An attack on a recursive authentication protocol. A cautionary tale
Information Processing Letters
Casper: a compiler for the analysis of security protocols
Journal of Computer Security
Fault-perserving simplifying transformations for security protocols
Journal of Computer Security
Validating a Web service security abstraction by typing
Proceedings of the 2002 ACM workshop on XML security
A Hierarchy of Authentication Specifications
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Mechanized proofs for a recursive authentication protocol
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Secure sessions for web services
SWS '04 Proceedings of the 2004 workshop on Secure web service
The modelling and analysis of security protocols: the csp approach
The modelling and analysis of security protocols: the csp approach
Verified implementations of the information card federated identity-management protocol
Proceedings of the 2008 ACM symposium on Information, computer and communications security
On Secure Implementation of an IHE XUA-Based Protocol for Authenticating Healthcare Professionals
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Verifying cryptographic protocols with subterms constraints
LPAR'07 Proceedings of the 14th international conference on Logic for programming, artificial intelligence and reasoning
A novel client-based approach for signing and checking web forms by using XML against DoS attacks
Proceedings of the 12th International Conference on Information Integration and Web-based Applications & Services
Verified reference implementations of WS-Security protocols
WS-FM'06 Proceedings of the Third international conference on Web Services and Formal Methods
Security Analysis of Standards-Driven Communication Protocols for Healthcare Scenarios
Journal of Medical Systems
Automatic verification of protocols with lists of unbounded length
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
| Hi-index | 0.00 |
XML and Web Services security specifications define elements to incorporate security tokens within a SOAP message. We propose a method for mapping such messages to an abstract syntax in the style of Dolev-Yao, and in particular Casper notation. We show that this translation preserves flaws and attacks. Therefore we provide a way for all the methods, and specifically Casper and FDR, that have been developed in the last decade by the theoretical community for the analysis of cryptographic protocols to be used for analysing WS-Security protocols. Finally, we demonstrate how this technique can be used to prove properties and discover attacks upon a proposed Microsoft WS-SecureConversation protocol.