Integrating security in a large distributed system
ACM Transactions on Computer Systems (TOCS)
Term rewriting and all that
Authentication primitives and their compilation
Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Communicating and mobile systems: the &pgr;-calculus
Communicating and mobile systems: the &pgr;-calculus
Strand spaces: proving security protocols correct
Journal of Computer Security
The inductive approach to verifying cryptographic protocols
Journal of Computer Security
End-to-end arguments in system design
ACM Transactions on Computer Systems (TOCS)
Using encryption for authentication in large networks of computers
Communications of the ACM
Mobile values, new names, and secure communication
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
POPL '03 Proceedings of the 30th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A comparison of three authentication properties
Theoretical Computer Science - Special issue: Algebraic methodology and software technology
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Validating a Web service security abstraction by typing
Proceedings of the 2002 ACM workshop on XML security
Towards securing XML Web services
Proceedings of the 2002 ACM workshop on XML security
A Hierarchy of Authentication Specifications
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
TAPS: A First-Order Verifier for Cryptographic Protocols
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A Semantic Model for Authentication Protocols
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Authenticity by typing for security protocols
Journal of Computer Security - Special issue on CSFW14
A semantics for web services authentication
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Theoretical Computer Science - Special issue: Foundations of wide area network computing
Web Services Are Not Distributed Objects
IEEE Internet Computing
An advisor for web services security policies
Proceedings of the 2005 workshop on Secure web services
Reasoning about XACML policies using CSP
Proceedings of the 2005 workshop on Secure web services
Secure sessions for Web services
ACM Transactions on Information and System Security (TISSEC)
Verified implementations of the information card federated identity-management protocol
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Verifying policy-based web services security
ACM Transactions on Programming Languages and Systems (TOPLAS)
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
Verified interoperable implementations of security protocols
ACM Transactions on Programming Languages and Systems (TOPLAS)
UTP semantics for web services
IFM'07 Proceedings of the 6th international conference on Integrated formal methods
Formal methods and hybrid real-time systems
UTP'08 Proceedings of the 2nd international conference on Unifying theories of programming
A probabilistic BPEL-like language
UTP'10 Proceedings of the Third international conference on Unifying theories of programming
Verified reference implementations of WS-Security protocols
WS-FM'06 Proceedings of the Third international conference on Web Services and Formal Methods
Hi-index | 0.00 |
We consider the problem of specifying and verifying cryptographic security protocols for XML web services. The security specification WS-Security describes a range of XML security elements, such as username tokens, public-key certificates, and digital signatures, amounting to a flexible vocabulary for expressing protocols. To describe the syntax of these elements, we extend the usual XML data model with symbolic representations of cryptographic values. We use predicates on this data model to describe the semantics of security elements and of sample protocols distributed with the Microsoft WSE implementation of WS-Security. By embedding our data model within Abadi and Fournet's applied pi calculus, we formulate and prove security properties with respect to the standard Dolev-Yao threat model. Moreover, we informally discuss issues not addressed by the formal model. To the best of our knowledge, this is the first approach to the specification and verification of security protocols based on a faithful account of the XML wire format.