TulaFale: A Security Tool for Web Services

14 years 4 months ago

Download pauillac.inria.fr

Web services security speciﬁcations are typically expressed as a mixture of XML schemas, example messages, and narrative explanations. We propose a new speciﬁcation language for writing complementary machine-checkable descriptions of SOAP-based security protocols and their properties. Our TulaFale language is based on the pi calculus (for writing collections of SOAP processors running in parallel), plus XML syntax (to express SOAP messaging), logical predicates (to construct and ﬁlter SOAP messages), and correspondence assertions (to specify authentication goals of protocols). Our implementation compiles TulaFale into the applied pi calculus, and then runs Blanchet’s resolution-based protocol veriﬁer. Hence, we can automatically verify authentication properties of SOAP protocols. 1 Verifying Web Services Security Web services are a wide-area distributed systems technology, based on asynchronous exchanges of XML messages conforming to the SOAP message format [BEK+ 00,W3C03]. T...

Karthikeyan Bhargavan, Cédric Fournet, Andr

Real-time Traffic

FMCO 2003 | SOAP Messages | SOAP-based Security Protocols | Web Services Security |

claim paper

Post Info
More Details (n/a)

Added	06 Jul 2010
Updated	06 Jul 2010
Type	Conference
Year	2003
Where	FMCO
Authors	Karthikeyan Bhargavan, Cédric Fournet, Andrew D. Gordon, Riccardo Pucella

Comments (0)

Sciweavers

TulaFale: A Security Tool for Web Services

FMCO 2003 | SOAP Messages | SOAP-based Security Protocols | Web Services Security |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers