InforLorV4, Main, Exploration, bibRecord, 004E20

Toward an Automatic Analysis of Web Service Security

Identifieur interne : 004E20 ( Main/Exploration ); précédent : 004E19; suivant : 004E21

Toward an Automatic Analysis of Web Service Security

Auteurs : Yannick Chevalier [France] ; Denis Lugiez [France] ; Michael Rusinowitch [France]

Source :

RBID : Hal:inria-00133996

English descriptors

mix :
- Security, combination of decision procedures, cryptographic protocols, equational theories, rewriting, web services.

Abstract

Web services send and receive messages in XML syntax with some parts hashed, encrypted or signed, according to the WS-Security standard. In this paper we introduce a model to formally describe the protocols that underly these services, their security properties and the rewriting attacks they might be subject to. Unlike with usual security protocols, we have to address here the facts that: (1) The Web service receive/send actions are nondeterministic to accommodate the XML format and the lack of normalization in parsing XML messages. Our model is designed to permit non-deterministic operations. (2) The Web service message format is better modelled with multiset constructors than with fixed arity symbols. Hence we had to introduce an attacker model that handles associativecommutative operators. In particular we present a decision procedure for insecurity of Web services with messages built using encryption, signature, and other cryptographic primitives.

Url:

https://hal.inria.fr/inria-00133996

Affiliations:

Links toward previous steps (curation, corpus...)

to stream Hal, to step Corpus: 004D99
to stream Hal, to step Curation: 004D99
to stream Hal, to step Checkpoint: 003C60
to stream Main, to step Merge: 004F71
to stream Main, to step Curation: 004E20

