ACM Transactions on Computer Systems (TOCS)
A semantics for a logic of authentication (extended abstract)
PODC '91 Proceedings of the tenth annual ACM symposium on Principles of distributed computing
Athena: a novel approach to efficient automatic security protocol analysis
Journal of Computer Security
Alloy: a lightweight object modelling notation
ACM Transactions on Software Engineering and Methodology (TOSEM)
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Automatic Verification of Cryptographic Protocols with SETHEO
CADE-14 Proceedings of the 14th International Conference on Automated Deduction
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
On Unifying Some Cryptographic Protocol Logics
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
Fast, automatic checking of security protocols
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Proceedings of the 15th ACM conference on Computer and communications security
Proceedings of the 6th ACM workshop on Formal methods in security engineering
An Optimized Intruder Model for SAT-based Model-Checking of Security Protocols
Electronic Notes in Theoretical Computer Science (ENTCS)
Towards a Formal Foundation of Web Security
CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Software Abstractions: Logic, Language, and Analysis
Software Abstractions: Logic, Language, and Analysis
The AVISPA tool for the automated validation of internet security protocols and applications
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Model driven security analysis of IDaaS protocols
ICSOC'11 Proceedings of the 9th international conference on Service-Oriented Computing
On the security of public key protocols
IEEE Transactions on Information Theory
| Hi-index | 0.00 |
Interoperable identity and trust management infrastructure plays an important role in enabling integrations in cloud computing environments. In the past decade or so, several web-based workflows have emerged as de-facto standards for user identity and resource access across enterprises. Establishing correctness of such web protocols is of immense importance to a large number of common business transactions on the web. In this paper, we propose a framework for analyzing security in web protocols. A novel aspect of our proposal is bringing together two contrasting styles used for security protocol analysis. We use the inference construction style, in which the well-known BAN logic has been extended to reason about web protocols, in conjunction with, an attack construction style that performs SAT based model-checking to rule out certain active attacks. The result is an analysis method that shares simplicity and intuitive appeal of belief logics, at the same time covers a wider range of protocols, along with an ability to automatically find attacks. To illustrate effectiveness, case study of a leading web identity and access management protocol is presented, where application of our analysis method results in a previously unreported attack being identified.