Skip to main content
SpringerLink
Log in

CaPiTo: protocol stacks for services

  • Original Article
  • Published:
Formal Aspects of Computing

Abstract

CaPiTo allows the modelling of service-oriented applications using process algebras at three levels of abstraction. The abstract level focuses on the key functionality of the services; the plug-in level shows how to obtain security using standardised protocol stacks; finally, the concrete level allows to consider how security is obtained using asymmetric and symmetric cryptographic primitives. The CaPiTo approach therefore caters for a variety of developers that need to cooperate on designing and implementing service-oriented applications. We show how to formally analyse CaPiTo specifications for ensuring the absence of security flaws. The method used is based on static analysis of the corresponding LySa specifications. We illustrate the development on two industrial case studies; one taken from the banking sector and the other a single sign-on protocol.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Armando A, Carbone R, Compagna L, Cuellar J, Abad LT (2008) Formal analysis of SAML 2.0 Web browser single sign-on: breaking the SAML-based single sign-on for Google Apps. In: The 6th ACM workshop on formal methods in security engineering (FMSE 2008). Hilton Alexandria Mark Center, Virginia, USA. ACM Press

  2. Abadi M, Gordon AD (1999) A calculus for cryptographic protocols: the spi calculus. Inf Comput 148(1): 1–70

    Article  MathSciNet  MATH  Google Scholar 

  3. Bodei C, Buchholtz M, Degano P, Nielson F, HR Nielson (2005) Static validation of security protocols. J Comput Secur 13: 347–390

    Google Scholar 

  4. Boreale M, Bruni R, Nicola R, Loreti M (2008) Sessions and pipelines for structured service programming. In: Proceedings of the 10th IFIP WG 6.1 international conference on formal methods for open object-based distributed systems, FMOODS ’08. Springer, Berlin, pp 19–38

  5. Dierks T, Allen C (1999) The tls protocol version 1.0

  6. Gao H (2008) Analysis of security protocols by annotations. PhD thesis, Technical University of Denmark

  7. Gao H, Nielson F, Nielson HR (2011) Analysing protocol stacks for services. In: Rigorous software engineering for service-oriented systems. Springer LNCS (to appear)

  8. Hughes J, Maler E (2004) Security assertion markup language (SAML) v1.1 technical overview. Technical report

  9. Hansen SM, Skriver J, Nielson HR (2005) Using static analysis to validate the saml single sign-on protocol. In: Proceedings of the 2005 workshop on issues in the theory of security, WITS ’05, New York, NY, USA. ACM, pp 27–40

  10. Leduc G, Germeau F (2000) Verification of security protocols using lotos—method and application. Comput Commun 23:2000

    Google Scholar 

  11. Liberty alliance project. http://www.projectliberty.org/

  12. Lapadula A, Pugliese R, Tiezzi F (2007) A calculus for orchestration of web services. In: Proceedings of the 16th European conference on programming, ESOP’07. Springer, Berlin, pp 33–47

  13. Milner R (1999) Communicating and mobile systems: the pgr;-calculus. Cambridge University Press, New York

    Google Scholar 

  14. Mödersheim S, Viganò L (2009) The open-source fixed-point model checker for symbolic analysis of security protocols. Springer, Berlin, pp 166–194

    Google Scholar 

  15. Nielsen CR, Alessandrini M, Pollmeier M, Nielson HR (2007) Formalising the S&N credit request. Technical report, Technical University of Denmark, Informatics and Mathematical Modelling, Technical University

  16. Nielson HR, Nielson F, Pilegaard H (2011) Flow logic for process calculi. ACM Comput Surv (to appear)

  17. Nielson F, Nielson HR, Seidl H (2002) A succinct solver for alfp. Nordic J Comput 9: 335–372

    MathSciNet  MATH  Google Scholar 

  18. Organization for the advancement of structured information standards. http://www.oasis-open.org/home/index.php

  19. O’Shea N. The elyjah project. http://homepages.inf.ed.ac.uk/s0237477/

  20. Itu-t x.200 (07/94) the basic reference model (osi). http://www.cisco.com/en/US/docs/internetworking/technology/handbook/OSI-Protocols.html

  21. Proverif: Cryptographic protocol verifier in the formal model. http://www.proverif.ens.fr/

  22. Reisig W (1985) Petri nets: an introduction. Springer, New York

    MATH  Google Scholar 

  23. Scyther tool. http://people.inf.ethz.ch/cremersc/scyther/

  24. Sensoria project. http://sensoria.fast.de/

  25. Shibboleth project. http://shibboleth.internet2.edu/index.html

  26. Simple object access protocol (soap). http://www.w3.org/TR/#tr_SOAP

  27. Stallings W (1999) Cryptography and network security, 2nd edn. Principles and practice. Prentice-Hall, Upper Saddle River

  28. Oasis web services security (wss) tc. http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss

Download references

Author information

Authors and Affiliations

  1. DTU Informatics, Technical University of Denmark, Kongens Lyngby, Denmark

    Han Gao, Flemming Nielson & Hanne Riis Nielson

Authors
  1. Han Gao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Flemming Nielson
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hanne Riis Nielson
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Flemming Nielson.

Additional information

Jim Woodcock

Rights and permissions

Reprints and permissions

About this article

Cite this article

Gao, H., Nielson, F. & Nielson, H.R. CaPiTo: protocol stacks for services. Form Asp Comp 23, 541–565 (2011). https://doi.org/10.1007/s00165-011-0174-7

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00165-011-0174-7

Keywords

Search

Navigation