Computer Security Javier Lopez

Visit to download the full and correct content document:

https://textbookfull.com/product/computer-security-javier-lopez/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...

Computer Security 23rd European Symposium on Research

in Computer Security ESORICS 2018 Barcelona Spain
September 3 7 2018 Proceedings Part I Javier Lopez

https://textbookfull.com/product/computer-security-23rd-european-
symposium-on-research-in-computer-security-
esorics-2018-barcelona-spain-september-3-7-2018-proceedings-part-
i-javier-lopez/

Information Security Practice and Experience 11th

International Conference ISPEC 2015 Beijing China May 5
8 2015 Proceedings 1st Edition Javier Lopez

https://textbookfull.com/product/information-security-practice-
and-experience-11th-international-conference-ispec-2015-beijing-
china-may-5-8-2015-proceedings-1st-edition-javier-lopez/

Risks and Security of Internet and Systems 9th

International Conference CRiSIS 2014 Trento Italy
August 27 29 2014 Revised Selected Papers 1st Edition
Javier Lopez
https://textbookfull.com/product/risks-and-security-of-internet-
and-systems-9th-international-conference-crisis-2014-trento-
italy-august-27-29-2014-revised-selected-papers-1st-edition-
javier-lopez/

Principles of Computer Security: CompTIA Security+ and

Beyond Conklin

https://textbookfull.com/product/principles-of-computer-security-
comptia-security-and-beyond-conklin/
Computer Security Art and Science Matthew Bishop

https://textbookfull.com/product/computer-security-art-and-
science-matthew-bishop/

Computer Security Fundamentals, 4th Edition Chuck

Easttom

https://textbookfull.com/product/computer-security-
fundamentals-4th-edition-chuck-easttom/

Single Variable Calculus Robert Lopez

https://textbookfull.com/product/single-variable-calculus-robert-
lopez/

Security in Computer and Information Sciences Erol

Gelenbe

https://textbookfull.com/product/security-in-computer-and-
information-sciences-erol-gelenbe/

Guide to Computer Network Security Joseph Migga Kizza

https://textbookfull.com/product/guide-to-computer-network-
security-joseph-migga-kizza/
 Javier Lopez · Jianying Zhou
Miguel Soriano (Eds.)
LNCS 11099

Computer Security
23rd European Symposium
on Research in Computer Security, ESORICS 2018
Barcelona, Spain, September 3–7, 2018, Proceedings, Part II

123
Lecture Notes in Computer Science 11099
Commenced Publication in 1973
Founding and Former Series Editors:
Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen

Editorial Board
David Hutchison
Lancaster University, Lancaster, UK
Takeo Kanade
Carnegie Mellon University, Pittsburgh, PA, USA
Josef Kittler
University of Surrey, Guildford, UK
Jon M. Kleinberg
Cornell University, Ithaca, NY, USA
Friedemann Mattern
ETH Zurich, Zurich, Switzerland
John C. Mitchell
Stanford University, Stanford, CA, USA
Moni Naor
Weizmann Institute of Science, Rehovot, Israel
C. Pandu Rangan
Indian Institute of Technology Madras, Chennai, India
Bernhard Steffen
TU Dortmund University, Dortmund, Germany
Demetri Terzopoulos
University of California, Los Angeles, CA, USA
Doug Tygar
University of California, Berkeley, CA, USA
Gerhard Weikum
Max Planck Institute for Informatics, Saarbrücken, Germany
More information about this series at http://www.springer.com/series/7410
Javier Lopez Jianying Zhou
•

Miguel Soriano (Eds.)

Computer Security
23rd European Symposium
on Research in Computer Security, ESORICS 2018
Barcelona, Spain, September 3–7, 2018
Proceedings, Part II

123
Editors
Javier Lopez Miguel Soriano
Department of Computer Science Universitat Politècnica de Catalunya
University of Malaga Barcelona
Málaga, Málaga Spain
Spain
Jianying Zhou
Singapore University of Technology
and Design
Singapore
Singapore

ISSN 0302-9743 ISSN 1611-3349 (electronic)

Lecture Notes in Computer Science
ISBN 978-3-319-98988-4 ISBN 978-3-319-98989-1 (eBook)
https://doi.org/10.1007/978-3-319-98989-1

Library of Congress Control Number: 2018951097

LNCS Sublibrary: SL4 – Security and Cryptology

© Springer Nature Switzerland AG 2018

This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the
material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation,
broadcasting, reproduction on microfilms or in any other physical way, and transmission or information
storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now
known or hereafter developed.
The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication
does not imply, even in the absence of a specific statement, that such names are exempt from the relevant
protective laws and regulations and therefore free for general use.
The publisher, the authors and the editors are safe to assume that the advice and information in this book are
believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors
give a warranty, express or implied, with respect to the material contained herein or for any errors or
omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in
published maps and institutional affiliations.

This Springer imprint is published by the registered company Springer Nature Switzerland AG
The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland
 Preface

This book contains the papers that were selected for presentation and publication at the
23rd European Symposium on Research in Computer Security — ESORICS 2018 –
which was held in Barcelona, Spain, September 3–7, 2018. The aim of ESORICS is to
further the progress of research in computer, information, and cyber security and in
privacy, by establishing a European forum for bringing together researchers in these
areas, by promoting the exchange of ideas with system developers, and by encouraging
links with researchers in related fields.
In response to the call for papers, 283 papers were submitted to the conference.
These papers were evaluated on the basis of their significance, novelty, and technical
quality. Each paper was reviewed by at least three members of the Program Committee.
The Program Committee meeting was held electronically, with intensive discussion
over a period of two weeks. Finally, 56 papers were selected for presentation at the
conference, giving an acceptance rate of 20%.
ESORICS 2018 would not have been possible without the contributions of the many
volunteers who freely gave their time and expertise. We would like to thank the
members of the Program Committee and the external reviewers for their substantial
work in evaluating the papers. We would also like to thank the general chair, Miguel
Soriano, the organization chair, Josep Pegueroles, the workshop chair, Joaquin
Garcia-Alfaro, and all workshop co-chairs, the publicity chairs, Giovanni Livraga and
Rodrigo Roman, and the ESORICS Steering Committee and its chair, Sokratis
Katsikas.
Finally, we would like to express our thanks to the authors who submitted papers to
ESORICS. They, more than anyone else, are what makes this conference possible.
We hope that you will find the program stimulating and a source of inspiration for
future research.

June 2018 Javier Lopez

Jianying Zhou
 ESORICS 2018
23rd European Symposium on Research in Computer Security
Barcelona, Spain
September 3–7, 2018

Organized by Universitat Politecnica de Catalunya - BarcelonaTech, Spain

General Chair
Miguel Soriano Universitat Politecnica de Catalunya, Spain

Program Chairs
Javier Lopez University of Malaga, Spain
Jianying Zhou SUTD, Singapore

Workshop Chair
Joaquin Garcia-Alfaro Telecom SudParis, France

Organizing Chair
Josep Pegueroles Universitat Politecnica de Catalunya, Spain

Publicity Chairs
Giovanni Livraga Università degli studi di Milano, Italy
Rodrigo Roman University of Malaga, Spain

Program Committee
Gail-Joon Ahn Arizona State University, USA
Cristina Alcaraz University of Malaga, Spain
Elli Androulaki IBM Research - Zurich, Switzerland
Vijay Atluri Rutgers University, USA
Michael Backes Saarland University, Germany
Carlo Blundo Università degli Studi di Salerno, Italy
Levente Buttyan BME, Hungary
Jan Camenisch IBM Research - Zurich, Switzerland
Alvaro Cardenas University of Texas at Dallas, USA
Aldar C-F. Chan University of Hong Kong, SAR China
Liqun Chen University of Surrey, UK
VIII ESORICS 2018

Sherman S. M. Chow Chinese University of Hong Kong, SAR China

Mauro Conti University of Padua, Italy
Jorge Cuellar Siemens AG, Germany
Frédéric Cuppens TELECOM Bretagne, France
Nora Cuppens-Boulahia TELECOM Bretagne, France
Marc Dacier EURECOM, France
Sabrina De Capitani di Università degli studi di Milano, Italy
Vimercati
Hervé Debar Télécom SudParis, France
Roberto Di-Pietro HBKU, Qatar
Josep Domingo-Ferrer University Rovira-Virgili, Spain
Haixin Duan Tsinghua University, China
José M. Fernandez Polytechnique Montreal, Canada
Jose-Luis Ferrer-Gomila University of the Balearic Islands, Spain
Simone Fischer-Hübner Karlstad University, Sweden
Simon Foley IMT Atlantique, France
Sara Foresti Università degli studi di Milano, Italy
David Galindo University of Birmingham, UK
Debin Gao Singapore Management University, Singapore
Dieter Gollmann Hamburg University of Technology, Germany
Dimitris Gritzalis Athens University of Economics and Business, Greece
Stefanos Gritzalis University of the Aegean, Greece
Guofei Gu Texas A&M University, USA
Juan Hernández Universitat Politècnica de Catalunya, Spain
Amir Herzberg Bar-Ilan University, Israel
Xinyi Huang Fujian Normal University, China
Sushil Jajodia George Mason University, USA
Vasilios Katos Bournemouth University, UK
Sokratis Katsikas NTNU, Norway
Kwangjo Kim KAIST, Korea
Steve Kremer Inria, France
Marina Krotofil FireEye, USA
Costas Lambrinoudakis University of Piraeus, Greece
Loukas Lazos University of Arizona, USA
Ninghui Li Purdue University, USA
Yingjiu Li Singapore Management University, Singapore
Hoon-Wei Lim SingTel, Singapore
Joseph Liu Monash University, Australia
Peng Liu Pennsylvania State University, USA
Xiapu Luo Hong Kong Polytechnic University, SAR China
Mark Manulis University of Surrey, UK
Konstantinos RHUL, UK
Markantonakis
Olivier Markowitch Université Libre de Bruxelles, Belgium
Fabio Martinelli IIT-CNR, Italy
Gregorio Martinez Perez University of Murcia, Spain
 ESORICS 2018 IX

