ACM Transactions on Computer Systems (TOCS)
A semantics for a logic of authentication (extended abstract)
PODC '91 Proceedings of the tenth annual ACM symposium on Principles of distributed computing
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Automatic Verification of Cryptographic Protocols with SETHEO
CADE-14 Proceedings of the 14th International Conference on Automated Deduction
On Unifying Some Cryptographic Protocol Logics
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
Security Analysis of the SAML Single Sign-on Browser/Artifact Profile
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
ICSOC '08 Proceedings of the 6th International Conference on Service-Oriented Computing
An Optimized Intruder Model for SAT-based Model-Checking of Security Protocols
Electronic Notes in Theoretical Computer Science (ENTCS)
A belief logic for analyzing security of web protocols
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Managing trust and secrecy in identity management clouds
Proceedings of the 2012 ACM Workshop on Cloud computing security workshop
Using automated model analysis for reasoning about security of web protocols
Proceedings of the 28th Annual Computer Security Applications Conference
Hi-index | 0.00 |
Offloading user management functions like authentication and authorization to identity providers is a key enabler for cloud computing based services. Protocols used to provide identity as a service (IDaaS) are the foundation of security for many business transactions on the web and need to be thoroughly analyzed. While analysis of cryptographic protocols has been an active research area over the past three decades, the techniques have not been adapted to analyze security for complex web interactions. In this paper, we identify gaps in the area and propose means to address them. We extend an important belief logic (the so-called BAN logic) used for analyzing security in authentication protocols to support new concepts that are specific to browser based IDaaS protocols. We also address the problem of automating belief based security analysis through a UML based model driven approach which can be easily integrated with existing software engineering tools. We demonstrate benefits of the extended logic and model driven approach by analyzing two of the most commonly used IDaaS protocols.