Inductive analysis of the Internet protocol TLS
ACM Transactions on Information and System Security (TISSEC)
Communicating and mobile systems: the &pgr;-calculus
Communicating and mobile systems: the &pgr;-calculus
Using encryption for authentication in large networks of computers
Communications of the ACM
Mobile values, new names, and secure communication
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
From Secrecy to Authenticity in Security Protocols
SAS '02 Proceedings of the 9th International Symposium on Static Analysis
Validating a Web service security abstraction by typing
Proceedings of the 2002 ACM workshop on XML security
A Hierarchy of Authentication Specifications
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A Semantic Model for Authentication Protocols
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
A semantics for web services authentication
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Verifying policy-based security for web services
Proceedings of the 11th ACM conference on Computer and communications security
An advisor for web services security policies
Proceedings of the 2005 workshop on Secure web services
Tailoring the Dolev-Yao abstraction to web services realities
Proceedings of the 2005 workshop on Secure web services
Securing the drop-box architecture for assisted living
Proceedings of the fourth ACM workshop on Formal methods in security
A fuzzy outranking approach in risk analysis of web service security
Cluster Computing
Secure sessions for Web services
ACM Transactions on Information and System Security (TISSEC)
Compiling cryptographic protocols for deployment on the web
Proceedings of the 16th international conference on World Wide Web
Planning and verifying service composition
Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
On Secure Implementation of an IHE XUA-Based Protocol for Authenticating Healthcare Professionals
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
On the Relationship Between Web Services Security and Traditional Protocols
Electronic Notes in Theoretical Computer Science (ENTCS)
Implementation of message layer protocol with non-repudiation
Proceedings of the International Conference and Workshop on Emerging Trends in Technology
A protocol compiler for secure sessions in ML
TGC'07 Proceedings of the 3rd conference on Trustworthy global computing
Foundations of security analysis and design IV
Symbolic and cryptographic analysis of the secure WS-ReliableMessaging scenario
FOSSACS'06 Proceedings of the 9th European joint conference on Foundations of Software Science and Computation Structures
Verified reference implementations of WS-Security protocols
WS-FM'06 Proceedings of the Third international conference on Web Services and Formal Methods
Formal methods and cryptography
FM'06 Proceedings of the 14th international conference on Formal Methods
Security issues in service composition
FMOODS'06 Proceedings of the 8th IFIP WG 6.1 international conference on Formal Methods for Open Object-Based Distributed Systems
Security Analysis of Standards-Driven Communication Protocols for Healthcare Scenarios
Journal of Medical Systems
| Hi-index | 0.00 |
WS-Security provides basic means to secure SOAP traffic, one envelope at a time. For typical web services, however, using WS-Security independently for each message is rather inefficient; besides, it is often important to secure the integrity of a whole session, as well as each message. To these ends, recent specifications provide further SOAP-level mechanisms. WS-SecureConversation introduces security contexts, which can be used to secure sessions between two parties. WS-Trust specifies how security contexts are issued and obtained.We develop a semantics for the main mechanisms of WS-Trust and WS-SecureConversation, expressed as a library for TulaFale, a formal scripting language for security protocols. We model typical protocols relying on these mechanisms, and automatically prove their main security properties. We also informally discuss some limitations of these specifications.