On the Relationship Between Web Services Security and Traditional Protocols
XML and Web Services security specifications define elements to incorporate security tokens within a SOAP message. We propose a method for mapping such messages to an abstract syntax in the style of Dolev-Yao, and in particular Casper notation. We show that this translation preserves flaws and attac...
| Main Authors: | , |
|---|---|
| Format: | Journal article |
| Language: | English |
| Published: |
Elsevier
2006
|
| _version_ | 1797079539853033472 |
|---|---|
| author | Kleiner, E Roscoe, A Kleiner, E Roscoe, A |
| author_facet | Kleiner, E Roscoe, A Kleiner, E Roscoe, A |
| author_sort | Kleiner, E |
| collection | OXFORD |
| description | XML and Web Services security specifications define elements to incorporate security tokens within a SOAP message. We propose a method for mapping such messages to an abstract syntax in the style of Dolev-Yao, and in particular Casper notation. We show that this translation preserves flaws and attacks. Therefore we provide a way for all the methods, and specifically Casper and FDR, that have been developed in the last decade by the theoretical community for the analysis of cryptographic protocols to be used for analysing WS-Security protocols. Finally, we demonstrate how this technique can be used to prove properties and discover attacks upon a proposed Microsoft WS-SecureConversation protocol. © 2006. |
| first_indexed | 2024-03-07T00:47:23Z |
| format | Journal article |
| id | oxford-uuid:8528f0a5-1885-4e8f-b2f4-330d09bfce5d |
| institution | University of Oxford |
| language | English |
| last_indexed | 2024-03-07T00:47:23Z |
| publishDate | 2006 |
| publisher | Elsevier |
| record_format | dspace |
| spelling | oxford-uuid:8528f0a5-1885-4e8f-b2f4-330d09bfce5d2022-03-26T21:55:30ZOn the Relationship Between Web Services Security and Traditional ProtocolsJournal articlehttp://purl.org/coar/resource_type/c_dcae04bcuuid:8528f0a5-1885-4e8f-b2f4-330d09bfce5dEnglishSymplectic Elements at OxfordElsevier2006Kleiner, ERoscoe, AKleiner, ERoscoe, AXML and Web Services security specifications define elements to incorporate security tokens within a SOAP message. We propose a method for mapping such messages to an abstract syntax in the style of Dolev-Yao, and in particular Casper notation. We show that this translation preserves flaws and attacks. Therefore we provide a way for all the methods, and specifically Casper and FDR, that have been developed in the last decade by the theoretical community for the analysis of cryptographic protocols to be used for analysing WS-Security protocols. Finally, we demonstrate how this technique can be used to prove properties and discover attacks upon a proposed Microsoft WS-SecureConversation protocol. © 2006. |
| spellingShingle | Kleiner, E Roscoe, A Kleiner, E Roscoe, A On the Relationship Between Web Services Security and Traditional Protocols |
| title | On the Relationship Between Web Services Security and Traditional Protocols |
| title_full | On the Relationship Between Web Services Security and Traditional Protocols |
| title_fullStr | On the Relationship Between Web Services Security and Traditional Protocols |
| title_full_unstemmed | On the Relationship Between Web Services Security and Traditional Protocols |
| title_short | On the Relationship Between Web Services Security and Traditional Protocols |
| title_sort | on the relationship between web services security and traditional protocols |
| work_keys_str_mv | AT kleinere ontherelationshipbetweenwebservicessecurityandtraditionalprotocols AT roscoea ontherelationshipbetweenwebservicessecurityandtraditionalprotocols AT kleinere ontherelationshipbetweenwebservicessecurityandtraditionalprotocols AT roscoea ontherelationshipbetweenwebservicessecurityandtraditionalprotocols |