The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures

Alessandro, Armando; Wihem, Arsac; Tigran, Avanesov; Michele, Barletta; Alberto, Calvi; Alessandro, Cappai; Roberto, Carbone; Yannick, Chevalier; Luca, Compagna; Jorge, Cuellar; Gabriel, Erzse; Simone, Frau; Marius, Minea; Sebastian, Moedersheim; David, von Oheimb; Giancarlo, Pellegrino; Serena, Elisa Ponta; Marco, Rocchetto; Michael, Rusinowitch; Mohammad, Torabi Dashti; Mathieu, Turuani; Luca, Vigano'

doi:10.1007/978-3-642-28756-5_19

CATALOGO DEI PRODOTTI DELLA RICERCA

IRIS è la soluzione IT che facilita la raccolta e la gestione dei dati relativi alle attività e ai prodotti della ricerca. Fornisce a ricercatori, amministratori e valutatori gli strumenti per monitorare i risultati della ricerca, aumentarne la visibilità e allocare in modo efficace le risorse disponibili.

The AVANTSSAR Platform is an integrated toolset for the formal specification and automated validation of trust and security of service-oriented architectures and other applications in the Internet of Services. The platform supports application-level specification languages (such as BPMN and our custom languages) and features three validation backends (CL-AtSe, OFMC, and SATMC), which provide a range of complementary automated reasoning techniques (including service orchestration, compositional reasoning, model checking, and abstract interpretation). We have applied the platform to a large number of industrial case studies, collected into the AVANTSSAR Library of validated problem cases. In doing so, we unveiled a number of problems and vulnerabilities in deployed services. These include, most notably, a serious flaw in the SAML-based Single Sign-On for Google Apps (now corrected by Google as a result of our findings). We also report on the migration of the platform to industry.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11562/435188

Titolo:	The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures
Autori interni:	BARLETTA, Michele CALVI, Alberto Rocchetto, Marco VIGANO', Luca
Data di pubblicazione:	2012
Abstract:	The AVANTSSAR Platform is an integrated toolset for the formal specification and automated validation of trust and security of service-oriented architectures and other applications in the Internet of Services. The platform supports application-level specification languages (such as BPMN and our custom languages) and features three validation backends (CL-AtSe, OFMC, and SATMC), which provide a range of complementary automated reasoning techniques (including service orchestration, compositional reasoning, model checking, and abstract interpretation). We have applied the platform to a large number of industrial case studies, collected into the AVANTSSAR Library of validated problem cases. In doing so, we unveiled a number of problems and vulnerabilities in deployed services. These include, most notably, a serious flaw in the SAML-based Single Sign-On for Google Apps (now corrected by Google as a result of our findings). We also report on the migration of the platform to industry.
Handle:	http://hdl.handle.net/11562/435188
ISBN:	9783642287558
Appare nelle tipologie:	04.01 Contributo in atti di convegno

File in questo prodotto:

Non ci sono file associati a questo prodotto.

Citazioni
ND

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.