Ivan Martinovic University of Oxford, UK

Sjouke Mauw University of Luxembourg, Luxembourg
Catherine Meadows Naval Research Laboratory, USA
Weizhi Meng Technical University of Denmark, Denmark
Chris Mitchell RHUL, UK
Haralambos Mouratidis University of Brighton, UK
David Naccache Ecole Normale Superieure, France
Martín Ochoa Universidad del Rosario, Colombia
Eiji Okamoto University of Tsukuba, Japan
Rolf Oppliger eSECURITY Technologies, Switzerland
Günther Pernul Universität Regensburg, Germany
Joachim Posegga University of Passau, Germany
Christina Pöpper NYU Abu Dhabi, UAE
Indrajit Ray Colorado State University, USA
Giovanni Russello University of Auckland, New Zealand
Mark Ryan University of Birmingham, UK
Peter Y. A. Ryan University of Luxembourg, Luxembourg
Rei Safavi-Naini University of Calgary, Canada
Pierangela Samarati Universitá degli studi di Milano, Italy
Damien Sauveron XLIM, France
Steve Schneider University of Surrey, UK
Einar Snekkenes Gjovik University College, Norway
Willy Susilo University of Wollongong, Australia
Pawel Szalachowski SUTD, Singapore
Qiang Tang LIST, Luxembourg
Juan Tapiador University Carlos III, Spain
Nils Ole Tippenhauer SUTD, Singapore
Aggeliki Tsohou Ionian University, Greece
Jaideep Vaidya Rutgers University, USA
Serge Vaudenay EPFL, Switzerland
Luca Viganò King’s College London, UK
Michael Waidner Fraunhofer SIT, Germany
Cong Wang City University of Hong Kong, SAR China
Lingyu Wang Concordia University, Canada
Edgar Weippl SBA Research, Austria
Christos Xenakis University of Piraeus, Greece
Kehuan Zhang Chinese University of Hong Kong, SAR China
Sencun Zhu Pennsylvania State University, USA

Organizing Committee

Oscar Esparza Isabel Martin

Marcel Fernandez Jose L. Munoz
Juan Hernandez Josep Pegueroles
Olga Leon
X ESORICS 2018

Additional Reviewers

Akand, Mamun Dong, Shuaike

Al Maqbali, Fatma Dupressoir, François
Albanese, Massimiliano Durak, Betül
Amerini, Irene Eckhart, Matthias
Ammari, Nader El Kassem, Nada
Avizheh, Sepideh Elkhiyaoui, Kaoutar
Balli, Fatih Englbrecht, Ludwig
Bamiloshin, Michael Epiphaniou, Gregory
Bana, Gergei Fernández-Gago, Carmen
Banik, Subhadeep Fojtik, Roman
Becerra, Jose Freeman, Kevin
Belguith, Sana Fritsch, Lothar
Ben Adar-Bessos, Mai Fuchsbauer, Georg
Berners-Lee, Ela Fuller, Ben
Berthier, Paul Gabriele, Lenzini
Bezawada, Bruhadeshwar Gadyatskaya, Olga
Biondo, Andrea Galdi, Clemente
Blanco-Justicia, Alberto Gassais, Robin
Blazy, Olivier Genc, Ziya A.
Boschini, Cecilia Georgiopoulou, Zafeiroula
Brandt, Markus Groll, Sebastian
Bursuc, Sergiu Groszschaedl, Johann
Böhm, Fabian Guan, Le
Cao, Chen Han, Jinguang
Caprolu, Maurantonio Hassan, Fadi
Catuogno, Luigi Hill, Allister
Cetinkaya, Orhan Hong, Kevin
Chang, Bing Horváth, Máté
Charlie, Jacomme Hu, Hongxin
Chau, Sze Yiu Huh, Jun Ho
Chen, Rongmao Iakovakis, George
Cheval, Vincent Iovino, Vincenzo
Cho, Haehyun Jadla, Marwen
Choi, Gwangbae Jansen, Kai
Chow, Yang-Wai Jonker, Hugo
Ciampi, Michele Judmayer, Aljosha
Costantino, Gianpiero Kalloniatis, Christos
Dai, Tianxiang Kambourakis, Georgios
Dashevskyi, Stanislav Kannwischer, Matthias Julius
Del Vasto, Luis Kar, Diptendu
Diamantopoulou, Vasiliki Karamchandani, Neeraj
Dietz, Marietheres Karati, Sabyasach
Divakaran, Dinil Karati, Sabyasachi
 ESORICS 2018 XI

Karegar, Farzaneh Nasim, Tariq

Karopoulos, Georgios Neven, Gregory
Karyda, Maria Ngamboe, Mikaela
Kasra, Shabnam Nieto, Ana
Kohls, Katharina Ntantogian, Christoforos
Kokolakis, Spyros Nuñez, David
Kordy, Barbara Oest, Adam
Krenn, Stephan Ohtake, Go
Kilinç, Handan Oqaily, Momen
Labrèche, François Ordean, Mihai
Lai, Jianchang P., Vinod
Lain, Daniele Panaousis, Emmanouil
Lee, Jehyun Papaioannou, Thanos
Leontiadis, Iraklis Paraboschi, Stefano
Lerman, Liran Park, Jinbum
León, Olga Parra Rodriguez, Juan D.
Li, Shujun Parra-Arnau, Javier
Li, Yan Pasa, Luca
Liang, Kaitai Paspatis, Ioannis
Lin, Yan Perillo, Angelo Massimo
Liu, Shengli Pillai, Prashant
Losiouk, Eleonora Pindado, Zaira
Lykou, Georgia Pitropakis, Nikolaos
Lyvas, Christos Poh, Geong Sen
Ma, Jack P. K. Puchta, Alexander
Magkos, Emmanouil Pöhls, Henrich C.
Majumdar, Suryadipta Radomirovic, Sasa
Malliaros, Stefanos Ramírez-Cruz, Yunior
Manjón, Jesús A. Raponi, Simone
Marktscheffel, Tobias Rial, Alfredo
Martinez, Sergio Ribes-González, Jordi
Martucci, Leonardo Rios, Ruben
Mayer, Wilfried Roenne, Peter
Mcmahon-Stone, Christopher Roman, Rodrigo
Menges, Florian Rubio Medrano, Carlos
Mentzeliotou, Despoina Rupprecht, David
Mercaldo, Francesco Salazar, Luis
Mohamady, Meisam Saracino, Andrea
Mohanty, Manoranjan Schindler, Philipp
Moreira, Jose Schnitzler, Theodor
Mulamba, Dieudonne Scotti, Fabio
Murmann, Patrick Sempreboni, Diego
Muñoz, Jose L. Senf, Daniel
Mykoniati, Maria Sengupta, Binanda
Mylonas, Alexios Sentanoe, Stewart
Nabi, Mahmoodon Sheikhalishahi, Mina
XII ESORICS 2018

Shirani, Paria Vukolic, Marko

Shrishak, Kris Wang, Daibin
Siniscalchi, Luisa Wang, Ding
Smith, Zach Wang, Haining
Smyth, Ben Wang, Jiafan
Soria-Comas, Jordi Wang, Jianfeng
Soumelidou, Katerina Wang, Juan
Spooner, Nick Wang, Jun
Stergiopoulos, George Wang, Tianhao
Stifter, Nicholas Wang, Xiaolei
Stojkovski, Borce Wang, Xiuhua
Sun, Menghan Whitefield, Jorden
Sun, Zhibo Wong, Harry W. H.
Syta, Ewa Wu, Huangting
Tai, Raymond K. H. Xu, Jia
Tang, Xiaoxiao Xu, Jun
Taubmann, Benjamin Xu, Lei
Tian, Yangguang Yang, Guangliang
Toffalini, Flavio Yautsiukhin, Artsiom
Tolomei, Gabriele Yu, Yong
Towa, Patrick Yuan, Lunpin
Tsalis, Nikolaos Zamyatin, Alexei
Tsiatsikas, Zisis Zhang, Lei
Tsoumas, Bill Zhang, Liang Feng
Urdaneta, Marielba Zhang, Yangyong
Valente, Junia Zhang, Yuexin
Venkatesan, Sridhar Zhao, Liang
Veroni, Eleni Zhao, Yongjun
Vielberth, Manfred Zhao, Ziming
Virvilis, Nick Zuo, Cong
Vizár, Damian
 Contents – Part II

Mobile Security

Workflow-Aware Security of Integrated Mobility Services . . . . . . . . . . . . . . 3

Prabhakaran Kasinathan and Jorge Cuellar

Emulation-Instrumented Fuzz Testing of 4G/LTE Android Mobile Devices

Guided by Reinforcement Learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Kaiming Fang and Guanhua Yan

PIAnalyzer: A Precise Approach for PendingIntent Vulnerability Analysis . . . 41

Sascha Groß, Abhishek Tiwari, and Christian Hammer

Investigating Fingerprinters and Fingerprinting-Alike Behaviour

of Android Applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Christof Ferreira Torres and Hugo Jonker

Database and Web Security

Towards Efficient Verifiable Conjunctive Keyword Search for Large

Encrypted Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Jianfeng Wang, Xiaofeng Chen, Shi-Feng Sun, Joseph K. Liu,
Man Ho Au, and Zhi-Hui Zhan

Order-Revealing Encryption: File-Injection Attack and Forward Security . . . . 101

Xingchen Wang and Yunlei Zhao

SEISMIC: SEcure In-lined Script Monitors for Interrupting Cryptojacks. . . . . 122

Wenhao Wang, Benjamin Ferrell, Xiaoyang Xu, Kevin W. Hamlen,
and Shuang Hao

Detecting and Characterizing Web Bot Traffic in a Large

E-commerce Marketplace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Haitao Xu, Zhao Li, Chen Chu, Yuanmi Chen, Yifan Yang, Haifeng Lu,
Haining Wang, and Angelos Stavrou

Cloud Security

Dissemination of Authenticated Tree-Structured Data with Privacy

Protection and Fine-Grained Control in Outsourced Databases . . . . . . . . . . . 167
Jianghua Liu, Jinhua Ma, Wanlei Zhou, Yang Xiang, and Xinyi Huang
XIV Contents – Part II

Efficient and Secure Outsourcing of Differentially Private

Data Publication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Jin Li, Heng Ye, Wei Wang, Wenjing Lou, Y. Thomas Hou, Jiqiang Liu,
and Rongxing Lu

Symmetric Searchable Encryption with Sharing and Unsharing . . . . . . . . . . . 207

Sarvar Patel, Giuseppe Persiano, and Kevin Yeo

Dynamic Searchable Symmetric Encryption Schemes Supporting Range

Queries with Forward (and Backward) Security . . . . . . . . . . . . . . . . . . . . . 228
Cong Zuo, Shi-Feng Sun, Joseph K. Liu, Jun Shao, and Josef Pieprzyk

Applied Crypto (I)

Breaking Message Integrity of an End-to-End Encryption

Scheme of LINE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Takanori Isobe and Kazuhiko Minematsu

Scalable Wildcarded Identity-Based Encryption. . . . . . . . . . . . . . . . . . . . . . 269

Jihye Kim, Seunghwa Lee, Jiwon Lee, and Hyunok Oh

Logarithmic-Size Ring Signatures with Tight Security

from the DDH Assumption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
Benoît Libert, Thomas Peters, and Chen Qian

RiffleScrambler – A Memory-Hard Password Storing Function . . . . . . . . . . . 309

Karol Gotfryd, Paweł Lorek, and Filip Zagórski

Privacy (II)

