Skip to main content
SpringerLink
Log in

Towards the Orchestration of Secured Services under Non-disclosure Policies

  • Conference paper
Computer Network Security (MMM-ACNS 2012)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 7531))

Abstract

The problem of finding a mediator to compose secured services has been reduced in our former work to the problem of solving deducibility constraints similar to those employed for cryptographic protocol analysis. We extend in this paper the mediator synthesis procedure by a construction for expressing that some data is not accessible to the mediator. Then we give a decision procedure for verifying that a mediator satisfying this non-disclosure policy can be effectively synthesized. This procedure has been implemented in CL-AtSe, our protocol analysis tool. The procedure extends constraint solving for cryptographic protocol analysis in a significative way as it is able to handle negative deducibility constraints without restriction. In particular it applies to all subterm convergent theories and therefore covers several interesting theories in formal security analysis including encryption, hashing, signature and pairing.

This work is supported by FP7 AVANTSSAR [5] and FP7 NESSoS [22] projects.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abadi, M., Cortier, V.: Deciding knowledge in security protocols under equational theories. Theoretical Computer Science 367(1-2), 2–32 (2006)

    Article  MathSciNet  MATH  Google Scholar 

  2. Avanesov, T., Chevalier, Y., Mekki, M.A., Rusinowitch, M.: Web Services Verification and Prudent Implementation. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds.) DPM 2011 and SETOP 2011. LNCS, vol. 7122, pp. 173–189. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  3. Avanesov, T., Chevalier, Y., Rusinowitch, M., Turuani, M.: Satisfiability of general intruder constraints with and without a set constructor. CoRR, abs/1103.0220 (2011)

    Google Scholar 

  4. Avanesov, T., Chevalier, Y., Rusinowitch, M., Turuani, M.: Intruder deducibility constraints with negation. Decidability and application to secured service compositions. INRIA Research Report (July 2012), http://hal.inria.fr/hal-00719011

  5. Automated Validation of Trust and Security of Service-Oriented Architectures, AVANTSSAR project, http://www.avantssar.eu

  6. Baudet, M.: Deciding security of protocols against off-line guessing attacks. In: Proceedings of CCS 2005 Conference, pp. 16–25. ACM (2005)

    Google Scholar 

  7. Chevalier, Y., Mekki, M.A., Rusinowitch, M.: Automatic composition of services with security policies. In: Proceedings of SERVICES I 2008, SERVICES 2008. pp. 529–537. IEEE, Washington, DC (2008)

    Google Scholar 

  8. Corin, R., Etalle, S., Saptawijaya, A.: A logic for constraint-based security protocol analysis. In: IEEE Symposium on Security and Privacy (S&P), Berkeley, California, USA, May 21-24, pp. 155–168. IEEE Computer Society (2006)

    Google Scholar 

  9. Costa, G., Degano, P., Martinelli, F.: Secure service orchestration in open networks. Journal of Systems Architecture - Embedded Systems Design 57(3), 231–239 (2011)

    Google Scholar 

  10. Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)

    Article  MathSciNet  MATH  Google Scholar 

  11. Armando, A., Arsac, W., Avanesov, T., Barletta, M., Calvi, A., Cappai, A., Carbone, R., Chevalier, Y., Compagna, L., Cuéllar, J., Erzse, G., Frau, S., Minea, M., Mödersheim, S., von Oheimb, D., Pellegrino, G., Ponta, S.E., Rocchetto, M., Rusinowitch, M., Torabi Dashti, M., Turuani, M., Viganò, L.: The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures. In: Flanagan, C., König, B. (eds.) TACAS 2012. LNCS, vol. 7214, pp. 267–282. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  12. Frau, S., Torabi Dashti, M.: Integrated specification and verification of security protocols and policies. In: 24th IEEE Computer Security Foundations Symposium, CSF 2011, Cernay-la-Ville, France, June 27-29, pp. 18–32 (2011)

    Google Scholar 

  13. Herzig, A., Lorini, E., Hübner, J.F., Vercouter, L.: A logic of trust and reputation. Logic Journal of IGPL 18(1), 214–244 (2010)

    Article  MATH  Google Scholar 

  14. Kourjieh, M.: Logical Analysis and Verification of Cryptographic Protocols. Thèse de doctorat, Université Paul Sabatier, Toulouse, France, (Décembre 2009)

    Google Scholar 

  15. Kourjhler, D., Ksters, R., Truderung, T.: Infinite state amc-model checking for cryptographic protocols. In: Symposium on Logic in Computer Science, pp. 181–192 (2007)

    Google Scholar 

  16. Lorini, E., Demolombe, R.: Trust and Norms in the Context of Computer Security: A Logical Formalization. In: van der Meyden, R., van der Torre, L. (eds.) DEON 2008. LNCS (LNAI), vol. 5076, pp. 50–64. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  17. Lynch, C., Meadows, C.: On the relative soundness of the free algebra model for public key encryption. In: Proceedings of the 2007 FCS-ARSPA Workshop. ENTCS, vol. 125, pp. 43–54 (2005), http://profs.sci.univr.it/~vigano/fcs-arspa07/fcs-arspa07.pdf

  18. Martinelli, F.: Towards an Integrated Formal Analysis for Security and Trust. In: Steffen, M., Zavattaro, G. (eds.) FMOODS 2005. LNCS, vol. 3535, pp. 115–130. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  19. McAllester, D.A.: Automatic recognition of tractability in inference relations. Journal of the ACM 40, 284–303 (1993)

    Article  MathSciNet  MATH  Google Scholar 

  20. Millen, J., Shmatikov, V.: Constraint solving for bounded-process cryptographic protocol analysis. In: Proceedings of the 8th ACM Conference on Computer and Communications Security, CCS 2001, pp. 166–175. ACM, New York (2001)

    Chapter  Google Scholar 

  21. Millen, J.K., Shmatikov, V.: Constraint solving for bounded-process cryptographic protocol analysis. In: Proceedings of the ACM Conference on Computer and Communications Security CCS 2001, pp. 166–175 (2001)

    Google Scholar 

  22. Network of Excellence on Engineering Secure Future Internet Software Services and Systems, NESSoS project, http://www.nessos-project.eu

  23. Rusinowitch, M., Turuani, M.: Protocol insecurity with finite number of sessions is NP-complete. In: Proceedings of CSFW 2001, pp. 174–190. IEEE Computer Society Press (2001)

    Google Scholar 

  24. Turuani, M.: The CL-Atse Protocol Analyser. In: Pfenning, F. (ed.) RTA 2006. LNCS, vol. 4098, pp. 277–286. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  25. Chevalier, Y., Mekki, M.A., Rusinowitch, M.: Orchestration under Security Constraints. In: Aichernig, B.K., de Boer, F.S., Bonsangue, M.M. (eds.) FMCO 2010. LNCS, vol. 6957, pp. 23–44. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. INRIA Nancy Grand Est, 615 allée du jardin botanique, 54000, Vandœuvre-lés-Nancy, France

    Tigran Avanesov, Michaël Rusinowitch & Mathieu Turuani

  2. IRIT, Université de Toulouse, 118 route de Narbonne, F-31062, Toulouse, France

    Tigran Avanesov & Yannick Chevalier

  3. SnT, Université du Luxebmourg, 6, rue Richard Coudenhove-Kalergi, L-1359, Luxembourg, Luxembourg

    Tigran Avanesov

Authors
  1. Tigran Avanesov
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yannick Chevalier
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michaël Rusinowitch
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mathieu Turuani
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. St. Petersburg Institute for Informatics and Automation, Russian Academy of Science, 39, 14th Liniya, 199178, St.-Petersburg, Russia

    Igor Kotenko

  2. Binghamton University (SUNYI), 13902, Binghamton, NY, USA

    Victor Skormin

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Avanesov, T., Chevalier, Y., Rusinowitch, M., Turuani, M. (2012). Towards the Orchestration of Secured Services under Non-disclosure Policies. In: Kotenko, I., Skormin, V. (eds) Computer Network Security. MMM-ACNS 2012. Lecture Notes in Computer Science, vol 7531. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33704-8_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-33704-8_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33703-1

  • Online ISBN: 978-3-642-33704-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation