Application of Model Checking to AXML System’s Security: A Case Study

  • Il-Gon Kim
  • Debmalya Biswas
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4184)


An Active XML (AXML in short) has been developed to provide efficient data management and integration by allowing Web services calls to be embedded in XML document. AXML documents have new security issues due to the possibility of malicious documents and attackers. To solve this security problem, document-level security with embedded service calls has been proposed to overcome the limitation of traditional security protocols.

The aim of this paper is to show how existing model checking technique, with CSP and FDR, used for traditional message-based security protocols, can be adapted to specify and verify AXML document-based security. To illustrate our approach, we present the framework for modelling and analyzing AXML document’s security. Then, we demonstrate how this technique can be applied to analyze electronic patient record taken from [13]. Finally, we show the possible vulnerabilities due to delegated query and malicious service call.


Model Check Security Protocol Electronic Patient Record Attack Scenario Service Call 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abiteboul, S., Benjelloun, O., Cautis, B., Manolescu, I., Milo, T., Preda, N.: Lazy Query Evaluation for Active XML. In: Proceedings of ACM SIGMOD Conference, pp. 227–238 (2004)Google Scholar
  2. 2.
    Abiteboul, S., Manolescu, I., Taropa, F.: A Framework for Distributed XML Data Management. In: Ioannidis, Y., Scholl, M.H., Schmidt, J.W., Matthes, F., Hatzopoulos, M., Böhm, K., Kemper, A., Grust, T., Böhm, C. (eds.) EDBT 2006. LNCS, vol. 3896, pp. 1049–1058. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  3. 3.
    Active XML Home Page (AXML) (2004),
  4. 4.
    Bhargavan, K., Fournet, C., Gordon, A.D., Pucella, R.: TulaFale: A security tool for web services. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2003. LNCS, vol. 3188, pp. 197–222. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. 5.
    Abiteboul, S., Alexe, B., Benjelloun, O., Cautis, B., Fundulaki, I., Milo, T., Sahuguet, A.: An Electronic Patient Record on Steroids: Distributed, Peer-to-Peer, Secure and Privacy-conscious. In: Proceedings of the 30th VLDB Conference, pp. 1273–1276 (2004)Google Scholar
  6. 6.
    Abiteboul, S., Benjelloun, O., Cautis, B., Milo, T.: Active XML, Security and Access Control. In: Proceedings of the SBBD Workshop, pp. 13–22 (2004)Google Scholar
  7. 7.
    Eastlake, D., Reagle, J., Imamura, T., Dillaway, B., Simon, E.: XML-Encryption synatx and Proceeding, W3C Recommendation (2001)Google Scholar
  8. 8.
    Eastlake, D., Reagle, J., Solo, D., Bartel, M., Boyer, J., Fox, B., LaMacchia, B., Simon, E.: XML-Signature Syntax and Processing, W3C Recommendation (2002)Google Scholar
  9. 9.
    Hoare, C.A.R.: Communicating Sequential Processes (1985)Google Scholar
  10. 10.
    Hui, M.L., Lowe, G.: Fault-preserving Simplifying Transformations for Security Protocols. Journal of Computer Security 9(1/2), 3–46 (2001)Google Scholar
  11. 11.
    Formal Systems (Europe) Ltd. FDR2 User Manual (August 1999)Google Scholar
  12. 12.
    IBM, Microsoft, and VeriSign, Web Services Security(WS-Security), Version 1.0 (April 2002)Google Scholar
  13. 13.
    Kim, I.G., Biswa, D.: Secure Data Management based on AXML Document: Electronic Patient Record (submitted, 2006)Google Scholar
  14. 14.
    Kleiner, E., Roscoe, A.W.: Web Services Security: a preliminary study using Casper and FDR. In: Proceedings of Automated Reasoning for Security Protocol Analysis (ARSPA 2004) (2004)Google Scholar
  15. 15.
    Kleiner, E., Roscoe, A.W.: On the Relationship between Web Services Security and Traditional Protocols. In: DIMACS Workshop on Security of Web Services and E-Commerce (2005)Google Scholar
  16. 16.
    Tobarra, L., Cazorla, D., Cuartero, F., Diaz, G.: Applicatoin of Formal Methods to the Analysis of Web Services Security. In: 2nd International Workshop on Web Services and Formal Methods, pp. 215–229 (2005)Google Scholar
  17. 17.
    Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)Google Scholar
  18. 18.
    Lowe, G.: A Compiler for the Analysis of Security Protocols. In: Proceedings of the 10th Computer Security Foundations Workshop (1997)Google Scholar
  19. 19.
    Microsoft, Microsoft Web Services Enhancements (WSE) 2.0, In: Proceedings of ACM SIGMOD, pp.289-300 (2003),
  20. 20.
    Ryan, P.Y.A., Schneider, S.A.: Modelling and Analysis of Security Protocols: The CSP Approach. Addison-Wesley, Reading (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Il-Gon Kim
    • 1
  • Debmalya Biswas
    • 1
  1. 1.IRISA/INRIARennesFrance

Personalised recommendations