A semantics for web services authentication

Theoretical Computer Science

Volumn 340, Issue 1, 2005, Pages 102-153

  Bhargavan, Karthikeyan ^a   Fournet, Cédric ^a   Gordon, Andrew D ^a  

^a MICROSOFT RESEARCH   (United Kingdom)

Author keywords

Applied pi calculus; Web services; XML security

Indexed keywords

ABSTRACTING; CRYPTOGRAPHY; ELECTRONIC DOCUMENT IDENTIFICATION SYSTEMS; MATHEMATICAL MODELS; NETWORK PROTOCOLS; SECURITY OF DATA; SEMANTICS; XML;

APPLIED PI CALCULUS; SECURITY PROPERTIES; WEB SERVICES; XML SECURITY;

WORLD WIDE WEB;

EID: 18544363572     PISSN: 03043975     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.tcs.2005.03.005     Document Type: Article

References (42)

1. M. Abadi, C. Fournet, Mobile values, new names, and secure communication, in: 28th ACM Symp. on Principles of Programming Languages (POPL'01), 2001, pp. 104-115.
2. M. Abadi, C. Fournet, Private authentication, Theoret. Comput. Sci. 322 (3) (2004) 427-476.
3. M. Abadi, C. Fournet, G. Gonthier, Authentication primitives and their compilation, in: 27th ACM Symp. on Principles of Programming Languages (POPL'00), 2000, pp. 302-315.
4. F. Baader, and T. Nipkow Term Rewriting and All That 1998 Cambridge University Press Cambridge
5. K. Bhargavan, C. Fournet, A.D. Gordon, A semantics for web services authentication, in: 31st ACM Symp. on Principles of Programming Languages (POPL'04), 2004, pp. 198-209.
6. K. Bhargavan, C. Fournet, A.D. Gordon, A semantics for web services authentication, Technical Report MSR-TR-2003-83, Microsoft Research, 2004.
7. K. Bhargavan, C. Fournet, A.D. Gordon, R. Pucella, TulaFale: a security tool for web services, in: Formal Methods for Components and Objects (FMCO'03), Lecture Notes in Computer Science, vol. 3188, Springer, Berlin, 2004.
8. B. Blanchet, An efficient cryptographic protocol verifier based on prolog rules, in: 14th IEEE Comput. Security Found. Workshop (CSFW-14), IEEE Computer Society, Silver Spring, MD, 2001, pp. 82-96.
9. D. Box, D. Ehnebuske, G. Kakivaya, A. Layman, N. Mendelsohn, H. Nielsen, S. Thatte, D. Winer, Simple Object Access Protocol (SOAP) 1.1, 2000, W3C Note, at http://www.w3.org/TR/2000/NOTE-SOAP-20000508/.
10. J. Boyer, Canonical XML, 2001, W3C Recommendation, at http://www.w3.org/TR/2001/REC-xml-c14n-20010315/.
11. J. Boyer, D.E. Eastlake, J. Reagle, Exclusive XML Canonicalization, 2002. W3C Recommendation, at http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718/.
12. M. Burrows, M. Abadi, and R.M. Needham A logic of authentication Proc. Roy. Soc. London A 426 1989 233 271
13. E. Cohen, TAPS: a first-order verifier for cryptographic protocols, in: 13th IEEE Comput. Security Found. Workshop; IEEE Computer Society Press, Silver Spring, MD, 2000, pp. 144-158.
14. J. Cowan, R. Tobin, XML Information Set, 2001, W3C Recommendation, at http://www.w3.org/TR/2001/REC-xml-infoset-20011024/.
15. E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, and P. Samarati Securing SOAP e-services Internat. J. Inform. Security 1 2 2002 100 115
16. E. Damiani, S. De Capitani di Vimercati, P. Samarati, Towards securing XML web services, in: ACM Workshop on XML Security 2002, 2003, pp. 90-96.
17. T. Dierks, C. Allen, The TLS protocol: Version 1.0, 1999, RFC 2246.
18. D. Dolev, and A.C. Yao On the security of public key protocols IEEE Trans. Inform. Theory IT-29 2 1983 198 208
