Verified Reference Implementations of WS-Security Protocols

@inproceedings{Bhargavan2006VerifiedRI,
  title={Verified Reference Implementations of WS-Security Protocols},
  author={Karthikeyan Bhargavan and C{\'e}dric Fournet and Andrew D. Gordon},
  booktitle={WS-FM},
  year={2006}
}
We describe a new reference implementation of the web services security specifications. The implementation is structured as a library in the functional programming language F#. Applications written using this library can interoperate with other compliant web services, such as those written using Microsoft WSE and WCF frameworks. Moreover, the security of such applications can be automatically verified by translating them to the applied pi calculus and using an automated theorem prover. We… Expand
Verified Interoperable Implementations of Security Protocols
TLDR
The approach is developed for protocols written in F#, a dialect of ML, and verified by compilation to ProVerif a resolution-based theorem prover for cryptographic protocols, and illustrated with protocols for Web services security. Expand
Verified interoperable implementations of security protocols
TLDR
The approach is developed for protocols written in F#, a dialect of ML, and verified by compilation to ProVerif a resolution-based theorem prover for cryptographic protocols, and illustrated with protocols for Web services security. Expand
Provably correct Java implementations of Spi Calculus security protocols specifications
TLDR
A type system for the Spi Calculus and a translation function are formally defined, in order to formalize the refinement of a SpiCalculus specification into a Java implementation. Expand
Verifying policy-based web services security
TLDR
The architecture and implementation of tools that verify by invoking a theorem prover whether a set of policy files run by any number of senders and receivers correctly implements the goals of a link specification, in spite of active attackers are presented. Expand
Provably Correct Implementations of Services
TLDR
This work has defined a service oriented abstract machine, equipped with a formal structural semantics, that can be used to implement service specification formalisms, and uses this machine to implement different service oriented formalisms that have been recently proposed. Expand
Security protocols from the software verification perspective
We believe that it is important to verify not just the correctness of abstract security protocols, but also to verify the correctness of real implementations of security protocols. ConsiderableExpand
Formally based semi-automatic implementation of an open security protocol
TLDR
This case study demonstrates that the adopted model-driven approach is viable even for a real security protocol, despite the complexity of the models needed in order to achieve an interoperable implementation. Expand
Correctness-Preserving Translation from Spi Calculus to Java , Revision 3
Spi Calculus is an untyped high level modeling language for security protocols, used for formal protocols specification and verification. In this paper, a type system for the Spi Calculus and aExpand
Formal analysis of security protocols based on web services
TLDR
This thesis examines the use of multi-stack pushdown automata to model the behaviour and properties of Web services based cryptographic protocols and extends the Dolev-Yao intruder model to encompass attacks targeted specifically at Web services. Expand
Towards a Verified Reference Implementation of a Trusted Platform Module
TLDR
From this case study, it is concluded that recent advances in tools for verifying implementation code for cryptographic APIs are reaching the point where it is viable to develop verified reference implementations. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 31 REFERENCES
Verified Interoperable Implementations of Security Protocols
TLDR
The approach is developed for protocols written in F#, a dialect of ML, and verified by compilation to ProVerif a resolution-based theorem prover for cryptographic protocols, and illustrated with protocols for Web services security. Expand
TulaFale: A Security Tool for Web Services
TLDR
This work proposes a new specification language for writing complementary machine-checkable descriptions of SOAP-based security protocols and their properties called TulaFale, based on the pi calculus, plus XML syntax, logical predicates, and correspondence assertions to specify authentication goals of protocols. Expand
On the Relationship Between Web Services Security and Traditional Protocols
TLDR
This work provides a way for all the methods, and specifically Casper and FDR, that have been developed in the last decade by the theoretical community for the analysis of cryptographic protocols to be used for analysing WS-Security protocols. Expand
Web Services Security: a preliminary study using Casper and FDR
TLDR
It is shown how those messages can be mapped to Casper notation and therefore be analysed with FDR and two attacks on proposed protocols are shown. Expand
Automated verification of selected equivalences for security protocols
TLDR
This work focuses on proving equivalences P/spl ap/Q in which P and Q are two processes that differ only in the choice of some terms, and shows how to treat them as predicates on the behaviors of a process that represents P andQ at the same time. Expand
A semantics for web services authentication
TLDR
This work extends the usual XML data model with symbolic representations of cryptographic values and uses predicates on this data model to describe the semantics of security tokens and of sample protocols distributed with the Microsoft WSE implementation of WS-Security. Expand
Secure sessions for web services
TLDR
This work develops a semantics for the main mechanisms of WS-Trust and WS-SecureConversation, expressed as a library for TulaFale, a formal scripting language for security protocols, and automatically proves their main security properties. Expand
Validating a web service security abstraction by typing
TLDR
This work considers the problem of authenticating requests and responses at the SOAP-level, rather than relying on transport-level security, and proposes a security abstraction, inspired by earlier work on secure RPC, in which the methods exported by a web service are annotated with one of three security levels. Expand
A semantic model for authentication protocols
  • Thomas Y. C. Woo, S. Lam
  • Computer Science
  • Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy
  • 1993
TLDR
The authors specify authentication protocols as formal objects with precise syntax and semantics, and define a semantic model that characterizes protocol executions that underlie the correctness concerns of authentication protocols. Expand
Cryptographic Protocol Analysis on Real C Code
TLDR
This work describes how cryptographic protocol verification techniques based on solving clause sets can be applied to detect vulnerabilities of C programs in the Dolev-Yao model, statically. Expand
...
1
2
3
4
...