Secure sessions for web services

Proceedings of the 2004 Workshop on Secure Web Service, SWS 2004

Volumn , Issue , 2015, Pages 56-66

  Bhargavan, Karthikeyan ^b   Corin, Ricardo ^a,b   Fournet, Cédric ^b   Gordon, Andrew D ^b  

^a UNIVERSITY OF TWENTE   (Netherlands)

^b MICROSOFT RESEARCH   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

NETWORK SECURITY; SEMANTICS; SPECIFICATIONS; TELECOMMUNICATION SERVICES; WEBSITES;

LEVEL MECHANISM; SCRIPTING LANGUAGES; SECURE SESSION; SECURITY CONTEXT; SECURITY PROPERTIES; SECURITY PROTOCOLS; WS-SECURECONVERSATION; WS-SECURITY;

WEB SERVICES;

EID: 84954139111     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1111348.1111355     Document Type: Conference Paper

References (31)

1. M. Abadi, B. Blanchet, and C. Fournet. Just fast keying in the pi calculus. In Proceedings of the 13th European Symposium on Programming (ESOP'04), volume 2986 of LNCS, pages 340-354. Springer, 2004.
2. M. Abadi and C. Fournet. Mobile values, new names, and secure communication. In 28th ACM Symposium on Principles of Programming Languages (POPL'01), pages 104-115, 2001.
3. K. Bhargavan, R. Corin, C. Fournet, and A. D. Gordon. Secure sessions for web services. Technical Report MSR-TR- 2004-114, Microsoft Research, 2004.
4. K. Bhargavan, C. Fournet, and A. D. Gordon. A semantics for web services authentication. In 31st ACM Symposium on Principles of Programming Languages (POPL'04), pages 198-209, 2004. An extended version appears as Microsoft Research Technical Report MSR-TR-2003-83.
5. K. Bhargavan, C. Fournet, and A. D. Gordon. Verifying policy-based security for web services. In 11th ACM Conference on Computer and Communications Security (CCS'04), pages 268-277, 2004.
6. K. Bhargavan, C. Fournet, A. D. Gordon, and R. Pucella. TulaFale: A security tool for web services. In International Symposium on Formal Methods for Components and Objects (FMCO'03), volume 3188 of LNCS. Springer, 2004.
7. B. Blanchet. An efficient cryptographic protocol verifier based on Prolog rules. In 14th IEEE Computer Security Foundations Workshop (CSFW-14), pages 82-96. IEEE Computer Society, 2001.
8. B. Blanchet. From secrecy to authenticity in security protocols. In 9th International Static Analysis Symposium (SAS'02), volume 2477 of LNCS, pages 342-359. Springer, 2002.
9. D. Box, F. Curbera, et al. Web Services Addressing (WS-Addressing), Aug. 2004. At http://www.w3.org/Submission/2004/SUBM-ws-addressing-20040810/.
10. E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, and P. Samarati. Securing SOAP e-services. International Journal of Information Security, 1(2):100-115, 2002.
11. W. Diffie and M. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, IT-22(6):644- 654, Nov. 1976.
12. D. Dolev and A. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, IT-29(2):198- 208, 1983.
13. C. Ferris, D. Langworthy, et al. Web Services Reliable Messaging Protocol (WS-ReliableMessaging), Mar. 2004. At http://msdn.microsoft.com/ws/2004/03/ws-reliablemessaging/.
14. A. O. Freier, P. Karlton, and P. C. Kocher. The SSL protocol: Version 3.0. http://home.netscape.com/eng/ssl3/draft302.txt, November 1996.
15. A. D. Gordon and R. Pucella. Validating a web service security abstraction by typing. In ACM Workshop on XML Security 2002, pages 18-29, 2003. An extended version appears as Microsoft Research Technical Report MSR-TR-2002-108.
16. M. Gudgin. Using WS-Trust and WS-SecureConversation. MSDN, May 2004. At http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwebsrv/html/ws-trustandsecureconv.asp.
17. D. Harkins and D. Carrel. RFC 2409: The Internet Key Exchange (IKE). http://www.ietf.org/rfc/rfc2409.txt, Nov. 1998.
18. J. E. Johnson, D. E. Langworthy, L. Lamport, and F. H. Vogt. Formal specification of a web services protocol. In 1st International Workshop on Web Services and Formal Methods (WS-FM 2004), 2004. University of Pisa.
19. C. Kaler, A. Nadalin, et al. Web Services Federation Language (WS-Federation) Version 1.0, July 2003. At http://msdn.microsoft.com/ws/2003/07/ws-federation/.
20. C. Kaler, A. Nadalin, et al. Web Services Secure Conversation Language (WS-SecureConversation) Version 1.1, May 2004. At http://msdn.microsoft.com/ws/2004/04/ws-secure-conversation/.
21. C. Kaler, A. Nadalin, et al. Web Services Trust Language (WS-Trust) Version 1.1, May 2004. At http://msdn.microsoft.com/ws/2004/04/ws-trust/.
22. E. Kleiner and A. W. Roscoe. Web services security: A preliminary study using Casper and FDR. In Proceedings of Automated Reasoning for Security Protocol Analysis (ARSPA 04), 2004.
23. G. Lowe. A hierarchy of authentication specifications. In Proceedings of 10th IEEE Computer Security Foundations Workshop, 1997, pages 31-44. IEEE Computer Society Press, 1997.
24. Microsoft Corporation. Web Services Enhancements (WSE) 2.0 SP1, July 2004. At http://msdn.microsoft.com/webservices/building/wse/default.aspx.
25. R. Milner. Communicating and Mobile Systems: the 1/4- Calculus. Cambridge University Press, 1999.
26. A. Nadalin, C. Kaler, P. Hallam-Baker, and R. Monzillo. OASIS Web Services Security: SOAP Message Security 1.0 (WS-Security 2004), Mar. 2004. At http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf.
27. R. Needham and M. Schroeder. Using encryption for authentication in large networks of computers. Commun. ACM, 21(12):993-999, 1978.
28. L. C. Paulson. Inductive analysis of the internet protocol TLS. ACM Trans. Inf. Syst. Secur., 2(3):332-351, 1999.
29. W3C. SOAP Version 1.2, 2003. W3C Recommendation, at http://www.w3.org/TR/soap12.
30. T.Woo and S. Lam. A semantic model for authentication protocols. In IEEE Computer Society Symposium on Research in Security and Privacy, pages 178-194, 1993.
31. WS-SecureConversation/WS-Trust Interop Workshop, Oct. 2004. At http://msdn.microsoft.com/webservices/community/workshops/TrustWorkshopOct2004.aspx.