Le document en format XML

<record><TEI><teiHeader><fileDesc><titleStmt><title xml:lang="en">Toward an Automatic Analysis of Web Service Security</title>
<author><name sortKey="Chevalier, Yannick" sort="Chevalier, Yannick" uniqKey="Chevalier Y" first="Yannick" last="Chevalier">Yannick Chevalier</name>
<affiliation wicri:level="1"><hal:affiliation type="laboratory" xml:id="struct-34499" status="VALID"><orgName>Institut de recherche en informatique de Toulouse</orgName>
<orgName type="acronym">IRIT</orgName>
<desc><address><addrLine>118 Route de Narbonne, F-31062 Toulouse Cedex 9</addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.irit.fr/</ref>
</desc>
<listRelation><relation active="#struct-5030" type="direct"></relation>
<relation active="#struct-81148" type="direct"></relation>
<relation active="#struct-116256" type="direct"></relation>
<relation active="#struct-217752" type="direct"></relation>
<relation name="UMR5505" active="#struct-441569" type="direct"></relation>
</listRelation>
<tutelles><tutelle active="#struct-5030" type="direct"><org type="institution" xml:id="struct-5030" status="VALID"><orgName>Institut National Polytechnique [Toulouse]</orgName>
<orgName type="acronym">INP</orgName>
<desc><address><addrLine>6 allée Émile Monso - BP 34038 - 31029 Toulouse cedex 4</addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.inp-toulouse.fr/</ref>
</desc>
</org>
</tutelle>
<tutelle active="#struct-81148" type="direct"><org type="institution" xml:id="struct-81148" status="VALID"><orgName>Université Toulouse 1 Capitole</orgName>
<orgName type="acronym">UT1</orgName>
<desc><address><addrLine>2 rue du Doyen-Gabriel-Marty - 31042 Toulouse Cedex 9 </addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.ut-capitole.fr/</ref>
</desc>
</org>
</tutelle>
<tutelle active="#struct-116256" type="direct"><org type="institution" xml:id="struct-116256" status="VALID"><idno type="IdRef">026403994</idno>
<orgName>Université Toulouse 2</orgName>
<orgName type="acronym">UT2</orgName>
<date type="start">1971-01-01</date>
<desc><address><addrLine>5 allées Antonio Machado - 31058 Toulouse Cedex 9 </addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.univ-tlse2.fr</ref>
</desc>
</org>
</tutelle>
<tutelle active="#struct-217752" type="direct"><org type="institution" xml:id="struct-217752" status="VALID"><orgName>Université Paul Sabatier - Toulouse 3</orgName>
<orgName type="acronym">UPS</orgName>
<desc><address><addrLine>118 route de Narbonne - 31062 Toulouse</addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.univ-tlse3.fr/</ref>
</desc>
</org>
</tutelle>
<tutelle name="UMR5505" active="#struct-441569" type="direct"><org type="institution" xml:id="struct-441569" status="VALID"><idno type="ISNI">0000000122597504</idno>
<idno type="IdRef">02636817X</idno>
<orgName>Centre National de la Recherche Scientifique</orgName>
<orgName type="acronym">CNRS</orgName>
<date type="start">1939-10-19</date>
<desc><address><country key="FR"></country>
</address>
<ref type="url">http://www.cnrs.fr/</ref>
</desc>
</org>
</tutelle>
</tutelles>
</hal:affiliation>
<country>France</country>
</affiliation>
</author>
<author><name sortKey="Lugiez, Denis" sort="Lugiez, Denis" uniqKey="Lugiez D" first="Denis" last="Lugiez">Denis Lugiez</name>
<affiliation wicri:level="1"><hal:affiliation type="laboratory" xml:id="struct-862" status="OLD"><orgName>Laboratoire d'informatique Fondamentale de Marseille</orgName>
<orgName type="acronym">LIF</orgName>
<desc><address><addrLine>CMI 39, Rue Joliot Curie 13453 MARSEILLE CEDEX 13</addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.lif.univ-mrs.fr/</ref>
</desc>
<listRelation><relation active="#struct-5033" type="direct"></relation>
<relation active="#struct-92823" type="direct"></relation>
<relation name="UMR6166" active="#struct-441569" type="direct"></relation>
</listRelation>
<tutelles><tutelle active="#struct-5033" type="direct"><org type="institution" xml:id="struct-5033" status="OLD"><idno type="IdRef">026402882</idno>
<orgName>Université de la Méditerranée - Aix-Marseille 2</orgName>
<date type="start">1969</date>
<date type="end">2011</date>
<desc><address><addrLine>58, boulevard Charles Livon - 13284 Marseille cedex 07</addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.univmed.fr/</ref>
</desc>
</org>
</tutelle>
<tutelle active="#struct-92823" type="direct"><org type="institution" xml:id="struct-92823" status="OLD"><idno type="IdRef">026403781</idno>
<orgName>Université de Provence - Aix-Marseille 1</orgName>
<date type="end">2011</date>
<desc><address><addrLine>3, place Victor Hugo - 13331 Marseille Cedex 03</addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.univ-provence.fr/</ref>
</desc>
</org>
</tutelle>
<tutelle name="UMR6166" active="#struct-441569" type="direct"><org type="institution" xml:id="struct-441569" status="VALID"><idno type="ISNI">0000000122597504</idno>
<idno type="IdRef">02636817X</idno>
<orgName>Centre National de la Recherche Scientifique</orgName>
<orgName type="acronym">CNRS</orgName>
<date type="start">1939-10-19</date>
<desc><address><country key="FR"></country>
</address>
<ref type="url">http://www.cnrs.fr/</ref>
</desc>
</org>
</tutelle>
</tutelles>
</hal:affiliation>
<country>France</country>
</affiliation>
</author>
<author><name sortKey="Rusinowitch, Michael" sort="Rusinowitch, Michael" uniqKey="Rusinowitch M" first="Michael" last="Rusinowitch">Michael Rusinowitch</name>
<affiliation wicri:level="1"><hal:affiliation type="researchteam" xml:id="struct-2366" status="OLD"><idno type="RNSR">200318302K</idno>
<orgName>Combination of approaches to the security of infinite states systems</orgName>
<orgName type="acronym">CASSIS</orgName>
<desc><address><country key="FR"></country>
</address>
<ref type="url">http://www.inria.fr/equipes/cassis</ref>
</desc>
<listRelation><relation active="#struct-160" type="direct"></relation>
<relation name="UMR7503" active="#struct-441569" type="indirect"></relation>
<relation active="#struct-300009" type="indirect"></relation>
<relation active="#struct-300291" type="indirect"></relation>
<relation active="#struct-300292" type="indirect"></relation>
<relation active="#struct-300293" type="indirect"></relation>
<relation active="#struct-866" type="direct"></relation>
<relation active="#struct-242365" type="indirect"></relation>
<relation active="#struct-300261" type="indirect"></relation>
<relation active="#struct-300360" type="indirect"></relation>
<relation name="UMR6174" active="#struct-441569" type="indirect"></relation>
<relation active="#struct-2496" type="direct"></relation>
</listRelation>
<tutelles><tutelle active="#struct-160" type="direct"><org type="laboratory" xml:id="struct-160" status="OLD"><orgName>Laboratoire Lorrain de Recherche en Informatique et ses Applications</orgName>
<orgName type="acronym">LORIA</orgName>
<desc><address><addrLine>Campus Scientifique BP 239 54506 Vandoeuvre-lès-Nancy Cedex</addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.loria.fr</ref>
</desc>
<listRelation><relation name="UMR7503" active="#struct-441569" type="direct"></relation>
<relation active="#struct-300009" type="direct"></relation>
<relation active="#struct-300291" type="direct"></relation>
<relation active="#struct-300292" type="direct"></relation>
<relation active="#struct-300293" type="direct"></relation>
</listRelation>
</org>
</tutelle>
<tutelle name="UMR7503" active="#struct-441569" type="indirect"><org type="institution" xml:id="struct-441569" status="VALID"><idno type="ISNI">0000000122597504</idno>
<idno type="IdRef">02636817X</idno>
<orgName>Centre National de la Recherche Scientifique</orgName>
<orgName type="acronym">CNRS</orgName>
<date type="start">1939-10-19</date>
<desc><address><country key="FR"></country>
</address>
<ref type="url">http://www.cnrs.fr/</ref>
</desc>
</org>
</tutelle>
<tutelle active="#struct-300009" type="indirect"><org type="institution" xml:id="struct-300009" status="VALID"><orgName>Institut National de Recherche en Informatique et en Automatique</orgName>
<orgName type="acronym">Inria</orgName>
<desc><address><addrLine>Domaine de VoluceauRocquencourt - BP 10578153 Le Chesnay Cedex</addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.inria.fr/en/</ref>
</desc>
</org>
</tutelle>
<tutelle active="#struct-300291" type="indirect"><org type="institution" xml:id="struct-300291" status="OLD"><orgName>Université Henri Poincaré - Nancy 1</orgName>
<orgName type="acronym">UHP</orgName>
<date type="end">2011-12-31</date>
<desc><address><addrLine>24-30 rue Lionnois, BP 60120, 54 003 NANCY cedex, France</addrLine>
<country key="FR"></country>
</address>
</desc>
</org>
</tutelle>
<tutelle active="#struct-300292" type="indirect"><org type="institution" xml:id="struct-300292" status="OLD"><orgName>Université Nancy 2</orgName>
<date type="end">2011-12-31</date>
<desc><address><addrLine>91 avenue de la Libération, BP 454, 54001 Nancy cedex</addrLine>
<country key="FR"></country>
</address>
</desc>
</org>
</tutelle>
<tutelle active="#struct-300293" type="indirect"><org type="institution" xml:id="struct-300293" status="OLD"><orgName>Institut National Polytechnique de Lorraine</orgName>
<orgName type="acronym">INPL</orgName>
<date type="end">2011-12-31</date>
<desc><address><country key="FR"></country>
</address>
</desc>
</org>
</tutelle>
<tutelle active="#struct-866" type="direct"><org type="laboratory" xml:id="struct-866" status="VALID"><idno type="IdRef">152639071</idno>
<idno type="RNSR">200412232H</idno>
<orgName>Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies</orgName>
<orgName type="acronym">FEMTO-ST</orgName>
<desc><address><addrLine>32 avenue de l'Observatoire 25044 BESANCON CEDEX</addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.femto-st.fr</ref>
</desc>
<listRelation><relation active="#struct-242365" type="direct"></relation>
<relation active="#struct-300261" type="direct"></relation>
