research-article

Open access

Verifying policy-based web services security

Authors:

Karthikeyan Bhargavan,

Cédric Fournet,

Andrew D. GordonAuthors Info & Claims

ACM Transactions on Programming Languages and Systems (TOPLAS), Volume 30, Issue 6

Article No.: 30, Pages 1 - 59

https://doi.org/10.1145/1391956.1391957

Published: 30 October 2008 Publication History

Abstract

WS-SecurityPolicy is a declarative language for configuring web services security mechanisms. We describe a formal semantics for WS-SecurityPolicy and propose a more abstract language for specifying secure links between web services and their clients. We present the architecture and implementation of tools that (1) compile policy files from link specifications, and (2) verify by invoking a theorem prover whether a set of policy files run by any number of senders and receivers correctly implements the goals of a link specification, in spite of active attackers. Policy-driven web services implementations are prone to the usual subtle vulnerabilities associated with cryptographic protocols; our tools help prevent such vulnerabilities. We can verify policies when first compiled from link specifications, and also re-verify policies against their original goals after any modifications during deployment. Moreover, we present general security theorems for all configurations that rely on compiled policies.

References

[1]

Abadi, M. and Fournet, C. 2001. Mobile values, new names, and secure communication. In Proceedings of the 28th ACM Symposium on Principles of Programming Languages (POPL'01). ACM, New York, 104--115.

Digital Library

[2]

Allamigeon, X. and Blanchet, B. 2005. Reconstruction of attacks against cryptographic protocols. In Proceedings of the 18th IEEE Computer Security Foundations Workshop (CSFW-18) (Aix-en-Provence, France). IEEE Computer Society Press, Los Alamitos, CA, 140--154.

Digital Library

[3]

Bhargavan, K., Corin, R., Fournet, C., and Gordon, A. D. 2006a. Secure sessions for web services. ACM Trans. Inform. Syst. Secu. (TISSEC) 10, 8 (May).

Digital Library

[4]

Bhargavan, K., Fournet, C., and Gordon, A. D. 2005a. A semantics for web services authentication. Theor. Comput. Sci. 340, 1 (June), 102--153. (See also Microsoft Research Technical Report MSR-TR-2003-83).

Digital Library

[5]

Bhargavan, K., Fournet, C., and Gordon, A. D. 2005b. Verifying policy-based security for web services. Tech. Rep. MSR--TR--2004--84, Microsoft Research. Nov.

[6]

Bhargavan, K., Fournet, C., and Gordon, A. D. 2006b. Policy advisor for WSE 3.0. In Web Service Security: Scenarios, patterns, and implementation guidance for Web Services Enhancements (WSE) 3.0. Microsoft Press, 324--330.

[7]

Bhargavan, K., Fournet, C., and Gordon, A. D. 2006c. Verified reference implementations of WS-Security protocols. In Proceedings of the 3rd International Workshop on Web Services and Formal Methods (WS-FM 2006). Lecture Notes in Computer Science, vol. 4184. Springer-Verlag, New York, 88--106.

Digital Library

[8]

Bhargavan, K., Fournet, C., Gordon, A. D., and O'Shea, G. 2005c. An advisor for web services security policies. In Proceedings of the 2005 ACM Workshop on Secure Web Services (SWS). 1--9. Tool download available from http://Securing.WS.

Digital Library

[9]

Bhargavan, K., Fournet, C., Gordon, A. D., and Pucella, R. 2004. TulaFale: A security tool for web services. In Proceedings of the International Symposium on Formal Methods for Components and Objects (FMCO'03). Lecture Notes in Computer Science, vol. 3188. Springer-Verlag, New York, 197--222. Tool download available from http://Securing.WS.

[10]

Bhargavan, K., Fournet, C., Gordon, A. D., and Swamy, N. 2008. Verified implementations of the Information Card federated identity-management protocol. In Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS'08). ACM, New York, 123--135.

Digital Library

[11]

Bhargavan, K., Fournet, C., Gordon, A. D., and Tse, S. 2006d. Verified interoperable implementations of security protocols. In Proceedings of the 19th IEEE Computer Security Foundations Workshop (CSFW'06). IEEE Computer Society Press, Los Alamitos, CA, 139--152.

