Towards an Automatic Analysis of Web Service Security
Identifieur interne : 004B58 ( Main/Exploration ); précédent : 004B57; suivant : 004B59Towards an Automatic Analysis of Web Service Security
Auteurs : Yannick Chevalier [France] ; Denis Lugiez [France] ; Michaël Rusinowitch [France]Source :
- Lecture Notes in Computer Science [ 0302-9743 ]
English descriptors
- mix :
Abstract
Abstract: Web services send and receive messages in XML syntax with some parts hashed, encrypted or signed, according to the WS-Security standard. In this paper we introduce a model to formally describe the protocols that underly these services, their security properties and the rewriting attacks they might be subject to. Unlike other protocol models (in symbolic analysis) ours can handle non-deterministic receive/send actions and unordered sequence of XML nodes. Then to detect the attacks we have to consider the services as combining multiset operators and cryptographic ones and we have to solve specific satisfiability problems in the combined theory. By non-trivial extension of the combination techniques of [3] we obtain a decision procedure for insecurity of Web services with messages built using encryption, signature, and other cryptographic primitives. This combination technique allows one to decide insecurity in a modular way by reducing the associated constraint solving problems to problems in simpler theories.
Url:
DOI: 10.1007/978-3-540-74621-8_9
Affiliations:
Links toward previous steps (curation, corpus...)
- to stream Istex, to step Corpus: 003310
- to stream Istex, to step Curation: 003268
- to stream Istex, to step Checkpoint: 000F43
- to stream Hal, to step Corpus: 004E81
- to stream Hal, to step Curation: 004E81
- to stream Hal, to step Checkpoint: 003867
- to stream Main, to step Merge: 004C92
- to stream Main, to step Curation: 004B58
Le document en format XML
<record><TEI wicri:istexFullTextTei="biblStruct"><teiHeader><fileDesc><titleStmt><title xml:lang="en">Towards an Automatic Analysis of Web Service Security</title>
<author><name sortKey="Chevalier, Yannick" sort="Chevalier, Yannick" uniqKey="Chevalier Y" first="Yannick" last="Chevalier">Yannick Chevalier</name>
</author>
<author><name sortKey="Lugiez, Denis" sort="Lugiez, Denis" uniqKey="Lugiez D" first="Denis" last="Lugiez">Denis Lugiez</name>
</author>
<author><name sortKey="Rusinowitch, Michael" sort="Rusinowitch, Michael" uniqKey="Rusinowitch M" first="Michaël" last="Rusinowitch">Michaël Rusinowitch</name>
</author>
</titleStmt>
<publicationStmt><idno type="wicri:source">ISTEX</idno>
<idno type="RBID">ISTEX:D62ACB66375225AEF98334E05D4E4B3D76414155</idno>
<date when="2007" year="2007">2007</date>
<idno type="doi">10.1007/978-3-540-74621-8_9</idno>
<idno type="url">https://api.istex.fr/ark:/67375/HCB-BSPK7HJD-W/fulltext.pdf</idno>
<idno type="wicri:Area/Istex/Corpus">003310</idno>
<idno type="wicri:explorRef" wicri:stream="Istex" wicri:step="Corpus" wicri:corpus="ISTEX">003310</idno>
<idno type="wicri:Area/Istex/Curation">003268</idno>
<idno type="wicri:Area/Istex/Checkpoint">000F43</idno>
<idno type="wicri:explorRef" wicri:stream="Istex" wicri:step="Checkpoint">000F43</idno>
<idno type="wicri:doubleKey">0302-9743:2007:Chevalier Y:towards:an:automatic</idno>
<idno type="wicri:source">HAL</idno>
<idno type="RBID">Hal:inria-00557707</idno>
<idno type="url">https://hal.inria.fr/inria-00557707</idno>
<idno type="wicri:Area/Hal/Corpus">004E81</idno>
<idno type="wicri:Area/Hal/Curation">004E81</idno>
<idno type="wicri:Area/Hal/Checkpoint">003867</idno>
<idno type="wicri:explorRef" wicri:stream="Hal" wicri:step="Checkpoint">003867</idno>
<idno type="wicri:Area/Main/Merge">004C92</idno>
<idno type="wicri:Area/Main/Curation">004B58</idno>
<idno type="wicri:Area/Main/Exploration">004B58</idno>
</publicationStmt>
<sourceDesc><biblStruct><analytic><title level="a" type="main" xml:lang="en">Towards an Automatic Analysis of Web Service Security</title>
<author><name sortKey="Chevalier, Yannick" sort="Chevalier, Yannick" uniqKey="Chevalier Y" first="Yannick" last="Chevalier">Yannick Chevalier</name>
<affiliation wicri:level="1"><country xml:lang="fr">France</country>
<wicri:regionArea>IRIT, Team LiLac, Université de Toulouse</wicri:regionArea>
<wicri:noRegion>Université de Toulouse</wicri:noRegion>
<wicri:noRegion>Université de Toulouse</wicri:noRegion>
</affiliation>
<affiliation wicri:level="1"><country wicri:rule="url">France</country>
</affiliation>
</author>
<author><name sortKey="Lugiez, Denis" sort="Lugiez, Denis" uniqKey="Lugiez D" first="Denis" last="Lugiez">Denis Lugiez</name>
<affiliation wicri:level="4"><country xml:lang="fr">France</country>
<wicri:regionArea>LIF, CNRS, Aix-Marseille Université</wicri:regionArea>
<placeName><settlement type="city">Marseille</settlement>
<region type="region" nuts="2">Provence-Alpes-Côte d'Azur</region>
</placeName>
<orgName type="university">Université d'Aix-Marseille</orgName>
</affiliation>
<affiliation wicri:level="1"><country wicri:rule="url">France</country>
</affiliation>
</author>
<author><name sortKey="Rusinowitch, Michael" sort="Rusinowitch, Michael" uniqKey="Rusinowitch M" first="Michaël" last="Rusinowitch">Michaël Rusinowitch</name>
<affiliation wicri:level="1"><country xml:lang="fr">France</country>
<wicri:regionArea>LORIA-INRIA-Lorraine</wicri:regionArea>
</affiliation>
<affiliation wicri:level="1"><country wicri:rule="url">France</country>
</affiliation>
</author>
</analytic>
<monogr></monogr>
<series><title level="s" type="main" xml:lang="en">Lecture Notes in Computer Science</title>
<idno type="ISSN">0302-9743</idno>
<idno type="eISSN">1611-3349</idno>
<idno type="ISSN">0302-9743</idno>
</series>
</biblStruct>
</sourceDesc>
<seriesStmt><idno type="ISSN">0302-9743</idno>
</seriesStmt>
</fileDesc>
<profileDesc><textClass><keywords scheme="mix" xml:lang="en"><term>Security</term>
<term>Web services</term>
<term>combination of decision procedures</term>
<term>cryptographic protocols</term>
<term>equational theories</term>
<term>rewriting</term>
<term>verification</term>
</keywords>
</textClass>
</profileDesc>
</teiHeader>
<front><div type="abstract" xml:lang="en">Abstract: Web services send and receive messages in XML syntax with some parts hashed, encrypted or signed, according to the WS-Security standard. In this paper we introduce a model to formally describe the protocols that underly these services, their security properties and the rewriting attacks they might be subject to. Unlike other protocol models (in symbolic analysis) ours can handle non-deterministic receive/send actions and unordered sequence of XML nodes. Then to detect the attacks we have to consider the services as combining multiset operators and cryptographic ones and we have to solve specific satisfiability problems in the combined theory. By non-trivial extension of the combination techniques of [3] we obtain a decision procedure for insecurity of Web services with messages built using encryption, signature, and other cryptographic primitives. This combination technique allows one to decide insecurity in a modular way by reducing the associated constraint solving problems to problems in simpler theories.</div>
</front>
</TEI>
<affiliations><list><country><li>France</li>
</country>
<region><li>Provence-Alpes-Côte d'Azur</li>
</region>
<settlement><li>Marseille</li>
</settlement>
<orgName><li>Université d'Aix-Marseille</li>
</orgName>
</list>
<tree><country name="France"><noRegion><name sortKey="Chevalier, Yannick" sort="Chevalier, Yannick" uniqKey="Chevalier Y" first="Yannick" last="Chevalier">Yannick Chevalier</name>
</noRegion>
<name sortKey="Chevalier, Yannick" sort="Chevalier, Yannick" uniqKey="Chevalier Y" first="Yannick" last="Chevalier">Yannick Chevalier</name>
<name sortKey="Lugiez, Denis" sort="Lugiez, Denis" uniqKey="Lugiez D" first="Denis" last="Lugiez">Denis Lugiez</name>
<name sortKey="Lugiez, Denis" sort="Lugiez, Denis" uniqKey="Lugiez D" first="Denis" last="Lugiez">Denis Lugiez</name>
<name sortKey="Rusinowitch, Michael" sort="Rusinowitch, Michael" uniqKey="Rusinowitch M" first="Michaël" last="Rusinowitch">Michaël Rusinowitch</name>
<name sortKey="Rusinowitch, Michael" sort="Rusinowitch, Michael" uniqKey="Rusinowitch M" first="Michaël" last="Rusinowitch">Michaël Rusinowitch</name>
</country>
</tree>
</affiliations>
</record>
Pour manipuler ce document sous Unix (Dilib)
EXPLOR_STEP=$WICRI_ROOT/Wicri/Lorraine/explor/InforLorV4/Data/Main/Exploration
HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 004B58 | SxmlIndent | more
Ou
HfdSelect -h $EXPLOR_AREA/Data/Main/Exploration/biblio.hfd -nk 004B58 | SxmlIndent | more
Pour mettre un lien sur cette page dans le réseau Wicri
{{Explor lien |wiki= Wicri/Lorraine |area= InforLorV4 |flux= Main |étape= Exploration |type= RBID |clé= ISTEX:D62ACB66375225AEF98334E05D4E4B3D76414155 |texte= Towards an Automatic Analysis of Web Service Security }}
This area was generated with Dilib version V0.6.33. |