Practical Strategy-Resistant Privacy-Preserving Elections . . . . . . . . . . . . . . . 331

Sébastien Canard, David Pointcheval, Quentin Santos,
and Jacques Traoré

Formal Analysis of Vote Privacy Using Computationally Complete

Symbolic Attacker. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Gergei Bana, Rohit Chadha, and Ajay Kumar Eeralla

Location Proximity Attacks Against Mobile Targets: Analytical Bounds

and Attacker Strategies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Xueou Wang, Xiaolu Hou, Ruben Rios, Per Hallgren,
Nils Ole Tippenhauer, and Martín Ochoa
 Contents – Part II XV

Multi-party Computation

Constant-Round Client-Aided Secure Comparison Protocol . . . . . . . . . . . . . 395

Hiraku Morita, Nuttapong Attrapadung, Tadanori Teruya,
Satsuya Ohata, Koji Nuida, and Goichiro Hanaoka

Towards Practical RAM Based Secure Computation . . . . . . . . . . . . . . . . . . 416

Niklas Buescher, Alina Weber, and Stefan Katzenbeisser

Improved Signature Schemes for Secure Multi-party Computation

with Certified Inputs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438
Marina Blanton and Myoungin Jeong

SDN Security

Stealthy Probing-Based Verification (SPV): An Active Approach

to Defending Software Defined Networks Against Topology
Poisoning Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
Amir Alimohammadifar, Suryadipta Majumdar, Taous Madi,
Yosr Jarraya, Makan Pourzandi, Lingyu Wang, and Mourad Debbabi

Trust Anchors in Software Defined Networks . . . . . . . . . . . . . . . . . . . . . . . 485

Nicolae Paladi, Linus Karlsson, and Khalid Elbashir

Applied Crypto (II)

Concessive Online/Offline Attribute Based Encryption with Cryptographic

Reverse Firewalls—Secure and Efficient Fine-Grained Access Control
on Corrupted Machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507
Hui Ma, Rui Zhang, Guomin Yang, Zishuai Song, Shuzhou Sun,
and Yuting Xiao

Making Any Attribute-Based Encryption Accountable, Efficiently . . . . . . . . . 527

Junzuo Lai and Qiang Tang

Decentralized Policy-Hiding ABE with Receiver Privacy . . . . . . . . . . . . . . . 548

Yan Michalevsky and Marc Joye

Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 569

 Contents – Part I

Software Security

CASTSAN: Efficient Detection of Polymorphic C++ Object Type

Confusions with LLVM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Paul Muntean, Sebastian Wuerl, Jens Grossklags, and Claudia Eckert

On Leveraging Coding Habits for Effective Binary Authorship Attribution. . . 26

Saed Alrabaee, Paria Shirani, Lingyu Wang, Mourad Debbabi,
and Aiman Hanna

Synthesis of a Permissive Security Monitor . . . . . . . . . . . . . . . . . . . . . . . . 48

Narges Khakpour and Charilaos Skandylas

MobileFindr: Function Similarity Identification for Reversing

Mobile Binaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Yibin Liao, Ruoyan Cai, Guodong Zhu, Yue Yin, and Kang Li

Blockchain and Machine Learning

Strain: A Secure Auction for Blockchains . . . . . . . . . . . . . . . . . . . . . . . . . 87

Erik-Oliver Blass and Florian Kerschbaum

Channels: Horizontal Scaling and Confidentiality

on Permissioned Blockchains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Elli Androulaki, Christian Cachin, Angelo De Caro,
and Eleftherios Kokoris-Kogias

Stay On-Topic: Generating Context-Specific Fake Restaurant Reviews. . . . . . 132

Mika Juuti, Bo Sun, Tatsuya Mori, and N. Asokan

Efficient Proof Composition for Verifiable Computation . . . . . . . . . . . . . . . 152

Julien Keuffer, Refik Molva, and Hervé Chabanne

Hardware Security

Navigating the Samsung TrustZone and Cache-Attacks

on the Keymaster Trustlet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Ben Lapid and Avishai Wool

Combination of Hardware and Software: An Efficient AES Implementation

Resistant to Side-Channel Attacks on All Programmable SoC . . . . . . . . . . . . 197
Jingquan Ge, Neng Gao, Chenyang Tu, Ji Xiang, Zeyi Liu, and Jun Yuan
XVIII Contents – Part I

How Secure Is Green IT? The Case of Software-Based Energy

Side Channels. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Heiko Mantel, Johannes Schickel, Alexandra Weber,
and Friedrich Weber

Attacks

Phishing Attacks Modifications and Evolutions . . . . . . . . . . . . . . . . . . . . . . 243

Qian Cui, Guy-Vincent Jourdan, Gregor V. Bochmann,
Iosif-Viorel Onut, and Jason Flood

SILK-TV: Secret Information Leakage from Keystroke Timing Videos . . . . . 263

Kiran S. Balagani, Mauro Conti, Paolo Gasti, Martin Georgiev,
Tristan Gurtler, Daniele Lain, Charissa Miller, Kendall Molas,
Nikita Samarin, Eugen Saraci, Gene Tsudik, and Lynn Wu

A Formal Approach to Analyzing Cyber-Forensics Evidence . . . . . . . . . . . . 281

Erisa Karafili, Matteo Cristani, and Luca Viganò

Malware and Vulnerabilities

Beneath the Bonnet: A Breakdown of Diagnostic Security . . . . . . . . . . . . . . 305

Jan Van den Herrewegen and Flavio D. Garcia

Extending Automated Protocol State Learning for the 802.11

4-Way Handshake . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
Chris McMahon Stone, Tom Chothia, and Joeri de Ruiter

Automatic Detection of Various Malicious Traffic Using Side Channel

Features on TCP Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
George Stergiopoulos, Alexander Talavari, Evangelos Bitsikas,
and Dimitris Gritzalis

PwIN – Pwning Intel piN: Why DBI is Unsuitable

for Security Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
Julian Kirsch, Zhechko Zhechev, Bruno Bierbaumer,
and Thomas Kittel

Protocol Security

POR for Security Protocol Equivalences: Beyond Action-Determinism . . . . . 385

David Baelde, Stéphanie Delaune, and Lucca Hirschi

Automated Identification of Desynchronisation Attacks on Shared Secrets . . . 406

Sjouke Mauw, Zach Smith, Jorge Toro-Pozo,
and Rolando Trujillo-Rasua
 Contents – Part I XIX

Stateful Protocol Composition. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427

Andreas V. Hess, Sebastian A. Mödersheim, and Achim D. Brucker

Privacy (I)

Towards Understanding Privacy Implications of Adware and Potentially

Unwanted Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449
Tobias Urban, Dennis Tatang, Thorsten Holz, and Norbert Pohlmann

Anonymous Single-Sign-On for n Designated Services with Traceability . . . . 470

Jinguang Han, Liqun Chen, Steve Schneider, Helen Treharne,
and Stephan Wesemeyer

Efficiently Deciding Equivalence for Standard Primitives and Phases. . . . . . . 491

Véronique Cortier, Antoine Dallon, and Stéphanie Delaune

DigesTor: Comparing Passive Traffic Analysis Attacks on Tor . . . . . . . . . . . 512

Katharina Kohls and Christina Pöpper

CPS and IoT Security

Deriving a Cost-Effective Digital Twin of an ICS to Facilitate

Security Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 533
Ron Bitton, Tomer Gluck, Orly Stan, Masaki Inokuchi, Yoshinobu Ohta,
Yoshiyuki Yamada, Tomohiko Yagyu, Yuval Elovici, and Asaf Shabtai

Tracking Advanced Persistent Threats in Critical Infrastructures Through

Opinion Dynamics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555
Juan E. Rubio, Rodrigo Roman, Cristina Alcaraz, and Yan Zhang

Hide Your Hackable Smart Home from Remote Attacks: The Multipath
Onion IoT Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 575
Lei Yang, Chris Seasholtz, Bo Luo, and Fengjun Li

SCIoT: A Secure and sCalable End-to-End Management Framework

for IoT Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 595
Moreno Ambrosin, Mauro Conti, Ahmad Ibrahim, Ahmad-Reza Sadeghi,
and Matthias Schunter

Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 619

Mobile Security
 Workflow-Aware Security of Integrated
Mobility Services

Prabhakaran Kasinathan1,2(B) and Jorge Cuellar1,2

1
Siemens AG, CT, IT Security, Munich, Germany
{prabhakaran.kasinathan,jorge.cuellar}@siemens.com
2
University of Passau, Passau, Germany

Abstract. The Connected Mobility Lab (CML) is a mobility solution

created in collaboration between Siemens and BMW. The CML provides
a multi-tenant cloud infrastructure where entities – mobility providers,
financial service providers, users – might know each other or might be
complete strangers. The CML encapsulates core services from different
stakeholders and exposes an integrated, comprehensive, and innovative
mobility service to its users. The different owners may have different secu-
rity goals and impose their own rules and workflows on entities interact-
ing with their services. Thus, there is a need to negotiate in order to reach
mutually acceptable compromises, and inter-operate services within the
CML. Especially, when different services collaborate to fulfill a purpose
it is important to allow only authorized entities to execute the required
tasks. To enforce such tasks to be executed in a particular order we need
a workflow specification and enforcement method.
This paper presents a workflow specification and enforcement frame-
work that guarantees the process integrity (for instance, a technical pro-
cess) by enforcing an access control method that restricts the entities
to do only what is allowed in the specified workflow. The framework
also supports dynamic workflows that adapt to error conditions, and
a method to support accountability. We evaluate our proposed frame-
work on a CML business mobility use case. We extend the Petri Nets
based workflow specification and enforcement framework proposed in [2]
to achieve our goals.

Keywords: Workflow · Process integrity · Security · Petri nets

Mobility services

1 Introduction

The Connected Mobility Lab (CML) has been developed within the scope of a
public funded project (see [1]) to enable smart mobility applications by seam-
lessly exchanging data and analytics. The CML integrates the services from
P. Kasinathan—This research work was partially supported by the Zentrum Digitil-
isierung Bayern (ZD.B) [1] by project IUK 1504-003 IUK474/002.
c Springer Nature Switzerland AG 2018
J. Lopez et al. (Eds.): ESORICS 2018, LNCS 11099, pp. 3–19, 2018.
https://doi.org/10.1007/978-3-319-98989-1_1
4 P. Kasinathan and J. Cuellar

different stakeholders – such as mobility, financial and IT services – to pro-

vide comprehensive mobility solutions to its users. Figure 1 shows how the CML
core services such as security, accounting, data management and identity man-
agement enable the integration of data and processes from different mobility
providers (partners) to provide the CML mobility services. The CML mobile
application (CML App) runs on mobility assistant devices such as smart phone
and touch points as shown in Fig. 1; the users can access the CML App and use
the comprehensive CML mobility solution.

Fig. 1. The Connected Mobility Lab (CML) solution [1]

The users of CML can be private persons or employees of a company that

has a service agreement with the CML. A user may wish to use different mobil-
ity services to complete one single journey. Each stakeholder enforces his own
business processes on the customers (CML users) who use his services, therefore
CML must integrate different stakeholders’ processes.
A process is a set of interrelated activities or tasks that must be carried
out to accomplish a goal [3]. A business process is also called a workflow, but
we use the two words as synonymous. A workflow must be executed as it is
specified, and only using the available information it has, i.e., no one is able
to change, add additional steps or skip steps, etc. and the workflow should not
use any interface that he is not allowed do use. This property is called “process
integrity”. During the execution of the workflow, the participants may exchange
each other documents, information, see [4].
For instance, a user might use a carsharing service from his home to the main
train station, then park the car in one of available the parking lots and take a
train to reach the final destination. During the trip, the user must obey the
rules and conditions specified by that particular mobility provider. The CML
 Workflow-Aware Security of Integrated Mobility Services 5

provides a global workflow for the trip that enforces each stakeholder’s processes
that must be executed by the user in order to complete the journey.
The CML users execute the workflow to consume the services offered by
the CML. When users execute any task that involve accessing a service it is
important to enforce strict access control. We enforce a least privilege princi-
ple for task authorizations within each workflow. The least privilege principle
is a security concept where every computer module (such as a process, user, or
program, depending on the subject) may be able to access only the informa-
tion and resources that are necessary for its legitimate purpose. As a particular
case, the principle “Need to Know” is a confidentiality policy which states that
no subject should be able to read objects unless reading them is necessary for
that subject to perform its functions [3]. What we need is a similar policy, but
regarding integrity. We might call this principle “Need to Access”: it states that
no subject should be able to write or change objects unless it is necessary to
complete the required task of a process or workflow at that particular state. By
enforcing the need to access principle, an entity can get privileges to execute a
task only at the required step of the workflow. This provides workflow driven
(wokflow-aware) access control.
The first main motivation of our work is to provide an access control that
restricts the entities to do only what is allowed in the workflow, and to guarantee
the process integrity. The second main objective of our framework is to support
dynamic workflows which adapts to error conditions by, for instance, allowing
services to create on the fly sub-workflows without changing the main workflow.
Note that protecting the integrity of the processes and allowing the creation of
dynamic workflows may be competing goals: it must be assured that the creation
of the workflow can be done only by an “authorized” entity, and any misuse must
be penalized. Thus, our framework must have a workflow driven access control in
contrast to the commonly used mandatory (MAC), discretionary (DAC), or role-
based access control (RBAC), which have been well-studied in the literature, see
[5]. In addition, we need a system to log all actions of each participant executing
the workflow for auditing purpose. As CML consists of different partners it is
important to have an auditing system without assuming a central authority.
Summarizing the CML requirements, the main goal of this paper is to develop
a framework that:

– supports the specification of processes as workflows that can be created in a

step wise manner using standard software engineering processes and tools.
– constrain an entity using an application/services to obey a prescribed work-
flow with fine-grained authorization constraints (least privilege and need to
access) and provides a formal background to guarantee process integrity.
– allows entities participating in a workflow to have a choice for example, to
accept (or reject) “contracts” or conditions,
– allows services and entities executing a workflow to handle error conditions
by supporting creation of dynamic workflows, and
– provides accountability without assuming a central authority.
6 P. Kasinathan and J. Cuellar

To achieve the goals described above, we contribute and extend our Petri
Nets and Transition Contracts framework presented in [2] by:

– Using SysML activity diagram to model the business or technical process of

stakeholders.
– Introducing open Petri Net places to exchange information between work-
flows.
– Using timeout transitions that can trigger a transition, fire a timeout token
after a predefined time expires.
– Using of PNML to write and exchange Petri Net workflows between entities
and users.
– Introducing a private blockchain network for accountability purposes without
assuming the central trusted authority.

The rest of the paper is structured as the follows: Sect. 2 presents our pre-
vious framework, Sect. 3 describes the contributions of this paper, extensions to
existing framework and how we adapt it for the CML with a prototype imple-
mentation, Sect. 4 presents how our framework can solve a CML use case, Sect. 5
presents related work and at the end, Sect. 6 presents the conclusion and future
work.

2 Background Work

In this section, we introduce Petri Nets based workflow specification and enforce-
ment presented in [2].

2.1 Petri Nets for Workflow Specification

Petri Nets enable us to create workflows with properties like deadlock-free, guar-
anteed termination, separation-of-duties, etc. Properties of Petri Nets such as
reachability, liveness (deadlock-free), and coverability [6–8] can be verified. Hier-
archical Petri Nets can simplify the process of creating complex workflows by
breaking them into smaller partial workflows.
In traditional Petri Nets (PN) (see [9]) there are places, tokens and transi-
tions. A place in a traditional Petri Net can hold one or more tokens (Markings)
of same type. Colored Petri Nets (CPN) (see [10]) is an extension of Petri Nets,
and in CPN different types of tokens can exist in the same place. A transition
may have one or more input places, and a place may have one or several tokens.
A transition fires if its input places have sufficient tokens and as a result it pro-
duces tokens in output places. Entities executing the Petri Net workflow change
their state from one place to another via a transition firing. Extensions of Petri
Nets such as colored Petri Nets have enabled Petri Nets to represent different
types of tokens in one place.
In our Petri Net model for workflows presented in [2], we extend Colored
Petri Nets (CPN) by introducing the following additional concepts:
 Workflow-Aware Security of Integrated Mobility Services 7

(a) (b)
LEGEND
a place an oracle
a transition an activated transition

Fig. 2. (a) shows the initial state of a Petri Net workflow specification and (b) shows
the state of the Petri Net after the first two transitions have fired.

– A Token in our Petri Nets can be a representation of permissions, endorse-

ments, money (crypto coins), signature, or any information that is required
for the workflow execution. We will use explicit token names (for example,
oauth token) and explain their purpose wherever necessary to avoid confusion
between different types of tokens used in use cases.
– A special type of Petri Net place (called an oracle) that can receive tokens
(information) from an external source and it is represented as star shape
(filled with green color) in our Petri Nets. The Fig. 2 shows a simple workflow
specified as a Petri Net. The oracle is represented as a star and all other places
are represented as circles. A place that contains or holds a token is marked
with a small black circle. The transitions waiting for tokens are presented
as squares without patterns, and activated transitions ready for firing are
shown as patterned squares. The Fig. 2(a) shows that the first two transitions
are enabled (ready to fire) because the input places have tokens, and the
Fig. 2(b) shows that those two transitions have fired and as a result produced
tokens in the output places. An oracle is drawn usually on the boundary
of a Petri Net to represent that the information is from an external source.
Note: the term oracle is used in different computer science fields including
cryptography, blockchain and smart contracts, etc. Our concept of an Oracle
is similar to the Oracles introduced in Ethereum blockchain, i.e., it is used
to receive external information into the workflow. An Oracle in our method
need not be a contract that is accessed by other contracts as to get external
information as described in [11,12]. If a blockchain implementation is used
then an external service can push some information into the blockchain, later
8 P. Kasinathan and J. Cuellar

an oracle is used to query that information. In other instances, an oracle in

our Petri Net can have a predefined URL, and by querying that URL the
Oracle may get the required information.

Workflows can be specified using Petri Nets, but we need a mechanism to

enforce conditions that are written in the transitions of Petri Nets. For this pur-
pose, we proposed to use smart contracts. Smart Contracts introduced in [13],
have become popular with the advancements in blockchain technology. Smart
contracts are often written to ensure fairness between participating entities even
when one entity may attempt to cheat the other entity in arbitrary ways (see
[14]). Ethereum [15], which has popularized the use of smart contracts defines
a smart contract as “/a computer code that defines certain parts of an agree-
ment and can self-execute if terms are met/”. Bitcoins uses a simple stack (or
non-Turing complete language) language to express the rules and conditions
for a successful transaction i.e., how new coins are produced and consumed.
Ethereum uses a Turing complete language (Solidity [16]) to express complex
contractual terms and conditions. Luu et al. [17] studied the security of running
smart contracts based on Ethereum, and presented the problems in Ethereum’s
smart contract language solidity; they also show some ways to enhance the oper-
ational semantics of Ethereum to make smart contracts less vulnerable. For our
requirements both Bitcoin and Ethereum languages are not suitable. Bitcoin’s
stack language is not flexible therefore, we cannot express workflow conditions
on it. Ethereum’s solidity language could be vulnerable (see [17]), and we can-
not verify such contracts. Therefore, a smart contract language that is flexible to
specify conditions and at the same time verifiable is required. Some transitions
within our Petri Net workflow have additionally a transition contract as shown
in Fig. 3.

2.2 Transition Contracts

In traditional Petri Nets a transition fires when its input places has sufficient
tokens. To implement a workflow driven access control system in Petri Nets, the
transitions should be able to verify conditions and evaluate information encoded
in the tokens. The conditions written on a single transition using a simple smart
contract language is called a transition contract. We propose to use a simple
guarded command (a conditionally executed statement) language (similar to
[18]) to write transition contracts.
The Fig. 3 shows a simple Petri Net where two transitions (T1 and T2 )
have a pointer to the transition contracts (TC (a) and TC (b)) respectively.
Note: smart contracts do not always have to run on blockchain, they can also be
implemented between two or more parties without blockchain technology.
The properties (or rules) for each transition may be seen as small smart
contracts that restrict the choices of the participants of the workflow for this
step, or they impose additional conditions. The combination of few transition
contracts allow us to create multi-step smart contracts: say, the first transition
creates a token based on some conditions (which may verify authentication or
 Workflow-Aware Security of Integrated Mobility Services 9

|cond → action
T1

a c TC(a)
b

|cond → action-1
T2 |else → action-2
TC(b)
d e

Fig. 3. Smart contract: Petri Net with transition contracts

authorization status of participants), and then the second transition produces an

oauth token that can only be used in a subsequent transition in a particular way.
The allowed actions, permissions of workflow participants are determined by the
Petri Net and the next transition contracts. We propose to use the combination
of Petri Nets and transition contracts to specify, enforce sequences of atomic
transitions (transactions), and properties that must be satisfied in a workflow.
A transition performs three steps before firing:

– First, it takes tokens from the input places (could be a normal place, open
place or an oracle).
– Next, it verifies the validity, properties of input tokens.
– Finally, it evaluates the conditions described (as guarded commands) in the
transition contract, and produces the output tokens in output places (could
be a normal place, open place or an oracle).

An output produced by the transition contract can be a token representing

information or a workflow for one or more entities.

3 Specifying and Enforcing Workflows in CML

In CML, services or applications may have been developed by different service

providers, have different specifications and implement “equivalent” tasks differ-
ently. In addition, it is important to guarantee the process integrity, and provide
workflow driven access control. This implies that the workflows must be spec-
ified at a higher layer, abstracting away from implementation details. For this
purpose, first we need a high level workflow specification language to express a
process in a given context as a workflow. The workflow specification language
should be amenable to lightweight formal methods, so that the different parties
can reason locally about them. Petri Nets as the workflow specification language
is a used for the above mentioned reasons. In our previous work [2], we focused on
10 P. Kasinathan and J. Cuellar

applying our framework to the constrained devices of Internet of Things (IoT).

The CML App is installed in devices such as smart phones and touch points,
therefore we apply our framework in CML without any problems.
The integrity of the workflow is guaranteed without requiring a central
enforcement authority or workflow engine. Instead, the owner of each CML
provider enforces his own conditions on users to access his services by verify-
ing that the user has the necessary tokens, including ones which demonstrate
the successful completion of previous steps in the workflow. This service then
also provides a token to the user which he can present to the service in the next
interaction.
We believe that the way to secure a reliable, consistent and predictable set of
rules in complex environments is using formal methods. This is also one reason
for choosing Petri Nets as a specification language. Since some transactions have
some further logic depending on the values of the tokens presented, we propose to
specify Smart Transition Contracts (presented in Sect. 2) in a simple declarative
language.
It is a complex task to design a process from scratch that uses different
services from various providers. The general accepted method is to refine the
specification in a step wise manner using software engineering tools such as the
object management group (OMG) system modeling language’s (SysML) activity
diagram presented in [19]. The OMG SysML is a general purpose graphical
modeling language for specifying, analyzing, designing and verifying complex
systems. In particular, it provides a semantic foundation for modeling system
requirements, and the SysML’s activity diagram can be transformed intuitively
into a Petri Nets model.
A workflow should handle error conditions to an extent, and we propose to
use dynamic workflows. Dynamic workflows are created to handle special and
error conditions, user choices, etc., by authorized entities (of the main workflow)
without changing the goal or purpose of the main workflow. Note that protecting
the integrity of the processes and allowing the creation of dynamic workflows
may be competing goals: it must be assured that the creation of the workflow
can be done only by an “authorized” entity, and any misuse must be penalized.
Therefore, we also need a system to account (save or log) all activities performed
by the participants of the workflow. To enable dynamic workflows and guarantee
the process integrity within CML, we introduce to two extensions to our existing
framework.
First, we propose to use Open Petri Nets (see [20]), which provide entry
and exit points (via Open Petri Net places) to exchange information between
workflows. Open Petri Nets [20] enable two or more workflows to exchange infor-
mation in the form of tokens. For instance, Fig. 4 shows that WF (a) and WF (b)
exchanging tokens via the open place (oa and ob). An open place exists on the
boundary of the workflow, and the equivalence (=) sign identifies the entry and
exit places between two workflows. The open place (oa) is an exit place for WF
(a) and entry place for WF (b). The main difference between an oracle and an
open place is: an oracle can receive information from external sources whereas,
 Workflow-Aware Security of Integrated Mobility Services 11

oa
=

ob
=

W F (b)
LEGEND
a place an oracle
a transition an open place
W F (a)
an activated transition

Fig. 4. WF (a) and (b) exchange information using Open Petri Net places.

the open places are mainly used to exchange tokens between workflows. Open
petri net places are particularly useful when creating the main workflow would
like to create a dynamic workflow and exchange information with it.
Sometimes, a user or an entity may fail to complete a task in a workflow
that is expected to be completed within a certain time. This could lead into an
error condition (for example, a transition may wait forever to get a token in
a required place). To solve this problem, we propose to use timeouts in Petri
Net transitions i.e., after a predefined time expires, the transition executes set
of predefined conditions and fire a timeout token. We call these transitions as
timeout transitions. Timeouts in transitions should be used only when necessary,
and timeout transitions can be triggered by a token in one of the input places.
For example, consider a task (tsk1) that should be completed within 10 min,
and this task can be initiated after transition (t1) produces a token in the place
(a). The next transition (t2)’s is implemented as a timeout transition that is
triggered when a token appears in place (a) i.e. the countdown starts and default
conditions are executed to produce a token when the time expires after 10 min.
The CML is a centralized system but our framework uses a distributed
blockchain network for accountability purposes. A private blockchain is used to
set access control restrictions i.e., who is allowed to participate in the blockchain.
For instance, the users when executing the workflow publishes status of every
task that they are executing – i.e., status of transitions of the Petri Net workflow
– in the private blockchain. The stakeholders will verify and approve the trans-
actions in the blockchain, and this provides transparency and accountability in
an immutable database without assuming a trusted centralized entity.
Finally, we need a standard method to exchange Petri Net workflows between
users and CML entities. Weber et al. in [21] introduced Petri Net Markup Lan-
guage (PNML) which is based on XML, and in this work we propose to use the
PNML for writing, exchanging Petri Net workflows between different entities
and users of CML.
12 P. Kasinathan and J. Cuellar

3.1 Petri Net Based Workflow Enforcement

Our prototype implementation also demonstrates the feasibility of using Petri
Nets to enforce workflows in a real system such as CML.
Assume that different stakeholders are providing their services as Represen-
tational State Transfer (REST) based web services through CML core services.
The workflows are created by workflow experts, approved by the stakeholders and
made available within a centralized CML repository. A participant can download
the CML App and the required workflow from the CML repository, and then he
may start executing the workflow. The CML front-end provides the communi-
cation interface between the CML App and the CML core services – standard
security protocols are used to protect the communication channel. How partici-
pants authenticate with the CML front-end application is out of scope here. The
enforcement of the Petri Net workflows is integrated with the CML App. The
workflows being executed within the CML App run within a Trusted Execution
Environment (TEE) and may contain secret material; we assume that the par-
ticipants are not able to extract or modify any secrets from the workflow. For
instance, to authenticate against a CML service the shared secret material can
be used by a transition of the workflow.
The Python library called “SNAKES”, presented in [22] by Pommereau, is
used to execute the Petri Nets workflows written in Petri Net Markup lan-
guage (PNML). The SNAKES library is extended to support different types of
Petri Net places such as oracles and open places, and to evaluate transitions
with external conditions and produce the necessary tokens that will be required
for subsequent transitions. In current implementation, the transition contracts
are expressed with limited features of SNAKES library’s arc notations, expres-
sions that can use native python functions to evaluate input tokens and produce
required tokens.