19. D. Eastlake, P. Jones, US Secure Hash Algorithm 1 (SHA1), 2001, RFC 3174.
20. D. Eastlake, J. Reagle, D. Solo, M. Bartel, J. Boyer, B. Fox, B. LaMacchia, E. Simon, XML-Signature Syntax and Processing, 2002, W3C Recommendation, at http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/.
21. R. Focardi, R. Gorrieri, and F. Martinelli A comparison of three authentication properties Theoret. Comput. Sci. 291 3 2003 285 327
22. A.D. Gordon, and A. Jeffrey Authenticity by typing for security protocols J. Comput. Security 11 4 2003 451 521
23. A.D. Gordon, R. Pucella, Validating a web service security abstraction by typing, in: ACM Workshop on XML Security 2002, 2003, pp. 18-29.
24. J. Jonsson, B. Kaliski, Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1, 2003, RFC 3447.
25. R. Kemmerer, C. Meadows, and J. Millen Three systems for cryptographic protocol analysis J. Cryptol. 7 2 1994 79 130
26. H. Krawczyk, M. Bellare, R. Canetti, HMAC: keyed-hashing for message authentication, 1997, RFC 2104.
27. G. Lowe, Breaking and fixing the Needham-Schroeder public-key protocol using CSP and FDR, in: Tools and Algorithms for the Construction and Analysis of Systems, Lecture Notes in Computer Science, Vol. 1055, Springer, Berlin, 1996, pp. 147-166.
28. G. Lowe, A hierarchy of authentication specifications, in: Proc. 10th IEEE Comput. Security Found. Workshop, 1997, IEEE Computer Society Press, Silver Spring, MD, 1997, pp. 31-44.
29. Microsoft Corporation, Microsoft. NET Pet Shop, 2002, at http://www.gotdotnet.com/team/compare/petshop.aspx.
30. Microsoft Corporation, Web Services Enhancements for Microsoft. NET, December 2002, at http://msdn.microsoft.com/webservices/building/wse/default. aspx.
31. R. Milner Communicating and Mobile Systems: the π -Calculus 1999 Cambridge University Press Cambridge
32. A. Nadalin, C. Kaler, P. Hallam-Baker, R. Monzillo, OASIS Web Services Security: SOAP Message Security 1.0 (WS-Security 2004), March 2004, at http://www.oasis-open.org/committees/download.php/5941/oasis-200401-wss- soap-message-security-1.0.pdf.
33. R.M. Needham, and M.D. Schroeder Using encryption for authentication in large networks of computers Comm. Assoc. Comput. Mach. 21 12 1978 993 999
34. H.F. Nielsen, S. Thatte, Web services routing protocol (WS-Routing), at http://msdn.microsoft.com/library/en-us/dnglobspec/html/ws-routing.asp, October 2001.
35. L.C. Paulson The inductive approach to verifying cryptographic protocols J. Comput. Security 6 1998 85 128
36. J.H. Saltzer, D.P. Reed, and D.D. Clark End-to-end arguments in system design ACM Trans. Comput. Systems 2 4 1984 277 288
37. M. Satyanarayanan Integrating security in a large distributed system ACM Trans. Comput. Systems 7 3 1989 247 280
38. J. Siméon, P. Wadler, The essence of XML, in: 30th ACM Symp. on Principles of Programming Languages (POPL'03), 2003, pp. 1-13.
39. F.J. Thayer Fábrega, J.C. Herzog, and J.D. Guttman Strand spaces: proving security protocols correct J. Comput. Security 7 1999 191 230
40. L. van Doorn, M. Abadi, M. Burrows, E. Wobber, Secure network objects, in: IEEE Comput. Soc. Symp. on Research in Security and Privacy, 1996, pp. 211-221.
41. W. Vogels Web services are not distributed objects IEEE Internet Comput. 7 6 2003 59 66
42. T.Y.C. Woo, S.S. Lam, A semantic model for authentication protocols, in: IEEE Comput. Soc. Symp. on Research in Security and Privacy, 1993, pp. 178-194.