Towards Formal Validation of Trust and Security in the Internet of Services

Service designers and developers, while striving to meet the requirements posed by application scenarios, have a hard time to assess the trust and security impact of an option, a minor change, a combination of functionalities, etc., due to the subtle and unforeseeable situations and behaviors that can arise from this panoply of choices. This often results in the release of flawed products to end-users. This issue can be significantly mitigated by empowering designers and developers with tools that offer easy to use graphical interfaces and notations, while employing established verification techniques to efficiently tackle industrial-size problems. The formal verification of trust and security of the Internet of Services will significantly boost its development and public acceptance.

[1]  Alessandro Armando,et al.  Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps , 2008, FMSE '08.

[2]  Stephan Merz,et al.  Model Checking , 2000 .

[3]  Graham Steel,et al.  Attacking and fixing PKCS#11 security tokens , 2010, CCS '10.

[4]  Alessandro Armando,et al.  From Multiple Credentials to Browser-Based Single Sign-On: Are We More Secure? , 2011, SEC.

[5]  Dusko Pavlovic,et al.  Secure Protocol Composition , 2003, MFPS.

[6]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[7]  Frank D. Valencia,et al.  Formal Methods for Components and Objects , 2002, Lecture Notes in Computer Science.

[8]  Luca Padovani,et al.  Formal Methods for Web Services , 2009, Lecture Notes in Computer Science.

[9]  Annapaola Marconi,et al.  Synthesis and Composition of Web Services , 2009, SFM.

[10]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[11]  Peter Øhrstrøm,et al.  Temporal Logic , 1994, Lecture Notes in Computer Science.

[12]  Yaron Goland,et al.  Web Services Business Process Execution Language , 2009, Encyclopedia of Database Systems.

[13]  Flemming Nielson,et al.  Static validation of security protocols , 2005, J. Comput. Secur..

[14]  Peng Ning,et al.  Computer Security - ESORICS 2009, 14th European Symposium on Research in Computer Security, Saint-Malo, France, September 21-23, 2009. Proceedings , 2009, ESORICS.

[15]  Jaime G. Carbonell,et al.  Automated Deduction — CADE-16 , 2002, Lecture Notes in Computer Science.

[16]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[17]  Sebastian Mödersheim Abstraction by set-membership: verifying security protocols and web services with databases , 2010, CCS '10.

[18]  Philip Wadler Call-by-Value Is Dual to Call-by-Name - Reloaded , 2005, RTA.

[19]  Véronique Cortier,et al.  Safely composing security protocols , 2009, Formal Methods Syst. Des..

[20]  Manuel Mazzara,et al.  A pi-calculus based semantics for WS-BPEL , 2007, J. Log. Algebraic Methods Program..

[21]  Andrew D. Gordon,et al.  TulaFale: A Security Tool for Web Services , 2003, FMCO.

[22]  Sebastian Mödersheim,et al.  Secure Pseudonymous Channels , 2009, ESORICS.

[23]  Alessandro Armando,et al.  LTL model checking for security protocols , 2009, J. Appl. Non Class. Logics.

[24]  Alasdair Urquhart,et al.  Temporal Logic , 1971 .

[25]  Sebastian Mödersheim,et al.  The Open-Source Fixed-Point Model Checker for Symbolic Analysis of Security Protocols , 2009, FOSAD.

[26]  Véronique Cortier,et al.  Protocol Composition for Arbitrary Primitives , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[27]  Mathieu Turuani,et al.  The CL-Atse Protocol Analyser , 2006, RTA.

[28]  Véronique Cortier,et al.  New Decidability Results for Fragments of First-Order Logic and Application to Cryptographic Protocols , 2003, RTA.

[29]  Frank Wolter,et al.  Handbook of Modal Logic , 2007, Studies in logic and practical reasoning.

[30]  Christoph Weidenbach System Description: Spass Version 1.0.0 , 1999, CADE.

[31]  Andrew D. Gordon,et al.  Verified Reference Implementations of WS-Security Protocols , 2006, WS-FM.

[32]  Yannick Chevalier,et al.  Automatic Composition of Services with Security Policies , 2008, 2008 IEEE Congress on Services - Part I.

[33]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.