Towards an Automatic Analysis of Web Service Security

Yannick Chevalier; Denis Lugiez; Michael Rusinowitch

doi:10.1007/978-3-540-74621-8_9

Communication Dans Un Congrès Année : 2007

Towards an Automatic Analysis of Web Service Security

(1, 2) , (3) , (4)

1
2
3
4

Yannick Chevalier

Fonction : Auteur
PersonId : 741963
IdHAL : yannick-chevalier-cs
ORCID : 0000-0002-8617-4209
IdRef : 076752801

Logique, Interaction, Langue et Calcul

Université Toulouse III - Paul Sabatier

Denis Lugiez

Fonction : Auteur

Laboratoire d'informatique Fondamentale de Marseille - UMR 6166

Michael Rusinowitch

Fonction : Auteur
PersonId : 5215
IdHAL : michael-rusinowitch
IdRef : 029609135

Combination of approaches to the security of infinite states systems

Résumé

Web services send and receive messages in XML syntax with some parts hashed, encrypted or signed, according to the WS-Security standard. We have introduced a model to formally describe the protocols that underly these services, their security properties and the rewriting attacks they might be subject to. Unlike other protocol models (in symbolic analysis) ours can handle non-deterministic receive/send actions and unordered sequence of XML nodes. Then to detect the attacks we have to consider the services as combining multiset operators and cryptographic ones and we have to solve specific satisfiability problems in the combined theory. By an extension of the combination techniques we obtain a decision procedure for insecurity of Web services with messages built using encryption, signature, and other cryptographic primitives. This combination technique allows one to decide insecurity in a modular way by reducing the associated constraint solving problems to problems in simpler theories.

Nous introduisons un modèle abstrait des services web qui permet d'exprimer les attaques par réécriture. Nous proposons un algorithme pour détecter ce type de vulnérabilité.

Mots clés

Security Web services verification cryptographic protocols combination of decision procedures equational theories rewriting

Domaines

Logique en informatique [cs.LO]

Michaël Rusinowitch : Connectez-vous pour contacter le contributeur

https://inria.hal.science/inria-00557707

Soumis le : mercredi 19 janvier 2011-17:38:00

Dernière modification le : lundi 20 novembre 2023-11:44:21

Dates et versions

inria-00557707 , version 1 (19-01-2011)

Identifiants

HAL Id : inria-00557707 , version 1
DOI : 10.1007/978-3-540-74621-8_9

Citer

Yannick Chevalier, Denis Lugiez, Michael Rusinowitch. Towards an Automatic Analysis of Web Service Security. 6th International Symposium on Frontiers of Combining Systems - FroCoS'07, Sep 2007, Liverpool, United Kingdom. pp.133-147, ⟨10.1007/978-3-540-74621-8_9⟩. ⟨inria-00557707⟩

Exporter

BibTeX XML-TEI Dublin Core DC Terms EndNote DataCite

Collections

UNIV-TLSE2 LIF CNRS INRIA UNIV-AMU UNIV-FCOMTE UNIV-BM FEMTO-ST UNIV-BM-THESE UT1-CAPITOLE UNIV-LORRAINE INRIA2 LORIA LORIA-FM LIS-LAB MOVE IRIT IRIT-LILAC IRIT-IA IRIT-UT3 TOULOUSE-INP UNIV-UT3 UT3-TOULOUSEINP

149 Consultations

0 Téléchargements

Towards an Automatic Analysis of Web Service Security

Résumé

Mots clés

Domaines

Dates et versions

Identifiants

Citer

Exporter

Collections

Altmetric

Partager