Digital Library

[12]

Blanchet, B. 2001. An efficient cryptographic protocol verifier based on Prolog rules. In Proceedings of the 14th IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, Los Alamitos, CA, 82--96.

Digital Library

[13]

Blanchet, B. 2002. From secrecy to authenticity in security protocols. In Proceedings of the 9th International Static Analysis Symposium (SAS'02). Lecture Notes in Computer Science, vol. 2477. Springer-Verlag, New York, 342--359.

Digital Library

[14]

Blanchet, B., Abadi, M., and Fournet, C. 2005. Automated verification of selected equivalences for security protocols. In Proceedings of the 20th IEEE Symposium on Logic in Computer Science (LICS 2005) (Chicago, IL). IEEE Computer Society Press, Los Alamitos, CA, 331--340.

Digital Library

[15]

Box, D., Christensen, E., Curbera, F., Ferguson, D., Frey, J., Hadley, M., Kaler, C., Langworthy, D., Leymann, F., Lovering, B., Lucco, S., Millet, S., Mukhi, N., Nottingham, M., Orchard, D., Shewchuk, J., Sindambiwe, E., Storey, T., Weerawarana, S., and Winkler, S. 2004. Web Services Addressing (WS-Addressing). W3C Submission.

[16]

Box, D., Curbera, F., Hondo, M., Kaler, C., Langworthy, D., Nadalin, A., Nagaratnam, N., Nottingham, M., von Riegen, C., and Shewchuk, J. 2003a. Web services policy framework (WS-Policy).

[17]

Box, D., Hondo, M., Kaler, C., Maruyama, H., Nadalin, A., Nagaratnam, N., Patrick, P., von Riegen, C., and Shewchuk, J. 2003b. Web services policy assertions language (WS-PolicyAssertions).

[18]

Della-Libera, G., Hallam-Baker, P., Hondo, M., Janczuk, T., Kaler, C., Maruyama, H., Nagaratnam, N., Nash, A., Philpott, R., Prafullchandra, H., Shewchuk, J., Waingold, E., and Zolfonoon, R. 2002. Web services security policy language (WS-SecurityPolicy). Version 1.0.

[19]

Dierks, T. and Rescorla, E. 2006. The Transport Layer Security (TLS) Protocol Version 1.1. RFC 4346, Internet Engineering Task Force Proposed Standard.

[20]

Dolev, D. and Yao, A. 1983. On the security of public key protocols. IEEE Trans. Inform. Theory IT--29, 2, 198--208.

Digital Library

[21]

Eastlake, D., Reagle, J., Imamura, T., Dillaway, B., and Simon, E. 2002a. XML Encryption Syntax and Processing. W3C Recommendation.

[22]

Eastlake, D., Reagle, J., Solo, D., Bartel, M., Boyer, J., Fox, B., LaMacchia, B., and Simon, E. 2002b. XML-Signature Syntax and Processing. W3C Recommendation.

[23]

Gordon, A. D. and Jeffrey, A. 2003. Authenticity by typing for security protocols. J. Comput. Secur. 11, 4, 451--521.

Digital Library

[24]

Gordon, A. D. and Pucella, R. 2005. Validating a web service security abstraction by typing. Formal Aspects of Comput. 17, 277--318.

[25]

Guttman, J. D. and Herzog, A. L. 2005. Rigorous automated network security management. Int. J. Inform. Secur. 4, 1--2, 29--48.

Digital Library

[26]

Lowe, G. 2002. Analyzing protocols subject to guessing attacks. In Proceedings of the Workshop on Issues in the Theory of Security (WITS'02). Portland, Oregon.

[27]

Lukell, S., Veldman, C., and Hutchison, A. C. M. 2003. Automated attack analysis and code generation in a multi-dimensional security protocol engineering framework. In Proceedings of the Southern African Telecommunication Networks and Applications Conference (SATNAC).

[28]

Microsoft Corporation 2004. Web Services Enhancements (WSE) 2.0. Microsoft Corporation.

[29]

Muller, F. and Millen, J. 2001. Cryptographic protocol generation from CAPSL. Tech. Rep. SRI--CSL--01--07, SRI.

[30]

Nadalin, A., Griffin, P., Kaler, C., Hallam-Baker, P., and Monzillo, R. 2004a. Web Services Security: UsernameToken Profile 1.0. OASIS Standard.

[31]

Nadalin, A., Kaler, C., Hallam-Baker, P., and Monzillo, R. 2004b. Web Services Security: SOAP Message Security 1.0 (WS-Security 2004). OASIS Standard.

[32]

Nadalin, A., Kaler, C., Hallam-Baker, P., and Monzillo, R. 2006. Web Services Security: SOAP Message Security 1.1 (WS-Security 2004). OASIS Standard.

[33]

Nadalin, A., Goodner, M., Gudgin, M., Barbir, A., and Granqvist, H. 2007. WS-SecurityPolicy 1.2. OASIS Standard.

[34]

Needham, R. and Schroeder, M. 1978. Using encryption for authentication in large networks of computers. Commun. ACM 21, 12, 993--999.

Digital Library

[35]

Perrig, A., Song, D., and Phan, D. 2001. AGVI -- Automatic generation, verification, and implementation of security protocols. In Proceedings of the 13th Conference on Computer Aided Verification (CAV). Lecture Notes in Computer Science. Springer-Verlag, New York, 241--245.

Digital Library

[36]

Pozza, D., Sisto, R., and Durante, L. 2004. Spi2Java: automatic cryptographic protocol Java code generation from spi calculus. In Proceedings of the 18th International Conference on Advanced Information Networking and Applications (AINA 2004). Vol. 1. 400--405.

Digital Library

[37]

Tatsubori, M., Imamura, T., and Nakamura, Y. 2004. Best practice patterns and tool support for configuring secure web services messaging. In Proceedings of the International Conference on Web Services (ICWS'04). 244--251.

Digital Library

[38]

W3C. 1999. XML Path Language (XPath) Version 1.0. W3C. W3C Recommendation.

[39]

W3C. 2003. SOAP Version 1.2. W3C. W3C Recommendation.

[40]

Woo, T. and Lam, S. 1993. A semantic model for authentication protocols. In Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, 178--194.

Digital Library

[41]

Zheng, L., Chong, S., Myers, A. C., and Zdancewic, S. 2003. Using replication and partitioning to build secure distributed systems. In Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, 236--250.

Digital Library

Cited By

Su ZBiennier FLv ZPeng YSong HMiao J(2022)Toward Architectural and Protocol-Level Foundation for End-to-End Trustworthiness in Cloud/Fog ComputingIEEE Transactions on Big Data10.1109/TBDATA.2017.27054188:1(35-47)Online publication date: 1-Feb-2022
https://doi.org/10.1109/TBDATA.2017.2705418
Bartolini CBertolino ALonetti FMarchetti E(2012)Approaches to Functional, Structural and Security SOA TestingPerformance and Dependability in Service Computing10.4018/978-1-60960-794-4.ch017(381-401)Online publication date: 2012
https://doi.org/10.4018/978-1-60960-794-4.ch017
Michlmayr ARosenberg FLeitner PDustdar S(2012)Selective Service Provenance in the VRESCo RuntimeWeb Service Composition and New Frameworks in Designing Semantics10.4018/978-1-4666-1942-5.ch017(372-394)Online publication date: 2012
https://doi.org/10.4018/978-1-4666-1942-5.ch017
Show More Cited By

Index Terms

Verifying policy-based web services security

Recommendations

Verifying policy-based security for web services
CCS '04: Proceedings of the 11th ACM conference on Computer and communications security

WS-SecurityPolicy is a declarative configuration language for driving web services security mechanisms. We describe a formal semantics for WS-SecurityPolicy, and propose a more abstract link language for specifying the security goals of web services and ...
An advisor for web services security policies
SWS '05: Proceedings of the 2005 workshop on Secure web services

We identify common security vulnerabilities found during security reviews of web services with policy-driven security. We describe the design of an advisor for web services security configurations, the first tool both to identify such vulnerabilities ...
Web Services Policies

In addition to the basic Web services architecture, various specifications already exist for adding security, reliable messaging, and transaction mechanisms to Web services messages. All of these include numerous options to let them meet various ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Programming Languages and Systems

ACM Transactions on Programming Languages and Systems Volume 30, Issue 6

October 2008

245 pages

ISSN:0164-0925

EISSN:1558-4593

DOI:10.1145/1391956

Issue’s Table of Contents

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 October 2008

Accepted: 01 April 2008

Revised: 01 December 2007

Received: 01 December 2005

Published in TOPLAS Volume 30, Issue 6

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
1,303
Total Downloads

Downloads (Last 12 months)33
Downloads (Last 6 weeks)7

Reflects downloads up to 21 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Su ZBiennier FLv ZPeng YSong HMiao J(2022)Toward Architectural and Protocol-Level Foundation for End-to-End Trustworthiness in Cloud/Fog ComputingIEEE Transactions on Big Data10.1109/TBDATA.2017.27054188:1(35-47)Online publication date: 1-Feb-2022
https://doi.org/10.1109/TBDATA.2017.2705418
Bartolini CBertolino ALonetti FMarchetti E(2012)Approaches to Functional, Structural and Security SOA TestingPerformance and Dependability in Service Computing10.4018/978-1-60960-794-4.ch017(381-401)Online publication date: 2012
https://doi.org/10.4018/978-1-60960-794-4.ch017
Michlmayr ARosenberg FLeitner PDustdar S(2012)Selective Service Provenance in the VRESCo RuntimeWeb Service Composition and New Frameworks in Designing Semantics10.4018/978-1-4666-1942-5.ch017(372-394)Online publication date: 2012
https://doi.org/10.4018/978-1-4666-1942-5.ch017
Yeom GTsai WBai XLee Y(2011)A design of policy-based composite web services QoS monitoring systemInternational Journal of Critical Computer-Based Systems10.1504/IJCCBS.2011.0389512:1(79-91)Online publication date: 1-Mar-2011
https://dl.acm.org/doi/10.1504/IJCCBS.2011.038951
Yang TKu CYen DLin Y(2010)Utilizing the interactive techniques to achieve automated service composition for Web ServicesJournal of High Speed Networks10.5555/1971866.197187117:4(219-236)Online publication date: 1-Dec-2010
https://dl.acm.org/doi/10.5555/1971866.1971871
Michlmayr ARosenberg FLeitner PDustdar S(2010)Selective Service Provenance in the VRESCo RuntimeInternational Journal of Web Services Research10.4018/jwsr.20100401047:2(65-86)Online publication date: 1-Apr-2010
https://doi.org/10.4018/jwsr.2010040104
Bai XLiu YWang LTsai WZhong P(2009)Model-Based Monitoring and Policy Enforcement of ServicesProceedings of the 2009 Congress on Services - I10.1109/SERVICES-I.2009.103(789-796)Online publication date: 6-Jul-2009
https://dl.acm.org/doi/10.1109/SERVICES-I.2009.103
Michlmayr ARosenberg FLeitner PDustdar S(2009)Service Provenance in QoS-Aware Web Service RuntimesProceedings of the 2009 IEEE International Conference on Web Services10.1109/ICWS.2009.32(115-122)Online publication date: 6-Jul-2009
https://dl.acm.org/doi/10.1109/ICWS.2009.32
Rossi SMacedonio D(2009)Information flow security for service compositions2009 International Conference on Ultra Modern Telecommunications & Workshops10.1109/ICUMT.2009.5345455(1-8)Online publication date: Oct-2009
https://doi.org/10.1109/ICUMT.2009.5345455
Kammergruber WViermetz MZiegler C(2009)Discovering Communities of Interest in a Tagged On-Line EnvironmentProceedings of the 2009 International Conference on Computational Aspects of Social Networks10.1109/CASoN.2009.22(143-148)Online publication date: 24-Jun-2009
https://dl.acm.org/doi/10.1109/CASoN.2009.22
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents