Using encryption for authentication in large networks of computers
Communications of the ACM
Mobile values, new names, and secure communication
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
From Secrecy to Authenticity in Security Protocols
SAS '02 Proceedings of the 9th International Symposium on Static Analysis
Using Replication and Partitioning to Build Secure Distributed Systems
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A Semantic Model for Authentication Protocols
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
Authenticity by typing for security protocols
Journal of Computer Security - Special issue on CSFW14
Spi2Java: Automatic Cryptographic Protocol Java Code Generation from spi calculus
AINA '04 Proceedings of the 18th International Conference on Advanced Information Networking and Applications - Volume 2
Best-Practice Patterns and Tool Support for Configuring Secure Web Services Messaging
ICWS '04 Proceedings of the IEEE International Conference on Web Services
Reconstruction of Attacks against Cryptographic Protocols
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Automated Verification of Selected Equivalences for Security Protocols
LICS '05 Proceedings of the 20th Annual IEEE Symposium on Logic in Computer Science
Validating a web service security abstraction by typing
Formal Aspects of Computing
Validating a web service security abstraction by typing
Formal Aspects of Computing
An advisor for web services security policies
Proceedings of the 2005 workshop on Secure web services
Verified Interoperable Implementations of Security Protocols
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
A semantics for web services authentication
Theoretical Computer Science - Theoretical foundations of security analysis and design II
Secure sessions for Web services
ACM Transactions on Information and System Security (TISSEC)
Verified implementations of the information card federated identity-management protocol
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Verified reference implementations of WS-Security protocols
WS-FM'06 Proceedings of the Third international conference on Web Services and Formal Methods
A design of policy-based composite web services QoS monitoring system
International Journal of Critical Computer-Based Systems
Utilizing the interactive techniques to achieve automated service composition for Web Services
Journal of High Speed Networks
| Hi-index | 0.00 |
WS-SecurityPolicy is a declarative language for configuring web services security mechanisms. We describe a formal semantics for WS-SecurityPolicy and propose a more abstract language for specifying secure links between web services and their clients. We present the architecture and implementation of tools that (1) compile policy files from link specifications, and (2) verify by invoking a theorem prover whether a set of policy files run by any number of senders and receivers correctly implements the goals of a link specification, in spite of active attackers. Policy-driven web services implementations are prone to the usual subtle vulnerabilities associated with cryptographic protocols; our tools help prevent such vulnerabilities. We can verify policies when first compiled from link specifications, and also re-verify policies against their original goals after any modifications during deployment. Moreover, we present general security theorems for all configurations that rely on compiled policies.