A semantics for web services authentication

Conference Record of the Annual ACM Symposium on Principles of Programming Languages

Volumn 31, Issue , 2004, Pages 198-209

  Bhargavan, Karthikeyan ^a   Fournet, Cédric ^a   Gordon, Andrew D ^a  

^a MICROSOFT RESEARCH   (United States)

Author keywords

Applied Pi Calculus; Web Services; XML Security

Indexed keywords

CRYPTOGRAPHY; DATABASE SYSTEMS; PROBLEM SOLVING; ROUTERS; SAMPLING; SECURITY OF DATA; SEMANTICS; XML;

APPLIED PI CALCULUS; AUTHENTICATION; WEB SERVICES; XML SECURITY;

WORLD WIDE WEB;

EID: 2442519269     PISSN: 07308566     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/964001.964018     Document Type: Conference Paper

References (37)

1. M. Abadi and C. Fournet. Mobile values, new names, and secure communication. In 28th ACM Symposium on Principles of Programming Languages (POPL'01), pages 104-115, 2001.
2. M. Abadi, C. Fournet, and G. Gonthier. Authentication primitives and their compilation. In 27th ACM Symposium on Principles of Programming Languages (POPL'00), pages 302-315, 2000.
3. B. Atkinson, G. Della-Libera, S. Hada, M. Hondo, P. Hallam-Baker, C. Kaler, J. Klein, B. LaMacchia, P. Leach, J. Manferdelli, H. Maruyama, A. Nadalin, N. Nagaratnam, H. Prafullchandra, J. Shewchuk, and D. Simon. Web services security (WS-Security), version 1.0. http://msdn.microsoft.com/library/ en-us/dnglobspec/html/ws-security.asp. Draft submitted to OASIS Web Services Security TC, April 2002.
4. K. Bhargavan, C. Fournet, and A. D. Gordon. A semantics for web services authentication. Technical Report MSR-TR-2003-83, Microsoft Research, 2003.
5. B. Blanchet. From secrecy to authenticity in security protocols. In Proceedings of the 9th International Static Analysis Symposium (SAS'02), volume 2477 of LNCS, pages 342-359. Springer, 2002.
6. D. Box, D. Ehnebuske, G. Kakivaya, A. Layman, N. Mendelsohn, H. Nielsen, S. Thatte, and D. Winer. Simple Object Access Protocol (SOAP) 1.1, 2000. W3C Note, http://www.w3.org/TR/2000/NOTE-SOAP-20000508/.
7. J. Boyer. Canonical XML, 2001. W3C Recommendation, http://www.w3.org/TR/ 2001/REC-xml-c14n-20010315/.
8. J. Boyer, D. E. Eastlake, and J. Reagle. Exclusive XML Canonicalization, 2002. W3CRecommendation, http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718/.
9. M. Burrows, M. Abadi, and R. Needham. A logic of authentication. Proceedings of the Royal Society of London A, 426:233-271, 1989.
10. E. Cohen. TAPS: A first-order verifier for cryptographic protocols. In 13th IEEE Computer Security Foundations Workshop, pages 144-158. IEEE Computer Society Press, 2000.
11. J. Cowan and R. Tobin. XML Information Set, 2001. W3C Recommendation, http://www.w3.org/TR/2001/REC-xml-infoset-20011024/.
12. E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, and P. Samarati. Securing SOAP e-services. International Journal of Information Security, 1(2):100-115, 2002.
13. E. Damiani, S. De Capitani di Vimercati, and P. Samarati. Towards securing XML web services. In ACM Workshop on XML Security 2002, pages 90-96, 2003.
14. T. Dierks and C. Allen. The TLS protocol: Version 1.0, 1999. RFC 2246.
15. D. Dolev and A. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, IT-29(2): 198-208, 1983.
16. D. Eastlake and P. Jones. US Secure Hash Algorithm 1 (SHA1), 2001. RFC 3174.
17. D. Eastlake, J. Reagle, D. Solo, M. Bartel, J. Boyer, B. Fox, B. LaMacchia, and E. Simon. XML-Signature Syntax and Processing, 2002. W3C Recommendation, http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/.
18. C. Fournet and M. Abadi. Hiding names: Private authentication in the applied pi calculus. In M. Okada, B. Pierce, A. Scedrov, H. Tokuda, and A. Yonezawa, editors, Software Security - Theories and Systems, Mext-NSF-JSPS International Symposium, Tokyo, Nov. 2002 (ISSS'02), volume 2609 of LNCS, pages 317-338. Springer, 2003.
19. A. Gordon and A. Jeffrey. Authenticity by typing for security protocols. Journal of Computer Security, 11(4):451-521, 2003.
20. A. Gordon and R. Pucella. Validating a web service security abstraction by typing. In ACM Workshop on XML Security 2002, pages 18-29, 2003.
21. J. Jonsson and B. Kaliski. Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1, 2003. RFC 3447.
22. R. Kemmerer, C. Meadows, and J. Millen. Three systems for cryptographic protocol analysis. Journal of Cryptology, 7(2):79-130, 1994.
23. H. Krawczyk, M. Bellare, and R. Canetti. HMAC: Keyed-hashing for message authentication, 1997. RFC 2104.
24. G. Lowe. Breaking and fixing the Needham-Schroeder public-key protocol using CSP and FOR. In Tools and Algorithms for the Construction and Analysis of Systems, volume 1055 of LNCS, pages 147-166. Springer, 1996.
25. Microsoft Corporation. Microsoft .NET Pet Shop, 2002. http://www.gotdotnet.com/team/compare/petshop.aspx.
26. Microsoft Corporation. Web Services Enhancements for Microsoft .NET, Dec. 2002. http://msdn.microsoft.com/webservicss/building/wse/default.aspx.
27. R. Milner. Communicating and Mobile Systems: the π-Calculus. Cambridge University Press, 1999.
28. A. Nadalin, C. Kaler, P. Hallam-Baker, and R. Monzillo. Web Services Security: SOAP Message Security, Aug. 2003. Available from http://www.oasis- open.org/committees/tc_home.php?wg_abbrev=wss.
29. R. Needham and M. Schroeder. Using encryption for authentication in large networks of computers. Commun. ACM, 21(12):993-999, 1978.
30. H. F. Nielsen and S. Thatte. Web services routing protocol (WS-Routing). http://msdn.microsoft.com/library/en-us/dnglobspec/html/ws-routing.asp, October 2001.
31. L. Paulson. The inductive approach to verifying cryptographic protocols. Journal of Computer Security, 6:85-128, 1998.
32. J. H. Saltzer, D. P. Reed, and D. D. Clark. End-to-end arguments in system design. ACM Transactions in Computer Systems, 2(4):277-288, November 1984.
33. M. Satyanarayanan. Integrating security in a large distributed system. ACM Trans. Comput. Syst., 7(3):247-280, 1989.
34. J. Siméon and P. Wadler. The essence of XML. In 30th ACM Symposium on Principles of Programming Languages (POPL'03), pages 1-13, 2003.
35. F. Thayer Fábrega, J. Herzog, and J. Guttman. Strand spaces: Proving security protocols correct. Journal of Computer Security, 1:191-230, 1999.
36. L. van Doom, M. Abadi, M. Burrows, and E. Wobber. Secure network objects. In IEEE Computer Society Symposium on Research in Security and Privacy, pages 211-221, 1996.
37. T. Woo and S. Lam. A semantic model for authentication protocols. In IEEE Computer Society Symposium on Research in Security and Privacy, pages 178-194, 1993.