A calculus of mobile processes, I
Information and Computation
A calculus of mobile processes, II
Information and Computation
An attack on the Needham-Schroeder public-key authentication protocol
Information Processing Letters
A calculus for cryptographic protocols
Information and Computation
Inductive analysis of the Internet protocol TLS
ACM Transactions on Information and System Security (TISSEC)
Using encryption for authentication in large networks of computers
Communications of the ACM
Principles of Program Analysis
Principles of Program Analysis
Model-Checking CSP-OZ Specifications with FDR
IFM '99 Proceedings of the 1st International Conference on Integrated Formal Methods
Finite-state analysis of SSL 3.0
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Verifying the SET registration protocols
IEEE Journal on Selected Areas in Communications
Tailoring the Dolev-Yao abstraction to web services realities
Proceedings of the 2005 workshop on Secure web services
Verified implementations of the information card federated identity-management protocol
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Proceedings of the 6th ACM workshop on Formal methods in security engineering
Universally Composable Security Analysis of TLS
ProvSec '08 Proceedings of the 2nd International Conference on Provable Security
On Secure Implementation of an IHE XUA-Based Protocol for Authenticating Healthcare Professionals
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Static Validation of a Voting Protocol
Electronic Notes in Theoretical Computer Science (ENTCS)
Analysing protocol stacks for services
Rigorous software engineering for service-oriented systems
Specifying and modelling secure channels in strand spaces
FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
Weakest link attack on single sign-on and its case in SAML v2.0 web SSO
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part III
Security Analysis of Standards-Driven Communication Protocols for Healthcare Scenarios
Journal of Medical Systems
Hi-index | 0.00 |
Previous studies have successfully used static analysis to automatically validate authentication and confidentiality properties of classical key distribution protocols. In this paper we show how the very same technique can be used to validate modern web-based protocols, in particular, we study the SAML Single Sign-On protocol. The description of the protocol does not supply any security analysis but only lists various recommendations. One of these is to use versions of the TLS protocol for establishing secure connections between the principals. Using our static analysis tool we illustrate how some instantiations of the Single Sign-On protocol are flawed whereas others are not.