2007
DOI: 10.1007/978-3-540-74621-8_9
|View full text |Cite
|
Sign up to set email alerts
|

Towards an Automatic Analysis of Web Service Security

Abstract: The original publication is available at www.springerlink.comInternational audienceWeb services send and receive messages in XML syntax with some parts hashed, encrypted or signed, according to the WS-Security standard. We have introduced a model to formally describe the protocols that underly these services, their security properties and the rewriting attacks they might be subject to. Unlike other protocol models (in symbolic analysis) ours can handle non-deterministic receive/send actions and unordered seque… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
2

Citation Types

0
17
0

Year Published

2007
2007
2020
2020

Publication Types

Select...
3
2

Relationship

3
2

Authors

Journals

citations
Cited by 8 publications
(17 citation statements)
references
References 12 publications
0
17
0
Order By: Relevance
“…Although this general class encompasses all intruder deduction systems and constraint systems given in this paper, we have preferred to give the simpler definitions from [17] which are sufficient for stating our problem. We will refer, without further justifications, to the model of [15] as extended intruder systems and extended constraint systems. The latter correspond to symbolic derivations in which a most general unifier of the unification system has been applied on the input/output messages.…”
Section: Intruder Deduction Systemsmentioning
confidence: 99%
“…Although this general class encompasses all intruder deduction systems and constraint systems given in this paper, we have preferred to give the simpler definitions from [17] which are sufficient for stating our problem. We will refer, without further justifications, to the model of [15] as extended intruder systems and extended constraint systems. The latter correspond to symbolic derivations in which a most general unifier of the unification system has been applied on the input/output messages.…”
Section: Intruder Deduction Systemsmentioning
confidence: 99%
“…In the following definition, we employ these simplifying hypotheses to introduce symbolic derivations, a recent model for secured Web services that we have proposed in [7]. We give here a definition parameterized by a deduction system D on a signature F. This deduction system defines computation rules that express how a new term can be constructed from an existing set of terms.…”
Section: A Formal Model For Secured Web Servicesmentioning
confidence: 99%
“…In their full generality, messages exchanged between Web services are XML documents adhering to a specified schema. These schemas permit one to define open-ended structures such as lists which are beyond the scope of existing tools, though decision procedures could in principle be implemented to take into account schemas or the XML format [7]. In this paper, we consider messages defined by terms over the signature:…”
Section: A Formal Model For Secured Web Servicesmentioning
confidence: 99%
See 2 more Smart Citations