Skip to main content
SpringerLink
Log in

Application of Formal Methods to the Analysis of Web Services Security

  • Conference paper
Book cover Formal Techniques for Computer Systems and Business Processes (EPEW 2005, WS-FM 2005)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3670))

Abstract

Web Services technologies have introduced a new challenge for security protocols. Traditional security protocols cannot handle intermediaries and the flexibility of Web Services bindings. Thus, several proposals for introducing security in Web Services have been presented. One of these is Web Services Security. In this paper we illustrate how this protocol works, with an example, and analyse whether it is a good option guaranteeing the security of Web Services.

This work has been partially supported by the MCyT project “Description and Performance of Distributed Systems and Application to Multimedia Systems” (Ref. TIC2003-07848-c02-02) and the JCCM project “Design and Implementation of Efficient Multimedia Systems by using Formal Techniques” (Ref. PAC-03001)

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Dierks, T., Allen, C.: The TLS Protocol. Version 1.0. RFC 2246. Standards track, Network Working Group (January 1999)

    Google Scholar 

  2. Bhargavan, K., Fournet, C., Gordon, A.D., Corin, R.: Secure Sessions for Web Services (August 2004), At, http://research.microsoft.com/projects/samoa/secure-sessions-with-scripts.pdf

  3. Bhargavan, K., Fournet, C., Gordon, A.D.: Verifying policy-based security for web services. In: CCS 2004: Proceedings of the 11th ACM conference on Computer and communications security, New York, USA, pp. 268–277. ACM Press, New York (2004)

    Chapter  Google Scholar 

  4. Bhargavan, K., Fournet, C., Gordon, A.D., Pucella, R.: Tulafale: A security tool for web services. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2003. LNCS, vol. 3188, pp. 197–222. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  5. Clarke, E.M., Grumberg, O., Peled, D.A.: Model Checking. The MIT Press, Cambridge (1999)

    Google Scholar 

  6. Formal Systems (Europe) Limited. FDR Manual, http://www.fsel.com/fdr2_manual.html

  7. Alan Freier, O., Karlton, P., Kocher, P.C.: The SSL Protocol Version 3.0, Internet draft, Netscape (March 1996)

    Google Scholar 

  8. Díaz, G., Pardo, J., Cambronero, E., Valero, V., Cuartero, F.: Verification of Web Services with Timed Automata. In: 1st Int’l Workshop on Automated Specification and Verification of Web Sites (2005)

    Google Scholar 

  9. Hoare, C.A.R.: Communicating Sequential Processes. Prentice-Hall, Englewood Cliffs (1985)

    MATH  Google Scholar 

  10. IBM and Microsoft. Security in a Web Services World: a proposed architecture and roadmap (April 2002), http://www.-106.ibm.com/developerworks/library/ws-secmap/

  11. IBM, Microsoft, and VeriSign. Web Services Security (WS-Security). Version 1.0 (April 2002)

    Google Scholar 

  12. Johnson, J.E., Langworthy, D.E., Lamport, L., Vogt, F.H.: Formal Specification of a Web Services Protocol, February 2004. Electronic Notes in Theoretical Computer Science, vol. 105 (2004), pp. 147–158 (2004)

    Google Scholar 

  13. Kent, S., Seo, K.: Security architecture for the internet protocol. Internet Draft (october 2004)

    Google Scholar 

  14. Kleiner, E., Roscoe, A.W.: Web Services Security: a preliminary study using Casper and FDR. In: Proceedings of the Workshop on Automated Reasoning for Security Protocol Analysis (ARSPA 2004) (June 2004)

    Google Scholar 

  15. Lowe, G.: Casper: A Compiler for the Analysis of Security Protocols. Journal of Computer Security 6, 53–84 (1998)

    Google Scholar 

  16. Microsoft. Microsoft Web Services Enhacements (WSE) 2.0, http://msdn.microsoft.com/webservices/building/wse/

  17. Nakijima, S.: On verifying Web Services Flows. In: Proc. SAINT 2002 Workshop, January 2002, pp. 223–224 (2002)

    Google Scholar 

  18. OASIS. “Identity Federation. Liberty Alliance Project ” (2004)

    Google Scholar 

  19. OASIS. UDDI Version 3.0.2 (October 2004), http://www.oasis-open.org/committees/uddi-spec/doc/tcspecs.htm#uddiv3

  20. OASIS. eXtensible Access Control Markup Language (XACML) v2.0 (February 2005)

    Google Scholar 

  21. OASIS. Security Assertion Markup Language (SAML) v2.0 (April 2005)

    Google Scholar 

  22. W3C. Simple Object Access Protocol (SOAP) 1.1(May 2000), http://www.w3c.org/TR/2000/NOTE-SOAP-20000508

  23. W3C. Web Services Description Language (WSDL) 1.1 (March 2001), http://www.w3.org/TR/wsdl

  24. W3C. XML Encryption Syntax and Processing (December 2002), http://www.w3c.org/TR/2002/REC-xmldend-core-20021210

  25. W3C. XML Signature Syntax and Processing (February 2002), http://www.w3c.org/TR/2002/REC-xmldsig-core-20020212

  26. W3C. Extensible Markup Language (XML)1.1 April (2004), http://www.w3.org/TR/2004/REC-xml11-20040204/

  27. W3C. Web Services Architecture (February 2004), http://www.w3c.org/TR/2004/NOTE-ws-arch-20040211

Download references

Author information

Authors and Affiliations

  1. Escuela Politécnica Superior de Albacete, Universidad de Castilla-La Mancha, 02071, Albacete, Spain

    Llanos Tobarra, Diego Cazorla, Fernando Cuartero & Gregorio Díaz

Authors
  1. Llanos Tobarra
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Diego Cazorla
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Fernando Cuartero
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Gregorio Díaz
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Bologna,  

    Mario Bravetti

  2. PRiSM, Université de Versailles, 45, Av. des Etats-Unis, 78000, Versailles

    Leïla Kloul

  3. Dip. Scienze dell’Informazione, Università di Bologna, Italy

    Gianluigi Zavattaro

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Tobarra, L., Cazorla, D., Cuartero, F., Díaz, G. (2005). Application of Formal Methods to the Analysis of Web Services Security. In: Bravetti, M., Kloul, L., Zavattaro, G. (eds) Formal Techniques for Computer Systems and Business Processes. EPEW WS-FM 2005 2005. Lecture Notes in Computer Science, vol 3670. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11549970_16

Download citation

  • DOI: https://doi.org/10.1007/11549970_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-28701-8

  • Online ISBN: 978-3-540-31903-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation