No . 502 Rev . 1 . 0 Symbolic and Cryptographic Analysis of the Secure WS - ReliableMessaging Scenario ( Extended Version ) ?
نویسندگان
چکیده
Web services are an important series of industry standards for adding semantics to web-based and XML-based communication, in particular among enterprises. Like the entire series, the security standards and proposals are highly modular. Combinations of several standards are put together for testing as interoperability scenarios, and these scenarios are likely to evolve into industry best practices. In the terminology of security research, the interoperability scenarios correspond to security protocols. Hence, it is desirable to analyze them for security. In this paper, we analyze the security of the new Secure WS-ReliableMessaging Scenario, the first scenario to combine security elements with elements of another quality-of-service standard. We do this both symbolically and cryptographically. The results of both analyses are positive. The discussion of actual cryptographic primitives of web services security is a novelty of independent interest in this paper.
منابع مشابه
Technical Report No . 502 Rev . 1 . 0 Symbolic and Cryptographic Analysis of the Secure WS - ReliableMessaging Scenario ( Extended Version ) ?
Web services are an important series of industry standards for adding semantics to web-based and XML-based communication, in particular among enterprises. Like the entire series, the security standards and proposals are highly modular. Combinations of several standards are put together for testing as interoperability scenarios, and these scenarios are likely to evolve into industry best practic...
متن کاملSymbolic and Cryptographic Analysis of the Secure WS-ReliableMessaging Scenario
Web services are an important series of industry standards for adding semantics to web-based and XML-based communication, in particular among enterprises. Like the entire series, the security standards and proposals are highly modular. Combinations of several standards are put together for testing as interoperability scenarios, and these scenarios are likely to evolve into industry best practic...
متن کاملInteroperability and Functionality of WS-* Implementations
Recently, the Web Services Interoperability Organization (WS-I) has announced to have completed its interoperability standards work. The latest deliverables include the so-called “Basic Security Profile” and the “Reliable Secure Profile”. This gives rise to the question whether or not Web Services adopters can rely on interoperability and functionality of Web Services stacks, in particular in t...
متن کاملSide-Channel Attacks meet Secure Network Protocols (Full Version)
Side-channel attacks are powerful tools for breaking systems that implement cryptographic algorithms. The Advanced Encryption Standard (AES) is widely used to secure data, including the communication within various network protocols. Major cryptographic libraries such as OpenSSL or ARM mbed TLS include at least one implementation of the AES. In this paper, we show that most implementations of t...
متن کاملA Framework and Language Support for Dynamic Security Policy in Service-Oriented Architecture
In today’s global network-based environment, where mission-critical applications typically run on highly distributed systems, customers expect reliable, available, and secure services. Supporting security becomes an important issue in service-oriented architecture (SOA). This paper describes how to simultaneously support both dynamic security policies and separation of concerns when developing ...
متن کامل