InforLorV4, Main, Exploration, bibRecord, 004B58

Towards an Automatic Analysis of Web Service Security

Identifieur interne : 004B58 ( Main/Exploration ); précédent : 004B57; suivant : 004B59

Towards an Automatic Analysis of Web Service Security

Auteurs : Yannick Chevalier [France] ; Denis Lugiez [France] ; Michaël Rusinowitch [France]

Source :

Lecture Notes in Computer Science [ 0302-9743 ]

RBID : ISTEX:D62ACB66375225AEF98334E05D4E4B3D76414155

English descriptors

mix :
- Security, Web services, combination of decision procedures, cryptographic protocols, equational theories, rewriting, verification.

Abstract

Abstract: Web services send and receive messages in XML syntax with some parts hashed, encrypted or signed, according to the WS-Security standard. In this paper we introduce a model to formally describe the protocols that underly these services, their security properties and the rewriting attacks they might be subject to. Unlike other protocol models (in symbolic analysis) ours can handle non-deterministic receive/send actions and unordered sequence of XML nodes. Then to detect the attacks we have to consider the services as combining multiset operators and cryptographic ones and we have to solve specific satisfiability problems in the combined theory. By non-trivial extension of the combination techniques of [3] we obtain a decision procedure for insecurity of Web services with messages built using encryption, signature, and other cryptographic primitives. This combination technique allows one to decide insecurity in a modular way by reducing the associated constraint solving problems to problems in simpler theories.

Url:

DOI: 10.1007/978-3-540-74621-8_9

Affiliations:

Le document en format XML

<record><TEI wicri:istexFullTextTei="biblStruct"><teiHeader><fileDesc><titleStmt><title xml:lang="en">Towards an Automatic Analysis of Web Service Security</title>
<author><name sortKey="Chevalier, Yannick" sort="Chevalier, Yannick" uniqKey="Chevalier Y" first="Yannick" last="Chevalier">Yannick Chevalier</name>
</author>
<author><name sortKey="Lugiez, Denis" sort="Lugiez, Denis" uniqKey="Lugiez D" first="Denis" last="Lugiez">Denis Lugiez</name>
</author>
<author><name sortKey="Rusinowitch, Michael" sort="Rusinowitch, Michael" uniqKey="Rusinowitch M" first="Michaël" last="Rusinowitch">Michaël Rusinowitch</name>
</author>
</titleStmt>
<publicationStmt><idno type="wicri:source">ISTEX</idno>
<idno type="RBID">ISTEX:D62ACB66375225AEF98334E05D4E4B3D76414155</idno>
<date when="2007" year="2007">2007</date>
<idno type="doi">10.1007/978-3-540-74621-8_9</idno>
<idno type="url">https://api.istex.fr/ark:/67375/HCB-BSPK7HJD-W/fulltext.pdf</idno>
<idno type="wicri:Area/Istex/Corpus">003310</idno>
<idno type="wicri:explorRef" wicri:stream="Istex" wicri:step="Corpus" wicri:corpus="ISTEX">003310</idno>
<idno type="wicri:Area/Istex/Curation">003268</idno>
<idno type="wicri:Area/Istex/Checkpoint">000F43</idno>
<idno type="wicri:explorRef" wicri:stream="Istex" wicri:step="Checkpoint">000F43</idno>
<idno type="wicri:doubleKey">0302-9743:2007:Chevalier Y:towards:an:automatic</idno>
<idno type="wicri:source">HAL</idno>
<idno type="RBID">Hal:inria-00557707</idno>
<idno type="url">https://hal.inria.fr/inria-00557707</idno>
<idno type="wicri:Area/Hal/Corpus">004E81</idno>
<idno type="wicri:Area/Hal/Curation">004E81</idno>
<idno type="wicri:Area/Hal/Checkpoint">003867</idno>
<idno type="wicri:explorRef" wicri:stream="Hal" wicri:step="Checkpoint">003867</idno>
<idno type="wicri:Area/Main/Merge">004C92</idno>
<idno type="wicri:Area/Main/Curation">004B58</idno>
<idno type="wicri:Area/Main/Exploration">004B58</idno>
</publicationStmt>
<sourceDesc><biblStruct><analytic><title level="a" type="main" xml:lang="en">Towards an Automatic Analysis of Web Service Security</title>
<author><name sortKey="Chevalier, Yannick" sort="Chevalier, Yannick" uniqKey="Chevalier Y" first="Yannick" last="Chevalier">Yannick Chevalier</name>
<affiliation wicri:level="1"><country xml:lang="fr">France</country>
<wicri:regionArea>IRIT, Team LiLac, Université de Toulouse</wicri:regionArea>
<wicri:noRegion>Université de Toulouse</wicri:noRegion>
<wicri:noRegion>Université de Toulouse</wicri:noRegion>
</affiliation>
<affiliation wicri:level="1"><country wicri:rule="url">France</country>
</affiliation>
</author>
<author><name sortKey="Lugiez, Denis" sort="Lugiez, Denis" uniqKey="Lugiez D" first="Denis" last="Lugiez">Denis Lugiez</name>
<affiliation wicri:level="4"><country xml:lang="fr">France</country>
<wicri:regionArea>LIF, CNRS, Aix-Marseille Université</wicri:regionArea>
<placeName><settlement type="city">Marseille</settlement>
<region type="region" nuts="2">Provence-Alpes-Côte d'Azur</region>
</placeName>
<orgName type="university">Université d'Aix-Marseille</orgName>
</affiliation>
<affiliation wicri:level="1"><country wicri:rule="url">France</country>
</affiliation>
</author>
<author><name sortKey="Rusinowitch, Michael" sort="Rusinowitch, Michael" uniqKey="Rusinowitch M" first="Michaël" last="Rusinowitch">Michaël Rusinowitch</name>
<affiliation wicri:level="1"><country xml:lang="fr">France</country>
<wicri:regionArea>LORIA-INRIA-Lorraine</wicri:regionArea>
</affiliation>
<affiliation wicri:level="1"><country wicri:rule="url">France</country>
</affiliation>
</author>
</analytic>
<monogr></monogr>
<series><title level="s" type="main" xml:lang="en">Lecture Notes in Computer Science</title>
<idno type="ISSN">0302-9743</idno>
<idno type="eISSN">1611-3349</idno>
<idno type="ISSN">0302-9743</idno>
</series>
</biblStruct>
</sourceDesc>
<seriesStmt><idno type="ISSN">0302-9743</idno>
</seriesStmt>
</fileDesc>
<profileDesc><textClass><keywords scheme="mix" xml:lang="en"><term>Security</term>
<term>Web services</term>
<term>combination of decision procedures</term>
<term>cryptographic protocols</term>
<term>equational theories</term>
<term>rewriting</term>
<term>verification</term>
</keywords>
</textClass>
</profileDesc>
</teiHeader>
<front><div type="abstract" xml:lang="en">Abstract: Web services send and receive messages in XML syntax with some parts hashed, encrypted or signed, according to the WS-Security standard. In this paper we introduce a model to formally describe the protocols that underly these services, their security properties and the rewriting attacks they might be subject to. Unlike other protocol models (in symbolic analysis) ours can handle non-deterministic receive/send actions and unordered sequence of XML nodes. Then to detect the attacks we have to consider the services as combining multiset operators and cryptographic ones and we have to solve specific satisfiability problems in the combined theory. By non-trivial extension of the combination techniques of [3] we obtain a decision procedure for insecurity of Web services with messages built using encryption, signature, and other cryptographic primitives. This combination technique allows one to decide insecurity in a modular way by reducing the associated constraint solving problems to problems in simpler theories.</div>
</front>
</TEI>
<affiliations><list><country><li>France</li>
</country>
<region><li>Provence-Alpes-Côte d'Azur</li>
</region>
<settlement><li>Marseille</li>
</settlement>
<orgName><li>Université d'Aix-Marseille</li>
</orgName>
</list>
<tree><country name="France"><noRegion><name sortKey="Chevalier, Yannick" sort="Chevalier, Yannick" uniqKey="Chevalier Y" first="Yannick" last="Chevalier">Yannick Chevalier</name>
</noRegion>
<name sortKey="Chevalier, Yannick" sort="Chevalier, Yannick" uniqKey="Chevalier Y" first="Yannick" last="Chevalier">Yannick Chevalier</name>
<name sortKey="Lugiez, Denis" sort="Lugiez, Denis" uniqKey="Lugiez D" first="Denis" last="Lugiez">Denis Lugiez</name>
<name sortKey="Lugiez, Denis" sort="Lugiez, Denis" uniqKey="Lugiez D" first="Denis" last="Lugiez">Denis Lugiez</name>
<name sortKey="Rusinowitch, Michael" sort="Rusinowitch, Michael" uniqKey="Rusinowitch M" first="Michaël" last="Rusinowitch">Michaël Rusinowitch</name>
<name sortKey="Rusinowitch, Michael" sort="Rusinowitch, Michael" uniqKey="Rusinowitch M" first="Michaël" last="Rusinowitch">Michaël Rusinowitch</name>
</country>
</tree>
</affiliations>
</record>

Pour manipuler ce document sous Unix (Dilib)

EXPLOR_STEP=$WICRI_ROOT/Wicri/Lorraine/explor/InforLorV4/Data/Main/Exploration

HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 004B58 | SxmlIndent | more

HfdSelect -h $EXPLOR_AREA/Data/Main/Exploration/biblio.hfd -nk 004B58 | SxmlIndent | more

Pour mettre un lien sur cette page dans le réseau Wicri

{{Explor lien
   |wiki=    Wicri/Lorraine
   |area=    InforLorV4
   |flux=    Main
   |étape=   Exploration
   |type=    RBID
   |clé=     ISTEX:D62ACB66375225AEF98334E05D4E4B3D76414155
   |texte=   Towards an Automatic Analysis of Web Service Security
}}

This area was generated with Dilib version V0.6.33.
Data generation: Mon Jun 10 21:56:28 2019. Site generation: Fri Feb 25 15:29:27 2022

Serveur d'exploration sur la recherche en informatique en Lorraine

Towards an Automatic Analysis of Web Service Security

Towards an Automatic Analysis of Web Service Security

Source :

English descriptors

Abstract

Links toward previous steps (curation, corpus...)

Le document en format XML

Pour manipuler ce document sous Unix (Dilib)

Pour mettre un lien sur cette page dans le réseau Wicri

	Serveur d'exploration sur la recherche en informatique en Lorraine
	Attention, ce site est en cours de développement ! Attention, site généré par des moyens informatiques à partir de corpus bruts. Les informations ne sont donc pas validées.