Using encryption for authentication in large networks of computers
Communications of the ACM
Mobile values, new names, and secure communication
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
From Secrecy to Authenticity in Security Protocols
SAS '02 Proceedings of the 9th International Symposium on Static Analysis
Validating a Web service security abstraction by typing
Proceedings of the 2002 ACM workshop on XML security
Using Replication and Partitioning to Build Secure Distributed Systems
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A semantics for web services authentication
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Spi2Java: Automatic Cryptographic Protocol Java Code Generation from spi calculus
AINA '04 Proceedings of the 18th International Conference on Advanced Information Networking and Applications - Volume 2
Best-Practice Patterns and Tool Support for Configuring Secure Web Services Messaging
ICWS '04 Proceedings of the IEEE International Conference on Web Services
An advisor for web services security policies
Proceedings of the 2005 workshop on Secure web services
Tailoring the Dolev-Yao abstraction to web services realities
Proceedings of the 2005 workshop on Secure web services
Secure sessions for web services
SWS '04 Proceedings of the 2004 workshop on Secure web service
Defeasible security policy composition for web services
Proceedings of the fourth ACM workshop on Formal methods in security
Towards secure SOAP message exchange in a SOA
Proceedings of the 3rd ACM workshop on Secure web services
Secure sessions for Web services
ACM Transactions on Information and System Security (TISSEC)
Breaking and fixing the inline approach
Proceedings of the 2007 ACM workshop on Secure web services
Verified implementations of the information card federated identity-management protocol
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Syntactic Validation of Web Services Security Policies
ICSOC '07 Proceedings of the 5th international conference on Service-Oriented Computing
Verified interoperable implementations of security protocols
ACM Transactions on Programming Languages and Systems (TOPLAS)
Models and Proofs of Protocol Security: A Progress Report
CAV '09 Proceedings of the 21st International Conference on Computer Aided Verification
Automated Security Protocol Analysis With the AVISPA Tool
Electronic Notes in Theoretical Computer Science (ENTCS)
Security protocols: principles and calculi tutorial notes
Foundations of security analysis and design IV
Validating security policy conformance with WS-security requirements
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
All your clouds are belong to us: security analysis of cloud management interfaces
Proceedings of the 3rd ACM workshop on Cloud computing security workshop
Symbolic and cryptographic analysis of the secure WS-ReliableMessaging scenario
FOSSACS'06 Proceedings of the 9th European joint conference on Foundations of Software Science and Computation Structures
Application of formal methods to the analysis of web services security
EPEW'05/WS-FM'05 Proceedings of the 2005 international conference on European Performance Engineering, and Web Services and Formal Methods, international conference on Formal Techniques for Computer Systems and Business Processes
A unified formal model for service oriented architecture to enforce security contracts
Proceedings of the 11th annual international conference on Aspect-oriented Software Development Companion
On breaking SAML: be whoever you want to be
Security'12 Proceedings of the 21st USENIX conference on Security symposium
| Hi-index | 0.00 |
WS-SecurityPolicy is a declarative configuration language for driving web services security mechanisms. We describe a formal semantics for WS-SecurityPolicy, and propose a more abstract link language for specifying the security goals of web services and their clients. Hence, we present the architecture and implementation of fully automatic tools that (1) compile policy files from link specifications, and (2) verify by invoking a theorem prover whether a set of policy files run by any number of senders and receivers correctly implements the goals of a link specification, in spite of active attackers. Policy-driven web services implementations are prone to the usual subtle vulnerabilities associated with cryptographic protocols; our tools help prevent such vulnerabilities, as we can verify policies when first compiled from link specifications, and also re-verify policies against their original goals after any modifications during deployment.