The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures

Abstract : The AVANTSSAR Platform is an integrated toolset for the formal specification and automated validation of trust and security of service-oriented architectures and other applications in the Internet of Services. The platform supports application-level specification languages (such as BPMN and our custom languages) and features three validation backends (CL-AtSe, OFMC, and SATMC), which provide a range of complementary automated reasoning techniques (including service orchestration, compositional reasoning, model checking, and abstract interpretation). We have applied the platform to a large number of industrial case studies, collected into the AVANTSSAR Library of validated problem cases. In doing so, we unveiled a number of problems and vulnerabilities in deployed services. These include, most notably, a serious flaw in the SAML-based Single Sign-On for Google Apps (now corrected by Google as a result of our findings). We also report on the migration of the platform to industry.
Type de document :
Communication dans un congrès
Cormac Flanagan and Barbara Konig. Tools and Algorithms for the Construction and Analysis of Systems - 18th International Conference, TACAS 2012, Mar 2012, Tallinn, Estonia. Springer, 7214, pp.267-282, 2012, Lecture Notes in Computer Science. 〈10.1007/978-3-642-28756-5_19〉
Liste complète des métadonnées

https://hal.inria.fr/hal-00759725
Contributeur : Michaël Rusinowitch <>
Soumis le : dimanche 2 décembre 2012 - 15:30:24
Dernière modification le : jeudi 11 janvier 2018 - 06:24:26

Identifiants

Citation

Alessandro Armando, Wihem Arsac, Tigran Avanesov, Michele Barletta, Alberto Calvi, et al.. The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures. Cormac Flanagan and Barbara Konig. Tools and Algorithms for the Construction and Analysis of Systems - 18th International Conference, TACAS 2012, Mar 2012, Tallinn, Estonia. Springer, 7214, pp.267-282, 2012, Lecture Notes in Computer Science. 〈10.1007/978-3-642-28756-5_19〉. 〈hal-00759725〉

Partager

Métriques

Consultations de la notice

432