Communicating sequential processes
Communicating sequential processes
Fault-perserving simplifying transformations for security protocols
Journal of Computer Security
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Casper: A Compiler for the Analysis of Security Protocols
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Lazy query evaluation for Active XML
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
An electronic patient record "on steroids": distributed, peer-to-peer, secure and privacy-conscious
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
The modelling and analysis of security protocols: the csp approach
The modelling and analysis of security protocols: the csp approach
A framework for distributed XML data management
EDBT'06 Proceedings of the 10th international conference on Advances in Database Technology
Application of formal methods to the analysis of web services security
EPEW'05/WS-FM'05 Proceedings of the 2005 international conference on European Performance Engineering, and Web Services and Formal Methods, international conference on Formal Techniques for Computer Systems and Business Processes
| Hi-index | 0.00 |
An Active XML (AXML in short) has been developed to provide efficient data management and integration by allowing Web services calls to be embedded in XML document. AXML documents have new security issues due to the possibility of malicious documents and attackers. To solve this security problem, document-level security with embedded service calls has been proposed to overcome the limitation of traditional security protocols. The aim of this paper is to show how existing model checking technique, with CSP and FDR, used for traditional message-based security protocols, can be adapted to specify and verify AXML document-based security. To illustrate our approach, we present the framework for modelling and analyzing AXML document's security. Then, we demonstrate how this technique can be applied to analyze electronic patient record taken from [13]. Finally, we show the possible vulnerabilities due to delegated query and malicious service call.