The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures

Alessandro, Armando; Wihem, Arsac; Tigran, Avanesov; Barletta, Michele; Calvi, Alberto; Alessandro, Cappai; Roberto, Carbone; Yannick, Chevalier; Luca, Compagna; Jorge, Cuellar; Gabriel, Erzse; Simone, Frau; Marius, Minea; Sebastian, Moedersheim; David von Oheimb,; Giancarlo, Pellegrino; Serena Elisa Ponta,; Rocchetto, Marco; Michael, Rusinowitch; Mohammad Torabi Dashti,; Mathieu, Turuani; Vigano', Luca

doi:10.1007/978-3-642-28756-5_19

The AVANTSSAR Platform is an integrated toolset for the formal specification and automated validation of trust and security of service-oriented architectures and other applications in the Internet of Services. The platform supports application-level specification languages (such as BPMN and our custom languages) and features three validation backends (CL-AtSe, OFMC, and SATMC), which provide a range of complementary automated reasoning techniques (including service orchestration, compositional reasoning, model checking, and abstract interpretation). We have applied the platform to a large number of industrial case studies, collected into the AVANTSSAR Library of validated problem cases. In doing so, we unveiled a number of problems and vulnerabilities in deployed services. These include, most notably, a serious flaw in the SAML-based Single Sign-On for Google Apps (now corrected by Google as a result of our findings). We also report on the migration of the platform to industry.

Titolo:	The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures
Autori:	Alessandro Armando Wihem Arsac Tigran Avanesov BARLETTA, Michele CALVI, Alberto Alessandro Cappai Roberto Carbone Yannick Chevalier Luca Compagna Jorge Cuellar Gabriel Erzse Simone Frau Marius Minea Sebastian Moedersheim David von Oheimb Giancarlo Pellegrino Serena Elisa Ponta Rocchetto, Marco Michael Rusinowitch Mohammad Torabi Dashti Mathieu Turuani VIGANO', Luca mostra contributor esterni nascondi contributor esterni
Data di pubblicazione:	2012
Abstract:	The AVANTSSAR Platform is an integrated toolset for the formal specification and automated validation of trust and security of service-oriented architectures and other applications in the Internet of Services. The platform supports application-level specification languages (such as BPMN and our custom languages) and features three validation backends (CL-AtSe, OFMC, and SATMC), which provide a range of complementary automated reasoning techniques (including service orchestration, compositional reasoning, model checking, and abstract interpretation). We have applied the platform to a large number of industrial case studies, collected into the AVANTSSAR Library of validated problem cases. In doing so, we unveiled a number of problems and vulnerabilities in deployed services. These include, most notably, a serious flaw in the SAML-based Single Sign-On for Google Apps (now corrected by Google as a result of our findings). We also report on the migration of the platform to industry.
Handle:	http://hdl.handle.net/11562/435188
ISBN:	9783642287558
Appare nelle tipologie:	04.01 Contributo in atti di convegno

File in questo prodotto:

Non ci sono file associati a questo prodotto.

Utilizza questo identificativo per citare o creare un link a questo documento:
http://hdl.handle.net/11562/435188

Citazioni

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

CATALOGO DEI PRODOTTI DELLA RICERCA

File in questo prodotto: