• Documents
  • Authors
  • Tables
  • Other Seers ▼
    RefSeer AckSeer CollabSeer SeerSeer
  • Log in
  • Sign up
  • MetaCart

CiteSeerX logo

Advanced Search Include Citations
Advanced Search Include Citations | Disambiguate

A Semantics for Web Services Authentication (2004)

Cached

  • Download as a PDF

Download Links

  • [pauillac.inria.fr]
  • [research.microsoft.com]
  • [research.microsoft.com]
  • [www.research.microsoft.com]
  • [research.microsoft.com]
  • [research.microsoft.com]
  • [research.microsoft.com]
  • [research.microsoft.com]
  • [www.research.microsoft.com]
  • [research.microsoft.com]

  • Save to List
  • Add to Collection
  • Correct Errors
  • Monitor Changes
by Karthikeyan Bhargavan, et al.
Citations:38 - 9 self
  • Summary
  • Active Bibliography
  • Co-citation
  • Clustered Documents
  • Version History

BibTeX

@MISC{Bhargavan04asemantics,
    author = {Karthikeyan Bhargavan and et al.},
    title = { A Semantics for Web Services Authentication},
    year = {2004}
}

Years of Citing Articles

Bookmark

citeulike Connotea Bibsonomy Del.icio.us Digg Reddit

OpenURL

 

Abstract

We consider the problem of specifying and verifying cryptographic security protocols for XML web services. The security specification WS-Security describes a range of XML security tokens, such as username tokens, public-key certificates, and digital signature blocks, amounting to a flexible vocabulary for expressing protocols. To describe the syntax of these tokens, we extend the usual XML data model with symbolic representations of cryptographic values. We use predicates on this data model to describe the semantics of security tokens and of sample protocols distributed with the Microsoft WSE implementation of WS-Security. By embedding our data model within Abadi and Fournet’s applied pi calculus, we formulate and prove security properties with respect to the standard Dolev-Yao threat model. Moreover, we informally discuss issues not addressed by the formal model. To the best of our knowledge, this is the first approach to the specification and verification of security protocols based on a faithful account of the XML wire format.

Citations

1040 R.: A logic for authentication - Burrows, Abadi, et al. - 1989
872 A.C.-C.: On the security of public key protocols - Dolev, Yao - 1983
822 Term rewriting and All That - Baader, Nipkow - 1998
783 Using encryption for authentication in large networks of computers - Needham, Schroeder - 1978
741 End-to-end arguments in system design - Saltzer, Reed, et al. - 1984
548 Breaking and fixing the Needham-Schroeder public-key protocol using CSP and FDR - Lowe
520 Communicating and Mobile Systems: the π-Calculus - Milner - 1999
368 The inductive approach to verifying cryptographic protocols - Paulson - 1998
327 The TLS protocol version 1.0 - DIERKS, ALLEN - 1999
278 HMAC: Keyed-Hashing for Message Authentication - Krawczyk, Bellare, et al.
202 Mobile Values, News Names, and Secure Communication - Abadi, Fournet - 2001
186 An Efficient Cryptographic Protocol Verifier Based on Prolog Rules - Blanchet - 2001
156 A hierarchy of authentication specifications - Lowe - 1997
131 A semantic model for authentication protocols - Woo, Lam - 1993
128 Three systems for cryptographic protocol analysis - Kemmerer, Meadows, et al. - 1994
97 Authenticity by typing for security protocols - Gordon, Jeffrey - 2003
89 Integrating security in a large distributed system - Satyanarayanan - 1989
80 spaces: Proving security protocols correct - Fábrega, Herzog, et al. - 1999
56 From Secrecy to Authenticity in Security Protocols - Blanchet - 2004
53 The essence of XML - Siméon, Wadler - 2003
50 Web Services Are Not Distributed Objects - Vogels
42 Secure network objects - Doorn, Abadi, et al. - 1996
37 Authentication primitives and their compilation - Abadi, Fournet, et al.
34 TAPS: A first-order verifier for cryptographic protocols - Cohen - 2000
29 Public-Key Cryptography Standards (PKCS) #1 - Jonsson, Kaliski - 2003
28 Validating a web service security abstraction by typing - Gordon, Pucella
27 TulaFale: A security tool for web services - Bhargavan, Fournet, et al. - 2004
22 Hiding names: Private authentication in the applied pi calculus - Fournet, Abadi - 2003
10 Web services security (WS-Security), version 1.0. http://msdn.microsoft.com/ library/en-us/dnglobspec/html/ws-security.asp. Draft submitted to OASIS Web Services Security TC - Atkinson, Della-Libera, et al. - 2002
7 Securing SOAP e-services - Damiani, Vimercati, et al.
6 Towards securing XML Web services - Damiani, Vimercati, et al. - 2002
3 Web Services Enhancements for Microsoft .NET - Corporation - 2002
3 Web services routing protocol (WS-Routing), at http://msdn.microsoft. com/library/en-us/dnglobspec/html/ws-routing.asp - Nielsen, Thatte - 2001
1 Web services security addendum version 1.0. At http://msdn.microsoft.com/library/en-us/dnglobspec/html/ ws-security-addendum.asp - Maruyama, Nadalin, et al. - 2002
1 At http://www.oasis-open.org/ committees/tc_home.php?wg_abbrev=wss - Nadalin, Kaler, et al. - 2003
1 Available from http://www.oasis-open.org/committees/tc_home. php?wg_abbrev=wss - Nadalin, Kaler, et al. - 2003
1 Private authentication, Theoret - Abadi, Fournet - 2004
1 Exclusive XML Canonicalization, 2002. W3C Recommendation, at http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718/. K. Bhargavan et al - Boyer, Eastlake, et al.
1 A logic ofauthentication - Burrows, Abadi, et al. - 1989
1 On the security ofpublic key protocols - Dolev, Yao - 1983
1 A comparison ofthree authentication properties, Theoret - Focardi, Gorrieri, et al. - 2003
1 A hierarchy ofauthentication specifications, in - Lowe - 1997
1 The essence ofXML, in - Siméon, Wadler
The National Science Foundation
  • About CiteSeerX
  • Submit Documents
  • Privacy Policy
  • Help
  • Data
  • Source
  • Contact Us

Developed at and hosted by The College of Information Sciences and Technology

© 2007-2010 The Pennsylvania State University