Towards formal validation of trust and security in the internet of services

Authors:
Roberto Carbone;Marius Minea;Sebastian Alexander Mödersheim;Serena Elisa Ponta;Mathieu Turuani;Luca Viganò
Affiliations:
Security & Trust Unit, FBK, Trento, Italy;Institute e-Austria, Timişoara, Romania;DTU, Lyngby, Denmark;SAP Research, Mougins, France and DIST, Università di Genova, Italy;LORIA & INRIA Nancy Grand Est, France;Dipartimento di Informatica, Università di Verona, Italy
Venue:
The future internet
Year:
2011

Citing 17
Cited 0

Model checking

Model checking
System Description: Spass Version 1.0.0

CADE-16 Proceedings of the 16th International Conference on Automated Deduction: Automated Deduction
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Secure protocol composition

Proceedings of the 2003 ACM workshop on Formal methods in security engineering
Static validation of security protocols

Journal of Computer Security
The temporal logic of programs

SFCS '77 Proceedings of the 18th Annual Symposium on Foundations of Computer Science
Automatic Composition of Services with Security Policies

SERVICES '08 Proceedings of the 2008 IEEE Congress on Services - Part I
Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps

Proceedings of the 6th ACM workshop on Formal methods in security engineering
Safely composing security protocols

Formal Methods in System Design
Synthesis and Composition of Web Services

Formal Methods for Web Services
The Open-Source Fixed-Point Model Checker for Symbolic Analysis of Security Protocols

Foundations of Security Analysis and Design V
Secure pseudonymous channels

ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Protocol Composition for Arbitrary Primitives

CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Attacking and fixing PKCS#11 security tokens

Proceedings of the 17th ACM conference on Computer and communications security
Abstraction by set-membership: verifying security protocols and web services with databases

Proceedings of the 17th ACM conference on Computer and communications security
Verified reference implementations of WS-Security protocols

WS-FM'06 Proceedings of the Third international conference on Web Services and Formal Methods
The CL-Atse protocol analyser

RTA'06 Proceedings of the 17th international conference on Term Rewriting and Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

Service designers and developers, while striving to meet the requirements posed by application scenarios, have a hard time to assess the trust and security impact of an option, a minor change, a combination of functionalities, etc., due to the subtle and unforeseeable situations and behaviors that can arise from this panoply of choices. This often results in the release of flawed products to end-users. This issue can be significantly mitigated by empowering designers and developers with tools that offer easy to use graphical interfaces and notations, while employing established verification techniques to efficiently tackle industrial-size problems. The formal verification of trust and security of the Internet of Services will significantly boost its development and public acceptance.