Skip to Main content Skip to Navigation
Conference papers

Towards an Automatic Analysis of Web Service Security

Yannick Chevalier 1 Denis Lugiez 2 Michael Rusinowitch 3
1 IRIT-LILaC - Logique, Interaction, Langue et Calcul
IRIT - Institut de recherche en informatique de Toulouse
3 CASSIS - Combination of approaches to the security of infinite states systems
FEMTO-ST - Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies (UMR 6174), INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : Web services send and receive messages in XML syntax with some parts hashed, encrypted or signed, according to the WS-Security standard. We have introduced a model to formally describe the protocols that underly these services, their security properties and the rewriting attacks they might be subject to. Unlike other protocol models (in symbolic analysis) ours can handle non-deterministic receive/send actions and unordered sequence of XML nodes. Then to detect the attacks we have to consider the services as combining multiset operators and cryptographic ones and we have to solve specific satisfiability problems in the combined theory. By an extension of the combination techniques we obtain a decision procedure for insecurity of Web services with messages built using encryption, signature, and other cryptographic primitives. This combination technique allows one to decide insecurity in a modular way by reducing the associated constraint solving problems to problems in simpler theories.
Document type :
Conference papers
Complete list of metadatas
Contributor : Michaël Rusinowitch <>
Submitted on : Wednesday, January 19, 2011 - 5:38:00 PM
Last modification on : Wednesday, October 14, 2020 - 3:47:02 AM

Links full text



Yannick Chevalier, Denis Lugiez, Michael Rusinowitch. Towards an Automatic Analysis of Web Service Security. 6th International Symposium on Frontiers of Combining Systems - FroCoS'07, Sep 2007, Liverpool, United Kingdom. pp.133-147, ⟨10.1007/978-3-540-74621-8_9⟩. ⟨inria-00557707⟩



Record views