Verifying policy-based security for web services

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2004, Pages 268-277

  Bhargavan, Karthikeyan ^a   Fournet, Cédric ^a   Gordon, Andrew D ^a  

^a MICROSOFT RESEARCH   (United States)

Author keywords

Pi Calculus; Web Services; XML security

Indexed keywords

CRYPTOGRAPHY; DATA TRANSFER; FORMAL LANGUAGES; INFORMATION SERVICES; NETWORK PROTOCOLS; SEMANTICS; WORLD WIDE WEB; XML;

PI CALCULUS; WEB SERVICE ENHANCEMENTS TOOLKITS (WSE); WEB SERVICES; XML SECURITY;

SECURITY OF DATA;

EID: 14844303360     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1030083.1030120     Document Type: Conference Paper

References (24)

1. M. Abadi and C. Fournet. Mobile values, new names, and secure communication. In Proceedings of the 28th ACM Symposium on Principles of Programming Languages (POPL'01), pages 104-115, 2001.
2. K. Bhargavan, C. Fournet, and A. D. Gordon. A semantics for web services authentication. In 31st ACM Symposium on Principles of Programming Languages (POPL'04), pages 198-209, 2004. An extended version appears as Microsoft Research Technical Report MSR-TR-2003-83.
3. K. Bhargavan, C. Fournet, and A. D. Gordon. Verifying policy-based security for web services. Technical Report MSR-TR-2004-84, Microsoft Research, 2004.
4. K. Bhargavan, C. Fournet, A. D. Gordon, and R. Pucella. TulaFale: A security tool for web services. In International Symposium on Formal Methods for Components and Objects (FMCO'03), LNCS. Springer, 2004. To appear.
5. B. Blanchet. An efficient cryptographic protocol verifier based on Prolog rules. In Proceedings of the 14th IEEE Computer Security Foundations Workshop, pages 82-96. IEEE Computer Society Press, 2001.
6. B. Blanchet. From secrecy to authenticity in security protocols. In Proceedings of the 9th International Static Analysis Symposium (SAS'02), volume 2477 of Lecture Notes in Computer Science, pages 342-359. Springer-Verlag, 2002.
7. D. Box, F. Curbera, et al. Web Services Addressing (WS-Addressing), Aug. 2004. W3C Member Submission, at http://www.w3.org/Submission/ws-addressing/.
8. D. Box, F. Curbera, M. Hondo, C. Kaler, D. Langworthy, A. Nadalin, N. Nagaratnam, M. Nottingham, C. von Riegen, and J. Shewchuk. Web services policy framework (WS-Policy), May 2003.
9. D. Box, M. Hondo, C. Kaler, H. Maruyama, A. Nadalin, N. Nagaratnam, P. Patrick, C. von Riegen, and J. Shewchuk. Web services policy assertions language (WS-Policy Assertions), May 2003.
10. G. Della-Libera, P. Hallam-Baker, M. Hondo, T. Janczuk, C. Kaler, H. Maruyama, N. Nagaratnam, A. Nash, R. Philpott, H. Prafullchandra, J. Shewchuk, E. Waingold, and R. Zolfonoon. Web services security policy language (WS-SecurityPolicy), Dec. 2002.
11. D. Dolev and A. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, IT-29(2):198-208, 1983.
12. A. D. Gordon and R. Pucella. Validating a web service security abstraction by typing. In Proceedings of the 2002 ACM workshop on XML Security, pages 18-29. ACM Press, 2002.
13. J. D. Guttman and A. L. Herzog. Rigorous automated network security management. International Journal of Information Security. To appear.
14. S. Lukell, C. Veldman, and A. C. M. Hutchison. Automated attack analysis and code generation in a multi-dimensional security protocol engineering framework, In Southern African Telecommunication Networks and Applications Conference (SATNAC), 2003.
15. Microsoft Corporation. Web Services Enhancements (WSE) 2.0, 2004. At http://msdn.microsoft.com/webservices/building/wse/default.aspx.
16. F. Muller and J. Millen. Cryptographic protocol generation from CAPSL. Technical Report SRI-CSL-01-07, SRI, 2001.
17. A. Nadalin, C. Kaler, P. Hallam-Baker, and R. Monzillo. OASIS Web Services Security: SOAP Message Security 1.0 (WS-Security 2004), Mar. 2004. OASIS Standard 200401, at http://docs.oasis-open.org/wss/2004/01/oasis-200401- wss-soap-message-security-1.0.pdf.
18. R. Needham and M. Schroeder. Using encryption for authentication in large networks of computers. Commun. ACM, 21(12):993-999, 1978.
19. A. Perrig, D. Song, and D. Phan. AGVI - automatic generation, verification, and implementation of security protocols. In 13th Conference on Computer Aided Verification (CAV), LNCS, pages 241-245. Springer, 2001.
20. D. Pozza, R. Sisto, and L. Durante. Spi2Java: automatic cryptographic protocol Java code generation from spi calculus. In 18th International Conference on Advanced Information Networking and Applications (AINA 2004), volume 1, pages 400-405, 2004.
21. M. Tatsubori, T. Imamura, and Y. Nakamura. Best practice patterns and tool support for configuring secure web services messaging. In International Conference on Web Services (ICWS'04), pages 244-251, 2004.
22. W3C. XML Path Language (XPath) Version 1.0, 1999. W3C Recommendation, at http://www.w3.org/TR/xpath.
23. W3C. SOAP Version 1.2, 2003. W3C Recommendation, at http://www.w3.org/TR/ soap12.
24. L. Zheng, S. Chong, A. C. Myers, and S. Zdancewic. Using replication and partitioning to build secure distributed systems. In IEEE Computer Society Symposium on Research in Security and Privacy, pages 236-250, 2003.