IMDEA Instituto 58 13 101 91 +34 fax 02 22 101 91 +34 tel. [email protected] Contact t r o p e r l a u n n a

www.software.imdea.org