Authentication in distributed systems: theory and practice
ACM Transactions on Computer Systems (TOCS)
Authentication in the Taos operating system
ACM Transactions on Computer Systems (TOCS) - Special issue on operating systems principles
Secure communication using remote procedure calls
ACM Transactions on Computer Systems (TOCS)
A security architecture for computational grids
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
A calculus for cryptographic protocols
Information and Computation
Featherweight Java: a minimal core calculus for Java and GJ
Proceedings of the 14th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Authentication primitives and their compilation
Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Communicating and mobile systems: the &pgr;-calculus
Communicating and mobile systems: the &pgr;-calculus
Theoretical Computer Science
Typing a multi-language intermediate code
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
An access control language for web services
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
A Theory of Objects
Essential COM
Developing Secure Distributed Systems with CORBA
Developing Secure Distributed Systems with CORBA
A Typed Process Calculus for Fine-Grained Resource Access Control in Distributed Computation
TACS '01 Proceedings of the 4th International Symposium on Theoretical Aspects of Computer Software
Global/Local Subtyping and Capability Inference for a Distributed pi-calculus
ICALP '98 Proceedings of the 25th International Colloquium on Automata, Languages and Programming
Secure Implementation of Channel Abstractions
LICS '98 Proceedings of the 13th Annual IEEE Symposium on Logic in Computer Science
Types and Effects for Asymmetric Cryptographic Protocols
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Typing correspondence assertions for communication protocols
Theoretical Computer Science
Authenticity by Typing for Security Protocols
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A Semantic Model for Authentication Protocols
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A Security Infrastructure for Distributed Java Applications
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
A semantics for web services authentication
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Verifying policy-based security for web services
Proceedings of the 11th ACM conference on Computer and communications security
An advisor for web services security policies
Proceedings of the 2005 workshop on Secure web services
Proving a WS-federation passive requestor profile with a browser model
Proceedings of the 2005 workshop on Secure web services
Trust but verify: authorization for web services
SWS '04 Proceedings of the 2004 workshop on Secure web service
Secure sessions for web services
SWS '04 Proceedings of the 2004 workshop on Secure web service
Proving a WS-Federation passive requestor profile
SWS '04 Proceedings of the 2004 workshop on Secure web service
Theoretical Computer Science - Applied semantics: Selected topics
A semantics for web services authentication
Theoretical Computer Science - Theoretical foundations of security analysis and design II
Types and effects for asymmetric cryptographic protocols
Journal of Computer Security - Special issue on CSFW15
Verified interoperable implementations of security protocols
ACM Transactions on Programming Languages and Systems (TOPLAS)
On the Relationship Between Web Services Security and Traditional Protocols
Electronic Notes in Theoretical Computer Science (ENTCS)
Typing one-to-one and one-to-many correspondences in security protocols
ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems
A framework towards enhancing trust and authorisation for e-commerce service
International Journal of Internet Technology and Secured Transactions
Symbolic and cryptographic analysis of the secure WS-ReliableMessaging scenario
FOSSACS'06 Proceedings of the 9th European joint conference on Foundations of Software Science and Computation Structures
Verified reference implementations of WS-Security protocols
WS-FM'06 Proceedings of the Third international conference on Web Services and Formal Methods
Structured Communication-Centered Programming for Web Services
ACM Transactions on Programming Languages and Systems (TOPLAS)
Hi-index | 0.00 |
An XML web service is, to a first approximation, an RPC service in which requests and responses are encoded in XML as SOAP envelopes, and transported over HTTP. We consider the problem of authenticating requests and responses at the SOAP-level, rather than relying on transport-level security. We propose a security abstraction, inspired by earlier work on secure RPC, in which the methods exported by a web service are annotated with one of three security levels: none, authenticated, or both authenticated and encrypted. We model our abstraction as an object calculus with primitives for defining and calling web services. We describe the semantics of our object calculus by translating to a lower-level language with primitives for message passing and cryptography. To validate our semantics, we embed correspondence assertions that specify the correct authentication of requests and responses. By appeal to the type theory for cryptographic protocols of Gordon and Jeffrey's Cryptyc, we verify the correspondence assertions simply by typing. Finally, we describe an implementation of our semantics via custom SOAP headers.