<relation active="#struct-300360" type="direct"></relation>
<relation name="UMR6174" active="#struct-441569" type="direct"></relation>
</listRelation>
</org>
</tutelle>
<tutelle active="#struct-242365" type="indirect"><org type="institution" xml:id="struct-242365" status="VALID"><idno type="IdRef">026403188</idno>
<idno type="ISNI">0000 0001 2188 3779 </idno>
<orgName>Université de Franche-Comté</orgName>
<orgName type="acronym">UFC</orgName>
<desc><address><country key="FR"></country>
</address>
<ref type="url">http://www.univ-fcomte.fr</ref>
</desc>
</org>
</tutelle>
<tutelle active="#struct-300261" type="indirect"><org type="institution" xml:id="struct-300261" status="VALID"><orgName>Université de Technologie de Belfort-Montbeliard</orgName>
<orgName type="acronym">UTBM</orgName>
<desc><address><country key="FR"></country>
</address>
</desc>
</org>
</tutelle>
<tutelle active="#struct-300360" type="indirect"><org type="institution" xml:id="struct-300360" status="VALID"><orgName>Ecole Nationale Supérieure de Mécanique et des Microtechniques</orgName>
<orgName type="acronym">ENSMM</orgName>
<desc><address><country key="FR"></country>
</address>
</desc>
</org>
</tutelle>
<tutelle name="UMR6174" active="#struct-441569" type="indirect"><org type="institution" xml:id="struct-441569" status="VALID"><idno type="ISNI">0000000122597504</idno>
<idno type="IdRef">02636817X</idno>
<orgName>Centre National de la Recherche Scientifique</orgName>
<orgName type="acronym">CNRS</orgName>
<date type="start">1939-10-19</date>
<desc><address><country key="FR"></country>
</address>
<ref type="url">http://www.cnrs.fr/</ref>
</desc>
</org>
</tutelle>
<tutelle active="#struct-2496" type="direct"><org type="laboratory" xml:id="struct-2496" status="OLD"><orgName>INRIA Lorraine</orgName>
<desc><address><addrLine>615 rue du Jardin Botanique 54600 Villers-lès-Nancy</addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.inria.fr/centre-de-recherche-inria/nancy-grand-est</ref>
</desc>
<listRelation><relation active="#struct-300009" type="direct"></relation>
</listRelation>
</org>
</tutelle>
</tutelles>
</hal:affiliation>
<country>France</country>
<placeName><settlement type="city">Nancy</settlement>
<region type="region" nuts="2">Grand Est</region>
<region type="old region" nuts="2">Lorraine (région)</region>
</placeName>
<orgName type="university">Université Nancy 2</orgName>
<orgName type="institution" wicri:auto="newGroup">Université de Lorraine</orgName>
<placeName><settlement type="city">Nancy</settlement>
<region type="region" nuts="2">Grand Est</region>
<region type="old region" nuts="2">Lorraine (région)</region>
</placeName>
<orgName type="university">Institut national polytechnique de Lorraine</orgName>
<orgName type="institution" wicri:auto="newGroup">Université de Lorraine</orgName>
<placeName><settlement type="city" wicri:auto="siege">Besançon</settlement>
<region type="region" nuts="2">Franche-Comté</region>
</placeName>
<orgName type="university">Université de Franche-Comté</orgName>
<orgName type="institution" wicri:auto="newGroup">Université de Bourgogne Franche-Comté</orgName>
<placeName><settlement type="city" wicri:auto="siege">Belfort</settlement>
<region type="region" nuts="2">Franche-Comté</region>
</placeName>
<orgName type="university">Université de technologie de Belfort-Montbéliard</orgName>
</affiliation>
</author>
</titleStmt>
<publicationStmt><idno type="wicri:source">HAL</idno>
<idno type="RBID">Hal:inria-00133996</idno>
<idno type="halId">inria-00133996</idno>
<idno type="halUri">https://hal.inria.fr/inria-00133996</idno>
<idno type="url">https://hal.inria.fr/inria-00133996</idno>
<date when="2007">2007</date>
<idno type="wicri:Area/Hal/Corpus">004D99</idno>
<idno type="wicri:Area/Hal/Curation">004D99</idno>
<idno type="wicri:Area/Hal/Checkpoint">003C60</idno>
<idno type="wicri:explorRef" wicri:stream="Hal" wicri:step="Checkpoint">003C60</idno>
<idno type="wicri:Area/Main/Merge">004F71</idno>
<idno type="wicri:Area/Main/Curation">004E20</idno>
<idno type="wicri:Area/Main/Exploration">004E20</idno>
</publicationStmt>
<sourceDesc><biblStruct><analytic><title xml:lang="en">Toward an Automatic Analysis of Web Service Security</title>
<author><name sortKey="Chevalier, Yannick" sort="Chevalier, Yannick" uniqKey="Chevalier Y" first="Yannick" last="Chevalier">Yannick Chevalier</name>
<affiliation wicri:level="1"><hal:affiliation type="laboratory" xml:id="struct-34499" status="VALID"><orgName>Institut de recherche en informatique de Toulouse</orgName>
<orgName type="acronym">IRIT</orgName>
<desc><address><addrLine>118 Route de Narbonne, F-31062 Toulouse Cedex 9</addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.irit.fr/</ref>
</desc>
<listRelation><relation active="#struct-5030" type="direct"></relation>
<relation active="#struct-81148" type="direct"></relation>
<relation active="#struct-116256" type="direct"></relation>
<relation active="#struct-217752" type="direct"></relation>
<relation name="UMR5505" active="#struct-441569" type="direct"></relation>
</listRelation>
<tutelles><tutelle active="#struct-5030" type="direct"><org type="institution" xml:id="struct-5030" status="VALID"><orgName>Institut National Polytechnique [Toulouse]</orgName>
<orgName type="acronym">INP</orgName>
<desc><address><addrLine>6 allée Émile Monso - BP 34038 - 31029 Toulouse cedex 4</addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.inp-toulouse.fr/</ref>
</desc>
</org>
</tutelle>
<tutelle active="#struct-81148" type="direct"><org type="institution" xml:id="struct-81148" status="VALID"><orgName>Université Toulouse 1 Capitole</orgName>
<orgName type="acronym">UT1</orgName>
<desc><address><addrLine>2 rue du Doyen-Gabriel-Marty - 31042 Toulouse Cedex 9 </addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.ut-capitole.fr/</ref>
</desc>
</org>
</tutelle>
<tutelle active="#struct-116256" type="direct"><org type="institution" xml:id="struct-116256" status="VALID"><idno type="IdRef">026403994</idno>
<orgName>Université Toulouse 2</orgName>
<orgName type="acronym">UT2</orgName>
<date type="start">1971-01-01</date>
<desc><address><addrLine>5 allées Antonio Machado - 31058 Toulouse Cedex 9 </addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.univ-tlse2.fr</ref>
</desc>
</org>
</tutelle>
<tutelle active="#struct-217752" type="direct"><org type="institution" xml:id="struct-217752" status="VALID"><orgName>Université Paul Sabatier - Toulouse 3</orgName>
<orgName type="acronym">UPS</orgName>
<desc><address><addrLine>118 route de Narbonne - 31062 Toulouse</addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.univ-tlse3.fr/</ref>
</desc>
</org>
</tutelle>
<tutelle name="UMR5505" active="#struct-441569" type="direct"><org type="institution" xml:id="struct-441569" status="VALID"><idno type="ISNI">0000000122597504</idno>
<idno type="IdRef">02636817X</idno>
<orgName>Centre National de la Recherche Scientifique</orgName>
<orgName type="acronym">CNRS</orgName>
<date type="start">1939-10-19</date>
<desc><address><country key="FR"></country>
</address>
<ref type="url">http://www.cnrs.fr/</ref>
</desc>
</org>
</tutelle>
</tutelles>
</hal:affiliation>
<country>France</country>
</affiliation>
</author>
<author><name sortKey="Lugiez, Denis" sort="Lugiez, Denis" uniqKey="Lugiez D" first="Denis" last="Lugiez">Denis Lugiez</name>
<affiliation wicri:level="1"><hal:affiliation type="laboratory" xml:id="struct-862" status="OLD"><orgName>Laboratoire d'informatique Fondamentale de Marseille</orgName>
<orgName type="acronym">LIF</orgName>
<desc><address><addrLine>CMI 39, Rue Joliot Curie 13453 MARSEILLE CEDEX 13</addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.lif.univ-mrs.fr/</ref>
</desc>
<listRelation><relation active="#struct-5033" type="direct"></relation>
<relation active="#struct-92823" type="direct"></relation>
<relation name="UMR6166" active="#struct-441569" type="direct"></relation>
</listRelation>
<tutelles><tutelle active="#struct-5033" type="direct"><org type="institution" xml:id="struct-5033" status="OLD"><idno type="IdRef">026402882</idno>
<orgName>Université de la Méditerranée - Aix-Marseille 2</orgName>
<date type="start">1969</date>
<date type="end">2011</date>
<desc><address><addrLine>58, boulevard Charles Livon - 13284 Marseille cedex 07</addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.univmed.fr/</ref>
</desc>
</org>
</tutelle>
<tutelle active="#struct-92823" type="direct"><org type="institution" xml:id="struct-92823" status="OLD"><idno type="IdRef">026403781</idno>
<orgName>Université de Provence - Aix-Marseille 1</orgName>
<date type="end">2011</date>
<desc><address><addrLine>3, place Victor Hugo - 13331 Marseille Cedex 03</addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.univ-provence.fr/</ref>
</desc>
</org>
</tutelle>
<tutelle name="UMR6166" active="#struct-441569" type="direct"><org type="institution" xml:id="struct-441569" status="VALID"><idno type="ISNI">0000000122597504</idno>
<idno type="IdRef">02636817X</idno>
<orgName>Centre National de la Recherche Scientifique</orgName>
<orgName type="acronym">CNRS</orgName>
<date type="start">1939-10-19</date>
<desc><address><country key="FR"></country>
</address>
<ref type="url">http://www.cnrs.fr/</ref>
</desc>
</org>
</tutelle>
</tutelles>
</hal:affiliation>
<country>France</country>
</affiliation>
</author>
<author><name sortKey="Rusinowitch, Michael" sort="Rusinowitch, Michael" uniqKey="Rusinowitch M" first="Michael" last="Rusinowitch">Michael Rusinowitch</name>
<affiliation wicri:level="1"><hal:affiliation type="researchteam" xml:id="struct-2366" status="OLD"><idno type="RNSR">200318302K</idno>
<orgName>Combination of approaches to the security of infinite states systems</orgName>
<orgName type="acronym">CASSIS</orgName>
<desc><address><country key="FR"></country>
</address>
<ref type="url">http://www.inria.fr/equipes/cassis</ref>
</desc>
<listRelation><relation active="#struct-160" type="direct"></relation>
<relation name="UMR7503" active="#struct-441569" type="indirect"></relation>
<relation active="#struct-300009" type="indirect"></relation>
<relation active="#struct-300291" type="indirect"></relation>
<relation active="#struct-300292" type="indirect"></relation>
<relation active="#struct-300293" type="indirect"></relation>
<relation active="#struct-866" type="direct"></relation>
<relation active="#struct-242365" type="indirect"></relation>
<relation active="#struct-300261" type="indirect"></relation>
<relation active="#struct-300360" type="indirect"></relation>
<relation name="UMR6174" active="#struct-441569" type="indirect"></relation>
<relation active="#struct-2496" type="direct"></relation>
</listRelation>
<tutelles><tutelle active="#struct-160" type="direct"><org type="laboratory" xml:id="struct-160" status="OLD"><orgName>Laboratoire Lorrain de Recherche en Informatique et ses Applications</orgName>
<orgName type="acronym">LORIA</orgName>
<desc><address><addrLine>Campus Scientifique BP 239 54506 Vandoeuvre-lès-Nancy Cedex</addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.loria.fr</ref>
</desc>
<listRelation><relation name="UMR7503" active="#struct-441569" type="direct"></relation>
<relation active="#struct-300009" type="direct"></relation>
<relation active="#struct-300291" type="direct"></relation>
<relation active="#struct-300292" type="direct"></relation>
<relation active="#struct-300293" type="direct"></relation>
</listRelation>
</org>
</tutelle>
<tutelle name="UMR7503" active="#struct-441569" type="indirect"><org type="institution" xml:id="struct-441569" status="VALID"><idno type="ISNI">0000000122597504</idno>
<idno type="IdRef">02636817X</idno>
<orgName>Centre National de la Recherche Scientifique</orgName>
<orgName type="acronym">CNRS</orgName>
<date type="start">1939-10-19</date>
<desc><address><country key="FR"></country>
</address>
<ref type="url">http://www.cnrs.fr/</ref>
</desc>
</org>
</tutelle>
<tutelle active="#struct-300009" type="indirect"><org type="institution" xml:id="struct-300009" status="VALID"><orgName>Institut National de Recherche en Informatique et en Automatique</orgName>
<orgName type="acronym">Inria</orgName>
<desc><address><addrLine>Domaine de VoluceauRocquencourt - BP 10578153 Le Chesnay Cedex</addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.inria.fr/en/</ref>
</desc>
</org>
</tutelle>
<tutelle active="#struct-300291" type="indirect"><org type="institution" xml:id="struct-300291" status="OLD"><orgName>Université Henri Poincaré - Nancy 1</orgName>
<orgName type="acronym">UHP</orgName>
<date type="end">2011-12-31</date>
<desc><address><addrLine>24-30 rue Lionnois, BP 60120, 54 003 NANCY cedex, France</addrLine>
<country key="FR"></country>
</address>
</desc>
</org>
</tutelle>
<tutelle active="#struct-300292" type="indirect"><org type="institution" xml:id="struct-300292" status="OLD"><orgName>Université Nancy 2</orgName>
<date type="end">2011-12-31</date>
<desc><address><addrLine>91 avenue de la Libération, BP 454, 54001 Nancy cedex</addrLine>
<country key="FR"></country>
</address>
</desc>
</org>
</tutelle>
<tutelle active="#struct-300293" type="indirect"><org type="institution" xml:id="struct-300293" status="OLD"><orgName>Institut National Polytechnique de Lorraine</orgName>
<orgName type="acronym">INPL</orgName>
<date type="end">2011-12-31</date>
<desc><address><country key="FR"></country>
</address>
</desc>
</org>
</tutelle>
<tutelle active="#struct-866" type="direct"><org type="laboratory" xml:id="struct-866" status="VALID"><idno type="IdRef">152639071</idno>
<idno type="RNSR">200412232H</idno>
<orgName>Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies</orgName>
<orgName type="acronym">FEMTO-ST</orgName>
<desc><address><addrLine>32 avenue de l'Observatoire 25044 BESANCON CEDEX</addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.femto-st.fr</ref>
</desc>
<listRelation><relation active="#struct-242365" type="direct"></relation>
<relation active="#struct-300261" type="direct"></relation>
<relation active="#struct-300360" type="direct"></relation>
<relation name="UMR6174" active="#struct-441569" type="direct"></relation>
</listRelation>
</org>
</tutelle>
<tutelle active="#struct-242365" type="indirect"><org type="institution" xml:id="struct-242365" status="VALID"><idno type="IdRef">026403188</idno>
<idno type="ISNI">0000 0001 2188 3779 </idno>
<orgName>Université de Franche-Comté</orgName>
<orgName type="acronym">UFC</orgName>
<desc><address><country key="FR"></country>
</address>
<ref type="url">http://www.univ-fcomte.fr</ref>
</desc>
</org>
</tutelle>
<tutelle active="#struct-300261" type="indirect"><org type="institution" xml:id="struct-300261" status="VALID"><orgName>Université de Technologie de Belfort-Montbeliard</orgName>
<orgName type="acronym">UTBM</orgName>
<desc><address><country key="FR"></country>
</address>
</desc>
</org>
</tutelle>
<tutelle active="#struct-300360" type="indirect"><org type="institution" xml:id="struct-300360" status="VALID"><orgName>Ecole Nationale Supérieure de Mécanique et des Microtechniques</orgName>
<orgName type="acronym">ENSMM</orgName>
<desc><address><country key="FR"></country>
</address>
</desc>
</org>
</tutelle>
<tutelle name="UMR6174" active="#struct-441569" type="indirect"><org type="institution" xml:id="struct-441569" status="VALID"><idno type="ISNI">0000000122597504</idno>
<idno type="IdRef">02636817X</idno>
<orgName>Centre National de la Recherche Scientifique</orgName>
<orgName type="acronym">CNRS</orgName>
<date type="start">1939-10-19</date>
<desc><address><country key="FR"></country>
</address>
<ref type="url">http://www.cnrs.fr/</ref>
</desc>
</org>
</tutelle>
<tutelle active="#struct-2496" type="direct"><org type="laboratory" xml:id="struct-2496" status="OLD"><orgName>INRIA Lorraine</orgName>
<desc><address><addrLine>615 rue du Jardin Botanique 54600 Villers-lès-Nancy</addrLine>
<country key="FR"></country>
</address>
<ref type="url">http://www.inria.fr/centre-de-recherche-inria/nancy-grand-est</ref>
</desc>
<listRelation><relation active="#struct-300009" type="direct"></relation>
</listRelation>
</org>
</tutelle>
</tutelles>
</hal:affiliation>
<country>France</country>
<placeName><settlement type="city">Nancy</settlement>
<region type="region" nuts="2">Grand Est</region>
<region type="old region" nuts="2">Lorraine (région)</region>
</placeName>
<orgName type="university">Université Nancy 2</orgName>
<orgName type="institution" wicri:auto="newGroup">Université de Lorraine</orgName>
<placeName><settlement type="city">Nancy</settlement>
<region type="region" nuts="2">Grand Est</region>
<region type="old region" nuts="2">Lorraine (région)</region>
</placeName>
<orgName type="university">Institut national polytechnique de Lorraine</orgName>
<orgName type="institution" wicri:auto="newGroup">Université de Lorraine</orgName>
<placeName><settlement type="city" wicri:auto="siege">Besançon</settlement>
<region type="region" nuts="2">Franche-Comté</region>
</placeName>
<orgName type="university">Université de Franche-Comté</orgName>
<orgName type="institution" wicri:auto="newGroup">Université de Bourgogne Franche-Comté</orgName>
<placeName><settlement type="city" wicri:auto="siege">Belfort</settlement>
<region type="region" nuts="2">Franche-Comté</region>
</placeName>
<orgName type="university">Université de technologie de Belfort-Montbéliard</orgName>
</affiliation>
</author>
</analytic>
</biblStruct>
</sourceDesc>
</fileDesc>
<profileDesc><textClass><keywords scheme="mix" xml:lang="en"><term>Security</term>
<term>combination of decision procedures</term>
<term>cryptographic protocols</term>
<term>equational theories</term>
<term>rewriting</term>
<term>web services</term>
</keywords>
</textClass>
</profileDesc>
</teiHeader>
<front><div type="abstract" xml:lang="en">Web services send and receive messages in XML syntax with some parts hashed, encrypted or signed, according to the WS-Security standard. In this paper we introduce a model to formally describe the protocols that underly these services, their security properties and the rewriting attacks they might be subject to. Unlike with usual security protocols, we have to address here the facts that: (1) The Web service receive/send actions are nondeterministic to accommodate the XML format and the lack of normalization in parsing XML messages. Our model is designed to permit non-deterministic operations. (2) The Web service message format is better modelled with multiset constructors than with fixed arity symbols. Hence we had to introduce an attacker model that handles associativecommutative operators. In particular we present a decision procedure for insecurity of Web services with messages built using encryption, signature, and other cryptographic primitives.</div>
</front>
</TEI>
<affiliations><list><country><li>France</li>
</country>
<region><li>Franche-Comté</li>
<li>Grand Est</li>
<li>Lorraine (région)</li>
</region>
<settlement><li>Belfort</li>
<li>Besançon</li>
<li>Nancy</li>
</settlement>
<orgName><li>Institut national polytechnique de Lorraine</li>
<li>Université Nancy 2</li>
<li>Université de Bourgogne Franche-Comté</li>
<li>Université de Franche-Comté</li>
<li>Université de Lorraine</li>
<li>Université de technologie de Belfort-Montbéliard</li>
</orgName>
</list>
<tree><country name="France"><noRegion><name sortKey="Chevalier, Yannick" sort="Chevalier, Yannick" uniqKey="Chevalier Y" first="Yannick" last="Chevalier">Yannick Chevalier</name>
</noRegion>
<name sortKey="Lugiez, Denis" sort="Lugiez, Denis" uniqKey="Lugiez D" first="Denis" last="Lugiez">Denis Lugiez</name>
<name sortKey="Rusinowitch, Michael" sort="Rusinowitch, Michael" uniqKey="Rusinowitch M" first="Michael" last="Rusinowitch">Michael Rusinowitch</name>
</country>
</tree>
</affiliations>
</record>

Pour manipuler ce document sous Unix (Dilib)

EXPLOR_STEP=$WICRI_ROOT/Wicri/Lorraine/explor/InforLorV4/Data/Main/Exploration

HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 004E20 | SxmlIndent | more

HfdSelect -h $EXPLOR_AREA/Data/Main/Exploration/biblio.hfd -nk 004E20 | SxmlIndent | more

Pour mettre un lien sur cette page dans le réseau Wicri

{{Explor lien
   |wiki=    Wicri/Lorraine
   |area=    InforLorV4
   |flux=    Main
   |étape=   Exploration
   |type=    RBID
   |clé=     Hal:inria-00133996
   |texte=   Toward an Automatic Analysis of Web Service Security
}}

This area was generated with Dilib version V0.6.33.
Data generation: Mon Jun 10 21:56:28 2019. Site generation: Fri Feb 25 15:29:27 2022

	Serveur d'exploration sur la recherche en informatique en Lorraine
	Attention, ce site est en cours de développement ! Attention, site généré par des moyens informatiques à partir de corpus bruts. Les informations ne sont donc pas validées.

Serveur d'exploration sur la recherche en informatique en Lorraine

Toward an Automatic Analysis of Web Service Security

Toward an Automatic Analysis of Web Service Security

Source :

English descriptors

Abstract

Links toward previous steps (curation, corpus...)

Le document en format XML

Pour manipuler ce document sous Unix (Dilib)

Pour mettre un lien sur cette page dans le réseau Wicri