A calculus for cryptographic protocols
Information and Computation
Inductive analysis of the Internet protocol TLS
ACM Transactions on Information and System Security (TISSEC)
Communicating and mobile systems: the &pgr;-calculus
Communicating and mobile systems: the &pgr;-calculus
Strand spaces: proving security protocols correct
Journal of Computer Security
The inductive approach to verifying cryptographic protocols
Journal of Computer Security
Using encryption for authentication in large networks of computers
Communications of the ACM
Mobile values, new names, and secure communication
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Fault-perserving simplifying transformations for security protocols
Journal of Computer Security
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
From Secrecy to Authenticity in Security Protocols
SAS '02 Proceedings of the 9th International Symposium on Static Analysis
A Hierarchy of Authentication Specifications
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
TAPS: A First-Order Verifier for Cryptographic Protocols
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A Semantic Model for Authentication Protocols
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
A composable cryptographic library with nested operations
Proceedings of the 10th ACM conference on Computer and communications security
A compositional logic for proving security properties of protocols
Journal of Computer Security - Special issue on CSFW14
Verifying policy-based security for web services
Proceedings of the 11th ACM conference on Computer and communications security
Web Services Are Not Distributed Objects
IEEE Internet Computing
Validating a web service security abstraction by typing
Formal Aspects of Computing
Validating a web service security abstraction by typing
Formal Aspects of Computing
Secure sessions for web services
SWS '04 Proceedings of the 2004 workshop on Secure web service
Proving a WS-Federation passive requestor profile
SWS '04 Proceedings of the 2004 workshop on Secure web service
A Computationally Sound Mechanized Prover for Security Protocols
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Verified Interoperable Implementations of Security Protocols
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
A semantics for web services authentication
Theoretical Computer Science - Theoretical foundations of security analysis and design II
Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)
Journal of Cryptology
The modelling and analysis of security protocols: the csp approach
The modelling and analysis of security protocols: the csp approach
Symbolic and cryptographic analysis of the secure WS-ReliableMessaging scenario
FOSSACS'06 Proceedings of the 9th European joint conference on Foundations of Software Science and Computation Structures
The AVISPA tool for the automated validation of internet security protocols and applications
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Authentication by correspondence
IEEE Journal on Selected Areas in Communications
Verifying policy-based web services security
ACM Transactions on Programming Languages and Systems (TOPLAS)
An agent-based framework for dynamic web service selection
Proceedings of the 2008 Spring simulation multiconference
Verified interoperable implementations of security protocols
ACM Transactions on Programming Languages and Systems (TOPLAS)
A secure compiler for session abstractions
Journal of Computer Security - 20th IEEE Computer Security Foundations Symposium (CSF)
Itinerary Planner: A Mashup Case Study
Service-Oriented Computing - ICSOC 2007 Workshops
Translating shared state based ebXML BPSS models to WS-BPEL
International Journal of Business Intelligence and Data Mining
Interoperability and Functionality of WS-* Implementations
International Journal of Web Services Research
Secure healthcare data sharing among federated health information systems
International Journal of Critical Computer-Based Systems
Hi-index | 0.03 |
We address the problem of securing sequences of SOAP messages exchanged between web services and their clients. The WS-Security standard defines basic mechanisms to secure SOAP traffic, one message at a time. For typical web services, however, using WS-Security independently for each message is rather inefficient; moreover, it is often important to secure the integrity of a whole session, as well as each message. To these ends, recent specifications provide further SOAP-level mechanisms. WS-SecureConversation defines security contexts, which can be used to secure sessions between two parties. WS-Trust specifies how security contexts are issued and obtained. We develop a semantics for the main mechanisms of WS-Trust and WS-SecureConversation, expressed as a library for TulaFale, a formal scripting language for security protocols. We model typical protocols relying on these mechanisms and automatically prove their main security properties. We also informally discuss some pitfalls and limitations of these specifications.