4 A CML Use Case

A typical commuter in a cosmopolitan city has several transportation options
such as flights, train network for intercity travel, public transport, car and bike
sharing services including parking facilities within the city, and so on. The CML
envisions to integrate mobility services, and provide a mobile/web application
to its users with an objective to provide a comprehensive mobility service.
We describe a business mobility use case scenario of the CML where a com-
pany can enforce project specific travel restrictions, special conditions – such as
on what situation an employee can take business class trips – on its employees.
Let us consider that two companies A and B work on a public-funded project,
and due to the nature of the project the team members need to travel between
two companies frequently. The companies A and B decide to use mobility services
offered by CML to its team members. The CML’s workflow specification and
enforcement module – described in the Sect. 3.1 – supports to enforce Petri Net
based workflows.
The CML business mobility use case requirements are:
Another random document with
no related content on Scribd:
 Thus the good seed sown in Western Europe during the
preceding century brought forth its fruit. England could not long
remain a stranger to the march of events. But, slow as usual and
averse from hasty experiments, she pondered while others
performed. Besides, she had been spared the volcanic eruption of
the Continent which, while destroying much that was venerable and
valuable, had cleared the ground for the reception of new things.
There is every reason to believe that the ordinary Englishman’s
view of the Jews during the first half of the nineteenth century
differed in no respect from the view entertained by the ordinary
American of the same period, as described by Oliver Wendell
139
Holmes. The ordinary Englishman, like his transatlantic cousin,
grew up inheriting the traditional Protestant idea that the Jews were
a race lying under a curse for their obstinacy in refusing the Gospel.
The great historical Church of Christendom was presented to him as
Bunyan depicted it. In the nurseries of old-fashioned English
Orthodoxy there was one religion in the world—one religion and a
multitude of detestable, literally damnable impositions, believed in by
countless millions, who were doomed to perdition for so believing.
The Jews were the believers in one of these false religions. It had
been true once, but now was a pernicious and abominable lie. The
principal use of the Jews seemed to be to lend money and to fulfil
the predictions of the old prophets of their race. No doubt, the
individual sons of Abraham whom the ordinary Englishman found in
the ill-flavoured streets of East London were apt to be unpleasing
specimens of the race and to confirm the prevailing view of it.
The first unambiguous indication of a changing attitude towards
the Jew appears in Sir Walter Scott’s Ivanhoe. Scott in that work
gives utterance to the feeling of toleration which had gradually been
growing up in the country. It was in 1819, during the severest season
of the novelist’s illness, that Mr. Skene of Rubislaw, his friend, “sitting
by his bedside, and trying to amuse him as well as he could,” spoke
about the Jews, as he had known them years before in Germany,
“still locked up at night in their own quarter by great gates,” and
suggested that a group of Jews would be an interesting figure in a
 140
novel. The suggestion did not fall on stony ground. Scott’s eye
seized on the artistic possibilities of the subject, and the result was
the group of Jews which we have in Ivanhoe. Although the author in
introducing the characters seems to have been innocent of any
deliberate aim at propagandism, his treatment of them is a sufficient
proof of his own sympathy, and no doubt served the purpose of
kindling sympathy in many thousands of readers.
Not that the work attempts any revolutionary subversion of
preconceived ideas. The difference between Isaac of York and
Nathan the Wise is the same as the difference between Scott and
Lessing and their respective countries. The British writer does not try
to persuade us that the person whom we abhorred a few generations
before as an incarnation of all that is diabolical, and whom we still
regard with considerable suspicion, is really an angel. Whether it be
that there was no need for a revolt against the Elizabethan tradition,
or Scott was not equal to the task, his portrait of the Jew does not
depart too abruptly from the convention sanctioned by his great
predecessors. His Isaac is not a Barabas or Shylock transformed,
but only reformed. Though in many respects an improvement on
both, Scott’s Jew possesses all the typical attributes of his
progenitors: wealth, avarice, cowardice, rapacity, cunning, affection
for his kith and kin, hatred for the Gentile. But, whereas in both
Barabas and Shylock we find love for the ducats taking precedence
of love for the daughter, in Isaac the terms are reversed. It is with
exquisite reluctance that he parts with his shekels in order to save
his life. Ransom is an extreme measure, resorted to only on an
emergency such as forces the master of a ship to cast his
merchandise into the sea. But on hearing that his captor, Front-de-
Bœuf, has given his daughter to be a handmaiden to Sir Brian de
Bois-Guilbert, Isaac throws himself at the knight’s feet, imploring him
to take all he possesses and deliver up the maiden. Whereupon the
Norman, surprised, exclaims: “I thought your race had loved nothing
save their money-bags.”
“Think not so vilely of us,” answers the Jew. “Jews though we be,
the hunted fox, the tortured wildcat, loves its young—the despised
and persecuted race of Abraham love their children.”
 On being told that his daughter’s doom is irrevocable, Isaac
changes his attitude. Outraged affection makes a hero of the Jew,
and for his child’s sake he dares to face tortures, to escape from
which he had just promised to part even with one thousand silver
pounds:
“Do thy worst,” he cries out. “My daughter is my flesh and blood,
dearer to me a thousand times than those limbs which thy cruelty
threatens.”
While emphasising the good qualities of the Jew, the author
takes care to excuse the bad ones. Isaac is despoiled and spurned
as much as Barabas or Shylock. But there is an all-important
difference in Scott’s manner of presenting these facts. He describes
Isaac as a victim rather than as a villain, as an object of compassion
rather than of ridicule. “Dog of a Jew,” “unbelieving Jew,”
“unbelieving dog” are the usual modes of address employed by the
mediaeval Christian towards the Jew; just as they are the usual
modes of address employed by the modern Turk towards the
Christian rayah. The Jews are “a nation of stiff-necked unbelievers,”
the Christian “scorns to hold intercourse with a Jew,” his propinquity,
nay his mere presence, is considered as bringing pollution—
sentiments which far exceed in bitterness those entertained by the
Turk towards the Christian. Under such circumstances Isaac makes
his appearance: a grey-haired and grey-bearded Hebrew “with
features keen and regular, an aquiline nose and piercing black eyes,”
wearing “a high, square, yellow cap of a peculiar fashion, assigned
to his nation to distinguish them from the Christians.” Thus attired,
“he is introduced with little ceremony, and, advancing with fear and
hesitation, and many a bow of deep humility,” he takes his seat at
the lower end of the table, “where, however, no one offers to make
room for him.” “The attendants of the Abbot crossed themselves,
with looks of pious horror,” fearing the contamination from “this son
of a rejected people,” “an outcast in the present society, like his
people among the nations, looking in vain for welcome or resting
place.”
Isaac has scarcely taken his seat, when he is addressed, with
brutal frankness, as a creature whose vocation it is “to gnaw the
bowels of our nobles with usury, and to gull women and boys with
gauds and toys.” So treated, the Jew realises that “there is but one
road to the favour of a Christian”—money. Hence his avarice.
Furthermore, the impression of a craven and cruel miser, that might
perhaps be derived from the above presentation, is softened by the
author, who hastens to declare that any mean and unamiable traits
that there may be in the Jew’s character are due “to the prejudices of
the credulous vulgar and the persecutions by the greedy and
rapacious nobility.”
Scott endeavours to engage the reader’s sympathy for his Jew
by dwelling at great length on these causes of moral degradation:
“except perhaps the flying fish, there was no race existing on the
earth, in the air, or the waters, who were the object of such an
unremitting, general, and relentless persecution as the Jews of this
period.” “The obstinacy and avarice of the Jews being thus in a
measure placed in opposition to the fanaticism and tyranny of those
under whom they lived, seemed to increase in proportion to the
persecution with which they were visited.” “On these terms they
lived; and their character, influenced accordingly, was watchful,
suspicious, and timid—yet obstinate, uncomplying, and skilful in
evading the dangers to which they were exposed.” Thus we are led
to the conclusion that the Jew’s vices have grown, thanks to his
treatment, his virtues in spite of it. For Isaac is not altogether
impervious to gratitude and pity. He handsomely rewards the
Christian who saves his life, and he himself saves a Christian’s life
by receiving him into his house and allowing his daughter to doctor
him.
But, just as he is to the father, Scott is more than just to the
141
daughter. While Isaac is at the best a reformed Barabas or
Shylock, Rebecca is the jewel of the story. The author exhausts his
conventional colours in painting her beauty, and his vocabulary in
singing the praises of her character. “Her form was exquisitely
symmetrical,” “the brilliancy of her eyes, the superb arch of her
eyebrows, her well-formed, aquiline nose, her teeth as white as
pearls, and the profusion of her sable tresses,” made up a figure
which “might have compared with the proudest beauties of England.”
She is indeed “the very Bride of the Canticles,” as Prince John
remarks; “the Rose of Sharon and the Lily of the Valley,” as the
Prior’s warmer imagination suggests. Immeasurably superior to
Abigail in beauty and to Jessica in virtue, she equals Portia in
wisdom—a perfect heroine of romance. Withal there is in Rebecca a
power of quiet self-sacrifice that raises her almost to the level of a
saint. Altogether as noble an example of womanhood as there is to
be found in a literature rich in noble women. To sum up, in contrast
to Marlowe’s and Shakespeare’s creations, there is a great deal of
the tragic, and little, if anything, of the comic in Scott’s Jew.
It would, however, be an error to suppose that Scott was the
spokesman of a unanimous public. His Ivanhoe appeared in 1819.
Four years later we find the writer who with Scott shared the
applause of the age, giving an entirely different character to the Jew.
The Age of Bronze, written in 1823, carries on the Merchant of
Venice tradition. To Byron the Jew is simply a symbol of relentless
and unprincipled rapacity. Referring to the Royal Exchange, “the
New Symplegades—the crushing stocks,”

“Where Midas might again his wish behold

In real paper or imagined gold,
Where Fortune plays, while Rumour holds the stake,
And the world trembles to bid brokers break,”

the poet moralises at the expense of the Jew, to whom he traces our
own greed and recklessness in speculation:

“But let us not to own the truth refuse,

Was ever Christian land so rich in Jews?
Those parted with their teeth to good King John,
And now, Ye Kings! they kindly draw your own.”

Alas! times have changed since the day of “good King John.” Now
the Jews, far from being the victims of the royal forceps,
 “All states, all things, all sovereigns they control,
And waft a loan ‘from Indus to the pole.’
And philanthropic Israel deigns to drain
Her mild per-centage from exhausted Spain.
Not without Abraham’s seed can Russia march;
’Tis gold, not steel, that rears the conqueror’s arch.”

Nor is this all. Sad as the state of things must be, since Spain the
persecutrix has been degraded into a suppliant, the worst of the
calamity lies in the circumstance that these new tyrants of poor
Spain and poor Russia are a people apart; a people without a
country; a people of parasites:

“Two Jews, a chosen people, can command

In every realm their Scripture-promised land.
What is the happiness of earth to them?
A congress forms their ‘New Jerusalem.’
On Shylock’s shore behold them stand afresh,
To cut from nations’ hearts their ‘pound of flesh.’”

But our modern Jeremiah’s indignation is not altogether

disinterested. He confesses elsewhere, with a candour worthy of his
prophetic character,

“In my younger days they lent me cash that way,

142
Which I found very troublesome to pay.”

And not only Byron but piety also was still inimical to the Jew.
Samuel Taylor Coleridge, whose philosophy, in its second childhood,
sought comfort in the cradle of theology—a not uncommon
development—gives vent to some exceedingly quaint sentiments on
the subject. On April 13, 1830, he declares that the Jews who hold
that the mission of Israel is to be “a light among the nations” are
utterly mistaken. The doctrine of the unity of God “has been
preserved, and gloriously preached by Christianity alone.” No nation,
ancient or modern, has ever learnt this great truth from the Jews.
“But from Christians they did learn it in various degrees, and are still
learning it. The religion of the Jews is, indeed, a light; but it is as the
light of the glow-worm, which gives no heat, and illumines nothing
143
but itself.” Here we find Coleridge, in the nineteenth century,
reviving the complaint of Jewish aloofness—of the provincial and
non-missionary character of Judaism—which was one of the causes
of the Roman hatred towards the race in the first. Nor is this the only
case of revival presented by Coleridge’s attitude.
Luther, three hundred years earlier had said, “I am persuaded if
the Jews heard our preaching, and how we handle the Old
144
Testament, many of them might be won.” Coleridge now says: “If
Rhenferd’s Essays were translated—if the Jews were made
acquainted with the real argument—I believe there would be a
145
Christian synagogue in a year’s time.” He is, however, somewhat
in advance of Luther, inasmuch as he does not insist upon the Jews’
abandoning circumcision and “their distinctive customs and national
type,” but advocates their admission into the Christian fold “as of the
seed of Abraham.” He is also in advance of Luther in forgiving the
Jews their claim to be considered a superior order; for he finds that
this claim was also maintained by the earlier Christians of Jewish
blood, as is attested both by St. Peter’s conduct and by St. Paul’s
protests. He also refers to the practice of the Abyssinians—another
people claiming descent from Abraham and preserving the Mosaic
Law—and asks: “Why do we expect the Jews to abandon their
national customs and distinctions?” Coleridge would be satisfied with
their rejection of the covenant of works and with their acceptance of
“the promised fulfilment in Christ.” But what really distinguishes
Coleridge’s missionary zeal from that of the great Reformer is his
demand that the Jews should be addressed “kindly.” It is hard to
imagine Coleridge in his old age taking a Jew on to London Bridge,
146
tying a stone round his neck and hurling him into the river.
 However, though three centuries of humanism had not been
altogether wasted, the philosopher is in theory as hostile to the poor
Jew as Luther himself: “The Jews of the lower orders,” he tells us,
“are the very lowest of mankind; they have not a principle of honesty
in them; to grasp and be getting money for ever is their single and
exclusive occupation.” Nor was this prejudiced view of the race
softened in Coleridge by his profound admiration for its literature,
any more than it was in Luther. The latter was an enthusiastic
admirer of the Psalms—the book that has played a larger part in
men’s lives than any other—and so was Coleridge: “Mr. Coleridge,
like so many of the elder divines of the Christian Church, had an
affectionate reverence for the moral and evangelical portion of the
Book of Psalms. He told me that, after having studied every page of
the Bible with the deepest attention, he had found no other part of
Scripture come home so closely to his inmost yearnings and
147
necessities.” But Coleridge’s affection for ancient Hebrew
literature deepened, if anything, his contempt for the modern Jew.
He called Isaiah “his ideal of the Hebrew prophet,” and used this
ideal as a means of emphasising his scorn for the actual: “The two
images farthest removed from each other which can be
comprehended under one term are, I think, Isaiah—‘Hear, O
heavens, and give ear, O earth!’—and Levi of Holywell Street—‘Old
clothes!’—both of them Jews, you’ll observe. Immane quantum
148
discrepant!” The philosopher does not deign to reflect on the
possible causes of this lamentable discrepancy.
Again, Coleridge, like Luther, delighted in clandestine
conversion. He was on friendly terms with several learned Jews,
and, finding them men of a metaphysical turn of mind, he liked, as
was his wont, to preach to them “earnestly and also hopelessly” on
Kant’s text regarding the “object” and “subject,” and other things
weighty, though incomprehensible. At one time he was engaged in
undermining the faith of four different victims of his zeal and
friendship, or may be of his sense of humour: a Jew, a
Swedenborgian, a Roman Catholic, and a New Jerusalemite. “He
said he had made most way with the disciple of Swedenborg, who
might be considered as convert, that he had perplexed the Jew, and
had put the Roman Catholic into a bad humour; but that upon the
New Jerusalemite he had made no more impression than if he had
149
been arguing with the man in the moon.”
Even the genial Elia was not above entertaining and elaborating
the hoary platitude that Jews and Gentiles can never mix. Although
he declares that he has, in the abstract, no disrespect for Jews, he
admits that he would not care to be in habits of familiar intercourse
with any of them. Centuries of injury, contempt and hate, on the one
side—of cloaked revenge, dissimulation and hate, on the other,
between our and their fathers, he thinks, must and ought to affect the
blood of the children. He cannot believe that a few fine words, such
as “candour,” “liberality,” “the light of the nineteenth century,” can
close up the breaches of so deadly a disunion. In brief, he frankly
confesses that he does not relish the approximation of Jew and
Christian which was becoming fashionable, affirming that “the spirit
150
of the Synagogue is essentially separative.”
Yet, in defiance of Byronic wrath, of Elian humour, and of
Coleridgean theology, the demand for justice daily gained ground. In
1830 Mr. Robert Grant, member of Parliament for Inverness,
sounded the trumpet-call to battle by proposing that Jews should be
admitted to the House of Commons. The Bill was carried on the first
reading by 18 votes, but was lost on the second by 63. The initial
success of the proposal was evidence of the progress of public
opinion; its final rejection showed that there was room for further
progress. Indeed, the victory of light over darkness was not to be
won without a severe conflict: the prejudices of eighteen centuries
had to be assaulted and taken one after the other, ere triumph could
be secured. How strong these fortifications were can easily be seen
by a glance at the catalogue of any great public library under the
proper heading. There the modern Englishman’s wondering eye
finds a formidable array of pamphlets extending over many years,
and covering the whole field of racial and theological intolerance. But
the opposite phalanx, though as yet inferior in numbers, shows a
brave front too. In January, 1831, Macaulay fulminated from the
pages of the Edinburgh Review in support of the good cause:
 “The English Jews, we are told, are not Englishmen. They are a
separate people, living locally in this island, but living morally and
politically in communion with their brethren who are scattered over
all the world. An English Jew looks on a Dutch or Portuguese Jew as
his countryman, and on an English Christian as a stranger. This want
of patriotic feeling, it is said, renders a Jew unfit to exercise political
functions.”
This premosaic platitude, and other coeval arguments, Macaulay
sets himself to demolish; and, whatever may be thought of the
intrinsic value of his weapons, the principle for which he battled no
longer stands in need of vindication.
The warfare continued with vigour on both sides. The Jews,
encouraged by Mr. Grant’s partial success, went on petitioning the
House of Commons for political equality, and their petitions found a
constant champion in Lord John Russell, who year after year brought
in a Bill on the subject. But the forces of the enemy held out gallantly.
That a Jew should represent a Christian constituency, and, who
knows? even control the destinies of the British Empire, was still a
proposition that shocked a great many good souls; while others
ridiculed it as preposterous. A. W. Kinglake voices the latter class of
opponents in his Eothen. A Greek in the Levant had expressed to
the author his wonder that a man of Rothschild’s position should be
denied political recognition. The English traveller scowls at the idea,
and quotes it simply as an illustration of the Greek’s monstrous
materialism. “Rothschild (the late money-monger) had never been
the Prime Minister of England! I gravely tried to throw some light
upon the mysterious causes that had kept the worthy Israelite out of
the Cabinet.” Had Kinglake been endowed with the gift of foreseeing
coming, as he was with the gift of describing current events, he
would probably never have written the eloquent page on which the
above passage occurs. But in his own day there was nothing absurd
in his attitude. Till 1828 no more than twelve Jewish brokers were
permitted to carry on business in the City of London, and vacancies
were filled at an enormous cost. Even baptized Jews were excluded
from the freedom of the City, and therefore no Jew could keep a
shop, or exercise any retail trade, till 1832.
 The struggle for the enfranchisement of the Jews was only one
operation in a campaign wherein the whole English world was
concerned, and on the result of which depended far larger issues
than the fate of the small community of English Jews. It was a
campaign between the powers of the past and the powers of the
future. Among those engaged in this struggle was a man in whom
the two ages met. He had inherited the traditions of old England, and
he was destined to promote the development of the new. His life
witnessed the death of one world and the birth of another. His career
is an epitome of English history in the nineteenth century.
In 1833 Gladstone, then aged twenty-four years, voted for Irish
Coercion, opposed the admission of Dissenters to the Universities,
and the admission of Jews to Parliament. He was consistent. Irish
Reform, Repeal of the Test Acts, and Relief of the Jews, were three
verses of one song, the burden of which was “Let each to-morrow
find us farther than to-day.” In 1847 Gladstone, then aged thirty-eight
years, “astonished his father as well as a great host of his political
supporters by voting in favour of the removal of Jewish
151
disabilities.” His desertion, as was natural, aroused a vast amount
of indignation in the camp. For had he not, only eight short years
earlier, been described as “the rising hope of the stern and
unbending Tories”? But the indignation, natural though it might be,
was unjustifiable. Gladstone was again consistent. Several important
things had happened since his first vote. Both Dissenters and
Roman Catholics had been rehabilitated. In other words, the Tory
party had surrendered their first line of defence—Anglicanism, and
abandoned their second—Protestantism: was there any reason,
except blind bigotry, for their dogged defence of the third? Gladstone
could see none. The admission of the Jews was henceforth not only
dictated by justice, but demanded by sheer logic. Furthermore, the
Jews in 1833 had been permitted to practise at the bar; in 1835 the
shrievalty had been conceded to them; in 1845 the offices of
alderman and of Lord Mayor had been thrown open to them; in 1846
an Act of Parliament had established the right of Jewish charities to
hold land, and Jewish schools and synagogues were placed on the
same footing as those of Dissenters. The same year witnessed the
repeal of Queen Anne’s statute, which encouraged conversion; of
the exception of the Jews from the Irish Naturalisation Act of 1783;
and of the obsolete statute De Judaismo, which prescribed a special
dress for Jews. After the bestowal of civil privileges, the withdrawal
of political rights was absurd. Gladstone could not conceive why
people should be loth to grant to the Jews nominal, after having
admitted them to practical equality. But though prejudice had died
out, its ghost still haunted the English mind. Men clung to the
shadow, as men will, when the substance is gone. Those orators of
the press and the pulpit whose vocation it is to voice the views of
yesterday still strove to give articulate utterance and a body to a
defunct cause. Sophisms, in default of reasons, were year after year
dealt out for popular consumption, and the position was sufficiently
irrational to find many defenders. But the result henceforth was a
foregone conclusion. Even stupidity is not impregnable. Prejudice,
resting as it did upon unreality, could not long hold out against the
batteries of commonsense.
Yet ghosts die hard. Baron Lionel de Rothschild, though returned
five times for the City of London, was not allowed to vote. Another
Jew, Alderman Salomons, elected for Greenwich in 1851, ventured
to take his seat, to speak, and to vote in the House, though in
repeating the oath he omitted the words “on the true faith of a
Christian.” The experiment cost him a fine of £500 and expulsion
from Parliament. Meanwhile, the Bill for the admission of the Jews
continued to be annually introduced, to be regularly passed by the
Commons, and as regularly rejected by the Lords. The comedy did
not come to an end till 1858, when an Act was passed allowing Jews
to omit from the oath the concluding words to which they
conscientiously objected. Immediately after Baron de Rothschild took
his seat in the House of Commons, and another “red letter day” was
added to the Jewish Calendar.
The Factories Act of 1870 permits Jews to labour on Sundays in
certain cases, provided they keep their own Sabbath; and the
Universities Tests Act, passed in the following year, just after a Jew
had become Senior Wrangler at Cambridge, enables them to
graduate at the English seats of learning without any violation to their
religious principles. At the present day the House of Commons
contains a dozen Jewish members, and there is scarcely any office
or dignity for which an English Jew may not compete on equal terms
with an English Christian. The one remnant of ancient servitude is to
be found in the Anglo-Jewish prayer for the King, in which the
Almighty is quaintly besought to put compassion into his Majesty’s
heart and into the hearts of his counsellors and nobles, “that they
may deal kindly with us and with all Israel.”
Tolerance has not failed to produce once more the results which
history has taught us to expect. As in Alexandria under the
Ptolemies, in Spain under the Saracen Caliphs and the earlier
Christian princes, and in Italy under the Popes of the Renaissance,
the Jews cast off their aloofness and participated in the intellectual
life of the Gentiles, so now they hastened to join in the work of
civilisation. When the fetters were struck off from the limbs of Israel,
more than the body of the people was set free. The demolition of the
walls of the ghettos was symbolical of the demolition of those other
walls of prejudice which had for centuries kept the Jewish colonies
as so many patches of ancient Asia, incongruously inlaid into the
mosaic of modern Europe. The middle of the eighteenth century,
which marks the spring-time of Jewish liberty, also marks the spring-
time of Jewish liberalism. It is the Renaissance of Hebrew history; a
new birth of the Hebrew soul. The Jew assumed a new form of pride:
pride in the real greatness of his past. He became once more
conscious of the nobler elements of his creed and his literature. And
with this self-consciousness there also came a consciousness of
something outside and beyond self. Moses Mendelssohn did for the
Jews of Europe what the Humanists had done for the Christians. By
introducing it to the language, literature, and life of the Gentiles
around it he opened for his people a new intellectual world, broader
and fairer than the one in which it had been imprisoned by the
persecutions of the Dark Ages; and that, too, at a moment when the
shadows of death seemed to have irrevocably closed round the body
and the mind of Israel. This deliverance, wondrous and unexpected
though it was, produced no thrill of religious emotion, it called forth
no outpourings of pious thankfulness and praise, such as had
greeted the return from the Babylonian captivity and, again, the
Restoration of the Law by the Maccabees in the days of old. The joy
of the nation manifested itself in a different manner, profane maybe
and distasteful to those who look upon nationality as an end in itself
and who set the interests of sect above the interests of man; but
thoroughly sane.
Orthodoxy, of course, continued to hug the dead bones of the
past, to denounce the study of Gentile literature and science as a
sin, and to repeat the words in which men of long ago expressed
their feelings in a language no longer spoken. This was inevitable.
Equally inevitable was another phenomenon: a religious revival
springing up simultaneously with the intellectual awakening. The
Jewish race includes many types. As in antiquity we find Hellenism
and Messianism flourishing side by side, as the preceding century
had witnessed the synchronous appearance of a Spinoza and a
Sabbataï Zebi, so now, while Moses Mendelssohn was writing
Platonic dialogues in Berlin, another representative Jew, Israel
Baalshem, was mystifying himself and his brethren with pious
152
hysteria in Moldavia. But the more advanced classes declared
themselves definitely for sober culture. The concentration which was
forced upon Judaism as a means of self-defence, more especially
after the expulsion from Spain and the subsequent oppression
during the sixteenth and seventeenth centuries, was now to a great
extent abandoned, and then ensued a period of dissent
proportionate to the previous compulsory conformity. There was a
vast difference of opinion as to the length to which reform should go.
But one result of the movement as a whole was a more or less
thorough purification of Judaism of the stains of slavery. The solemn
puerilities of the Talmud and the ponderous frivolities of Rabbinic
tradition, grotesque ritualism, and all the inartistic ineptitudes in belief
and practice, with which ages of barbarism had encrusted Judaism,
were relegated to the lumber-room of antiquarian curiosities, and all
that was fresh and truly alive in the Jewish race sought new vehicles
for the expression of new thoughts: modern emotions were
translated into modern modes of utterance and action. The
Messianic dream came to be regarded as a vision of the night,
destined to vanish in the light of freedom, and its place was taken by
an ideal of a spiritual and racial brotherhood of the Jews, based on
their common origin and history, but compatible with patriotic
attachment to the various countries of their adoption.
Nothing is more characteristic of the general healthiness of the
emancipation of the Jewish mind than the new type of renegade Jew
which it brought into being. In the Middle Ages the Jew who
renounced the faith of his fathers often considered it his sacred duty
to justify his apostasy by persecuting his former brethren. The
conditions which produced that vulgar type of renegade having
vanished, there began to appear apostates of another kind—men
who, though unwilling to devote to a sect what was meant for
mankind, or, perhaps, unable to sacrifice their own individuality to an
obsolete allegiance, yet never ceased to cherish those whom they
deserted. In them the connection of sentiment outlasted the links of
religion, and these men by their defection did more for their people
than others had done by their loyalty. Heinrich Heine, born in 1799,
was baptized at the age of twenty-five, prompted partly by the desire
to gain that fulness of freedom which in those days was still denied
to the non-Christian in Germany, but also by a far deeper motive: “I
had not been particularly fond of Moses formerly,” he said in after
life, “perhaps because the Hellenic spirit was predominant in me,
and I could not forgive the legislator of the Jews his hatred towards
all art.” The case of Benjamin Disraeli in this country was an
analogous, though not quite a similar one. Among later examples
may be mentioned the great Russo-Jewish composer Rubenstein
who, though baptized in infancy, never sought to conceal his Jewish
birth, but always spoke of it with pride—and that in a country where it
still is better for one to be born a dog than a Jew. Many of these ex-
Jews have attempted, and in part succeeded, in creating among the
Gentiles a feeling of respect towards the Jewish people as a nation
of aristocrats. And, indeed, in one sense the claim is not wholly
baseless.
Since the abolition of religious obstacles the Jews have taken an
even more prominent part in the development of the European mind
under all its aspects. Israel wasted no time in turning to excellent
account the bitterly earned lessons of experience. The persecution
of ages had weeded the race of weaklings. None survived but the
fittest. These, strong with the strength of long suffering, confident
with the confidence which springs from the consciousness of trials
nobly endured and triumphs won against incredible odds, versatile
by virtue of their struggle for existence amid so many and so varied
forms of civilisation, and stimulated by the modern enthusiasm for
progress, were predestined to success. The Western Jews, after a
training of eighteen hundred years in the best of schools—the school
of adversity—came forth fully equipped with endowments, moral and
intellectual, which enabled them, as soon as the chance offered, to
conquer a foremost place among the foremost peoples of the world.
Science and art, literature, statesmanship, philosophy, law, medicine,
and music, all owe to the Jewish intellect a debt impossible to
exaggerate. In Germany there is hardly a university not boasting a
professor Hebrew in origin, if not always in religion. Economic
thought and economic practice owe their most daring achievements
to Jewish speculation. Socialism—this latest effort of political
philosophy to reconcile the conflicting interests of society and its
constituent members—is largely the product of the Jewish genius. It
153
would be hard to enumerate individuals, for their name is legion.
But a few will suffice: Lasalle and Karl Marx in economics, Lasker in
politics, Heine and Auerbach in literature, Mendelssohn, Rubenstein
and Joachim in music, Jacoby in mathematics, Traube in medicine;
in psychology Lazarus and Steinthal, in classical scholarship and
comparative philology Benfey and Barnays are some Jewish workers
who have made themselves illustrious. Not only the purse but the
press of Europe is to a great extent in Jewish hands. The people
who control the sinews of war have contributed more than their
share to the arts and sciences which support and embellish peace.
And all this in the course of one brief half-century, and in the face of
the most adverse influences of legislation, of religious feeling and of
social repugnance. History can show no parallel to so glorious a
revolution. Mythology supplies a picture which aptly symbolises it.
Hesiod was not a prophet, yet no prophecy has ever received a
more accurate fulfilment than the poetic conception couched in the
following lines received in the Hebrew Palingenesia:
“Chaos begat Erebos and black Night;
But from Night issued Air and Day.”
 CHAPTER XXI

IN RUSSIA

The one great power in Europe which has refused to follow the new
spirit is Russia. In the middle of the sixteenth century Czar Ivan IV.,
surnamed the Terrible, voiced the feelings of his nation towards the
Jews in his negotiations with Sigismund Augustus, King of Poland.
The latter monarch had inserted in the treaty of peace a clause
providing that the Jews of Lithuania should be permitted to continue
trading freely with the Russian Empire. Ivan answered: “We do not
want these men who have brought us poison for our bodies and
souls; they have sold deadly herbs among us, and blasphemed our
Lord and Saviour.” This speech affords a melancholy insight into the
intellectual condition of the people over whom Ivan held his terrible
sway. Nor can one wonder. Printing had been popular for upwards of
a century in the rest of Europe before a press found its way into the
Muscovite Empire, where it aroused among the natives no less
astonishment and fear than the first sight of a musket did among the
inhabitants of Zululand, and was promptly consigned to the flames
by the priests, as a Satanic invention. Things did not improve during
the succeeding ages. Till the end of the seventeenth century Russia
remained almost as total a stranger to the development of the
Western world and to its nations as Tibet is at the present day.
Venice or Amsterdam loomed immeasurably larger in contemporary
imagination than the vast dominions of the White Czar. British
traders at rare intervals brought from the port of Archangel, along
with their cargoes of furs, strange tales of the snow-clad plains and
sunless forests of those remote regions, and of their savage
inhabitants: of their peculiar customs, their poverty, squalor, and
superstition. And these accounts, corroborated by the even rarer
testimony of diplomatic envoys, who in their books of travel spoke of
princes wallowing in filthy magnificence, of starving peasants, and of
ravening wolves and bears, excited in the Western mind that kind of
wonder, mingled with incredulity, which usually attends the narratives
of travellers in unknown lands.
This home of primordial barbarism was suddenly thrust upon the
attention of the civilised world by the genius of one man. Peter the
Great, a coarse and cruel, but highly gifted barbarian, conceived the
colossal plan of bridging over the gulf that separated his empire from
Western Europe, and of reaching at a single stride the point of
culture towards which others had crept slowly and painfully in the
course of many centuries. It was the conception of a great engineer,
and it required great workmen for its execution. It is, therefore, no
matter for surprise if the work, when the mind and the will of the
original designer were removed, made indifferent progress, if it
remained stationary at times, if it was partially destroyed at others. It
must also be borne in mind that Peter’s dream of a European Russia
was far from being shared by the Russian people. The old Russian
party, which interpreted the feelings of the nation, had no sympathy
with the Emperor’s ambition for a new Russia modelled on a
Western pattern. They wanted to remain Asiatic. And this party found
a leader in Peter’s own son Alexis, who paid for his disloyalty with
his life. The idea for which Alexis and his friends suffered death is
still alive. Opposition to Occidental reform and attachment to Oriental
modes of thought and conduct continue to exercise a powerful
influence in Russian politics. Europe and Asia still fight for
supremacy in the heterogeneous mass which constitutes this hybrid
Empire, and there are those who believe that, although Russia
poses as European in manner, in soul she is an Asiatic power; and
that the time will come when the slender ties which bind her to the
West will be snapped by the greater force of her Eastern affinities.
Whether this view is correct or not the future will show. Our business
is with the past.
The history of the Russian Empire from the seventeenth till the
twentieth century is largely a history of individual emperors, and its
spasmodic character of alternate progress and retrogression is
vividly illustrated by the attitude of those emperors towards their
Jewish subjects. Peter the Great welcomed them, his daughter
Elizabeth expelled them, Catherine II. re-admitted them, Alexander I.
favoured them. No democratic visionary was ever animated by a
loftier enthusiasm for the happiness of mankind than this noble
autocrat. By the Ukase of 1804 all Jews engaged in farming,
manufactures, and handicrafts, or those who had been educated in
Russian schools, were relieved from the exceptional laws against
their race; while special privileges were granted to those who could
show proficiency in the Russian, German, or Polish language. Other
decrees, issued in 1809, ensured to the Jews full freedom of trade.
These concessions, while testifying to the Emperor’s tolerant
wisdom, show the severity of the conditions under which the race
laboured normally. On the partition of Poland the Russian Empire
had received an enormous addition to its Jewish population, and the
Czars, with few exceptions, continued towards it the inhuman policy
already adopted under Casimir the Great’s successors. The Jews
were pent in ghettos, and every care was taken to check their growth
and to hamper their activity. Among other forms of oppression, the
emperors of Russia initiated towards their Jewish subjects a system
analogous to the one formerly enforced by the Sultans of Turkey on
the Christian rayahs: the infamous system of “child-tribute.” Boys of
tender age were torn from their parents and reared in their master’s
faith for the defence of their master’s dominions. Alexander I.
determined to lift this heavy yoke, and, as has been seen, he took
some initial steps towards that end. But, unfortunately, the closing
years of the high-minded idealist’s life witnessed a return to
despotism, and consequently a series of conspiracies, which in their
turn retarded the progress of freedom and hardened the hearts of its
foes.
1825 Alexander’s stern son, Nicholas I., was a
nineteenth century Phalaris. His reign was inaugurated
with an insurrectionary movement, whose failure accelerated the
triumph of the Asiatic ideals in Russian policy. Nicholas, imbued with
a strong antipathy to all that was Occidental, and convinced that the
greatness of Russia abroad depended on tyranny at home, set
himself the task of undoing the little his predecessors had done in