Abstract
We show an approach, CaPiTo, to model service-oriented applications using process algebras such that, on the one hand, we can achieve a certain level of abstraction without being overwhelmed by the underlying implementation details and, on the other hand, we respect the concrete industrial standards used for implementing the service-oriented applications. By doing so, we will be able to not only reason about applications at different levels of abstractions, but also to build a bridge between the views of researchers on formal methods and developers in industry. We apply our approach to the financial case study taken from Chapter 0-3. Finally, we develop a static analysis to analyse the security properties as they emerge at the level of concrete industrial protocols.
This work has been partially sponsored by the project Sensoria, IST-2005-016004.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M., Gordon, A.D.: A Calculus for Cryptographic Protocols: The Spi Calculus. Information and Computation 148(1), 1–70 (1999)
Armando, A., Carbone, T., Compagna, L.: LTL model checking for security protocols. In: Proc. 20th CSFW (2007)
Armando, A., Carbone, T., Compagna, L., Cuellar, J., Tobarra, L.: Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based sign on for Google appa. In: Proc. 6th ACM Workshop on Formal Methods in Security Engineering (2008)
Bella, G., Longo, C., Paulson, L.: Verifying second-level security protocols. In: Theorem Proving in Higher Order Logics (2003)
Broadfoot, P., Lowe, G.: On distributed security transactions that use secure transfport protocols. In: Proc. 16th CSFW (2003)
Bodei, C., Buchholtz, M., Degano, P., Nielson, F., Nielson, H.R.: Static Validation of Security Protocols. Journal of Computer Security 13(3), 347–390 (2005)
Boreale, M., Bruni, R., De Nicola, R., Loreti, M.: Sessions and Pipelines for Structured Service Programming. In: Barthe, G., de Boer, F.S. (eds.) FMOODS 2008. LNCS, vol. 5051, pp. 19–38. Springer, Heidelberg (2008)
Boyd, C.: Security architectures using formal methods. IEEE Journal on Selected Areas in Communications 11(5) (1993)
Bugliesi, M., Focardi, R.: Language based secure communication. In: Proc. 21st CSFS (2008)
Dierks, T., Allen, C.: The TLS protocol version 1.0. RFC 2246, Internet Engineering Task Force (January 1999)
Dilloway, C., Lowe, G.: Specifying secure channels. In: Proc. 21st CSFS (2008)
Dilloway, C.: On the Specification and Analysis of Secure Transport Protocols. PhD Thesis, Oxford University (2008)
Dolev, D., Yao, A.C.: On the Security of Public Key Protocols. IEEE TIT IT-29(12), 198–208 (1983)
Hansen, S., Skriver, J., Riis Nielson, H.: Using static analysis to validate the SAML Single Sign-On protocol. In: Proceedings of Workshop on Issues in the Theory of Security (WITS 2005) (2005)
Maurer, U., Schmid, P.: A Calculus for secure channel establishment in open networks. In: Gollmann, D. (ed.) ESORICS 1994. LNCS, vol. 875. Springer, Heidelberg (1994)
Milner, R.: Communicating and mobile systems: the π-calculus. Cambridge University Press, Cambridge (1999)
Nielsen, C.R., Alessandrini, M., Pollmeier, M., Nielson, H.R.: Formalising the S&N Credit Request. Confidential Sensoriainternal report (Only for use within the Consultion) (2007)
Organization for the Advancement of Structured Information Standards, http://www.oasis-open.org/
Simple Object Access Protocol (SOAP). W3C, http://www.w3.org/TR/soap/
X.200 : Information technology - Open Systems Interconnection - Basic Reference Model: The basic model
OASIS Web Services Security (WSS) TC, http://www.oasis-open.org/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Gao, H., Nielson, F., Nielson, H.R. (2011). Analysing Protocol Stacks for Services. In: Wirsing, M., Hölzl, M. (eds) Rigorous Software Engineering for Service-Oriented Systems. Lecture Notes in Computer Science, vol 6582. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20401-2_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-20401-2_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-20400-5
Online ISBN: 978-3-642-20401-2
eBook Packages: Computer ScienceComputer Science (R0)