Abstract
We show an approach, CaPiTo, to model service-oriented applications using process algebras such that, on the one hand, we can achieve a certain level of abstraction without being overwhelmed by the underlying implementation details and, on the other hand, we respect the concrete industrial standards used for implementing the service-oriented applications. By doing so, we will be able to not only reason about applications at different levels of abstractions, but also to build a bridge between the views of researchers on formal methods and developers in industry. We apply our approach to the financial case study taken from Chapter 0-3. Finally, we develop a static analysis to analyse the security properties as they emerge at the level of concrete industrial protocols.
This work has been partially sponsored by the project Sensoria, IST-2005-016004.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M., Gordon, A.D.: A Calculus for Cryptographic Protocols: The Spi Calculus. Information and Computation 148(1), 1–70 (1999)
Armando, A., Carbone, T., Compagna, L.: LTL model checking for security protocols. In: Proc. 20th CSFW (2007)
Armando, A., Carbone, T., Compagna, L., Cuellar, J., Tobarra, L.: Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based sign on for Google appa. In: Proc. 6th ACM Workshop on Formal Methods in Security Engineering (2008)
Bella, G., Longo, C., Paulson, L.: Verifying second-level security protocols. In: Theorem Proving in Higher Order Logics (2003)
Broadfoot, P., Lowe, G.: On distributed security transactions that use secure transfport protocols. In: Proc. 16th CSFW (2003)
Bodei, C., Buchholtz, M., Degano, P., Nielson, F., Nielson, H.R.: Static Validation of Security Protocols. Journal of Computer Security 13(3), 347–390 (2005)
Boreale, M., Bruni, R., De Nicola, R., Loreti, M.: Sessions and Pipelines for Structured Service Programming. In: Barthe, G., de Boer, F.S. (eds.) FMOODS 2008. LNCS, vol. 5051, pp. 19–38. Springer, Heidelberg (2008)
Boyd, C.: Security architectures using formal methods. IEEE Journal on Selected Areas in Communications 11(5) (1993)
Bugliesi, M., Focardi, R.: Language based secure communication. In: Proc. 21st CSFS (2008)
Dierks, T., Allen, C.: The TLS protocol version 1.0. RFC 2246, Internet Engineering Task Force (January 1999)
Dilloway, C., Lowe, G.: Specifying secure channels. In: Proc. 21st CSFS (2008)
Dilloway, C.: On the Specification and Analysis of Secure Transport Protocols. PhD Thesis, Oxford University (2008)
Dolev, D., Yao, A.C.: On the Security of Public Key Protocols. IEEE TIT IT-29(12), 198–208 (1983)
Hansen, S., Skriver, J., Riis Nielson, H.: Using static analysis to validate the SAML Single Sign-On protocol. In: Proceedings of Workshop on Issues in the Theory of Security (WITS 2005) (2005)
Maurer, U., Schmid, P.: A Calculus for secure channel establishment in open networks. In: Gollmann, D. (ed.) ESORICS 1994. LNCS, vol. 875. Springer, Heidelberg (1994)
Milner, R.: Communicating and mobile systems: the π-calculus. Cambridge University Press, Cambridge (1999)
Nielsen, C.R., Alessandrini, M., Pollmeier, M., Nielson, H.R.: Formalising the S&N Credit Request. Confidential Sensoriainternal report (Only for use within the Consultion) (2007)
Organization for the Advancement of Structured Information Standards, http://www.oasis-open.org/
Simple Object Access Protocol (SOAP). W3C, http://www.w3.org/TR/soap/
X.200 : Information technology - Open Systems Interconnection - Basic Reference Model: The basic model
OASIS Web Services Security (WSS) TC, http://www.oasis-open.org/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Gao, H., Nielson, F., Nielson, H.R. (2011). Analysing Protocol Stacks for Services. In: Wirsing, M., Hölzl, M. (eds) Rigorous Software Engineering for Service-Oriented Systems. Lecture Notes in Computer Science, vol 6582. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20401-2_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-20401-2_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-20400-5
Online ISBN: 978-3-642-20401-2
eBook Packages: Computer ScienceComputer Science (R0)