An advisor for web services security policies

Authors:
Karthikeyan Bhargavan;Cédric Fournet;Andrew D. Gordon;Greg O'Shea
Affiliations:
Microsoft Research, Cambridge;Microsoft Research, Cambridge;Microsoft Research, Cambridge;Microsoft Research, Cambridge
Venue:
Proceedings of the 2005 workshop on Secure web services
Year:
2005

Citing 9
Cited 11

Using encryption for authentication in large networks of computers

Communications of the ACM
Validating a Web service security abstraction by typing

Proceedings of the 2002 ACM workshop on XML security
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Threat Modeling

Threat Modeling
Best-Practice Patterns and Tool Support for Configuring Secure Web Services Messaging

ICWS '04 Proceedings of the IEEE International Conference on Web Services
Verifying policy-based security for web services

Proceedings of the 11th ACM conference on Computer and communications security
Secure sessions for web services

SWS '04 Proceedings of the 2004 workshop on Secure web service
A semantics for web services authentication

Theoretical Computer Science - Theoretical foundations of security analysis and design II
Application of formal methods to the analysis of web services security

EPEW'05/WS-FM'05 Proceedings of the 2005 international conference on European Performance Engineering, and Web Services and Formal Methods, international conference on Formal Techniques for Computer Systems and Business Processes

Event-based application of ws-security policy on soap messages

Proceedings of the 2007 ACM workshop on Secure web services
Breaking and fixing the inline approach

Proceedings of the 2007 ACM workshop on Secure web services
Verifying policy-based web services security

ACM Transactions on Programming Languages and Systems (TOPLAS)
The practical application of a process for eliciting and designing security in web service systems

Information and Software Technology
A pattern-driven security advisor for service-oriented architectures

Proceedings of the 2009 ACM workshop on Secure web services
Using XML schema to improve writing, validation, and structure of WS-policies

Proceedings of the 2010 ACM Symposium on Applied Computing
Validating security policy conformance with WS-security requirements

IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Utilizing the interactive techniques to achieve automated service composition for Web Services

Journal of High Speed Networks
All your clouds are belong to us: security analysis of cloud management interfaces

Proceedings of the 3rd ACM workshop on Cloud computing security workshop
On breaking SAML: be whoever you want to be

Security'12 Proceedings of the 21st USENIX conference on Security symposium
Interoperability and Functionality of WS-* Implementations

International Journal of Web Services Research

Quantified Score

Hi-index	0.00

Visualization

Abstract

We identify common security vulnerabilities found during security reviews of web services with policy-driven security. We describe the design of an advisor for web services security configurations, the first tool both to identify such vulnerabilities automatically and to offer redial advice. We report on its implentation as a plugin for Microsoft Web Services Enhancents (WSE).