Formal Methods for Web 2.0 Security Protocols - Position Paper
نویسندگان
چکیده
2. The network model is too detailed. The traditional model of the network as an opponent in cryptographic protocols enables the opponent to forge, alter and remove messages. In contrast, the basic protocols underlying, say, identity management frameworks assume integrity of messages. This greater abstraction permits the users and architects of Web 2.0 components to focus on semantic issues, such as trust and privacy, rather than on issues related to active attacks on the underlying cryptographic protocols that facilitate the assumption of integrity.
منابع مشابه
Browser Models for Usable Authentication Protocols
In this paper we argue that the deployment of browser-based protocols that make use of Web 2.0 technologies bears risks, which are not thoroughly studied. We postulate that these protocols have to become part of rigorous security analysis as done with cryptographic protocols. However, analysis of browser-based protocols requires security models that take into account (i) the protocol definition...
متن کاملBrowser-based identity federation
Given the increasing popularity of Web 2.0 applications, web-based three-party authentication gets more and more important. Identity federation fulfills this requirement through standardized protocols that authenticate Web users across trust domains. This thesis considers the problem of secure authentication by browser-based identity federation. This special class of identity federation only us...
متن کاملApplication of Formal Methods to the Analysis of Web Services Security
Web Services technologies have introduced a new challenge for security protocols. Traditional security protocols cannot handle intermediaries and the flexibility of Web Services bindings. Thus, several proposals for introducing security in Web Services have been presented. One of these is Web Services Security. In this paper we illustrate how this protocol works, with an example, and analyse wh...
متن کاملA short introduction to two approaches in formal verification of security protocols: model checking and theorem proving
In this paper, we shortly review two formal approaches in verification of security protocols; model checking and theorem proving. Model checking is based on studying the behavior of protocols via generating all different behaviors of a protocol and checking whether the desired goals are satisfied in all instances or not. We investigate Scyther operational semantics as n example of this...
متن کاملWeb Service Choreography Verification Using Z Formal Specification
Web Service Choreography Description Language (WS-CDL) describes and orchestrates the services interactions among multiple participants. WS-CDL verification is essential since the interactions would lead to mismatches. Existing works verify the messages ordering, the flow of messages, and the expected results from collaborations. In this paper, we present a Z specification of WS-CDL. Besides ve...
متن کامل