PUMA
Istituto di Scienza e Tecnologie dell'Informazione     
Ter Beek M. H., Moiso C., Petrocchi M. Towards Security Analyses of an Identity Federation Protocol for Web Services in Convergent Networks. The document has been submitted to Conference: The Third Advanced International Conference on Telecommunications (AICT'07), Technical report, 2006.
 
 
Abstract
(English)
We describe a formal approach to the analysis of security aspects of an identity federation protocol for web services in convergent networks. This network protocol was proposed by Telecom Italia as a solution to allow end users to access services on the web through different access networks without explicitly providing any credentials, while the service providers can trust the user's identity information provided by the access networks and access some user data. As a first step towards a full-blown formal security analysis of the protocol, we specify three user scenarios in the process algebra Crypto-CCS and verify the vulnerability of one of these specifications w.r.t. a man-in-the-middle attack with the model checker PaMoChSA.
Subject Formal methods, model checking, security analysis, web services,network protocols
C.2.2 Network Protocols. Protocol verification
D.2.4 Software/Program Verification. Model checking


Icona documento 1) Download Document PDF


Icona documento Open access Icona documento Restricted Icona documento Private

 


Per ulteriori informazioni, contattare: Librarian http://puma.isti.cnr.it

Valid HTML 4.0 Transitional