Reference : The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-...
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures
Armando, Alessandro [> >]
Arsac, Wihem [> >]
Avanesov, Tigran mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Barletta, Michele [> >]
Calvi, Alberto [> >]
Cappai, Alessandro [> >]
Carbone, Roberto [> >]
Chevalier, Yannick [> >]
Compagna, Luca [> >]
Cuéllar, Jorge [> >]
Erzse, Gabriel [> >]
Frau, Simone [> >]
Minea, Marius [> >]
Mödersheim, Sebastian [> >]
Oheimb, David [> >]
Pellegrino, Giancarlo [> >]
Ponta, Serenaelisa [> >]
Rocchetto, Marco [> >]
Rusinowitch, Michael [> >]
Torabi Dashti, Mohammad [> >]
Turuani, Mathieu [> >]
Viganò, Luca [> >]
Proceedings of 18th International Conference "Tools and Algorithms for the Construction and Analysis of Systems", as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2012, Tallinn, Estonia, March 24 - April 1, 2012.
Springer Berlin Heidelberg
18th International Conference, TACAS 2012,
March 24 - April 1, 2012
[en] The AVANTSSAR Platform is an integrated toolset for the formal specification and automated validation of trust and security of service-oriented architectures and other applications in the Internet of Services. The platform supports application-level specification languages (such as BPMN and our custom languages) and features three validation backends (CL-AtSe, OFMC, and SATMC), which provide a range of complementary automated reasoning techniques (including service orchestration, compositional reasoning, model checking, and abstract interpretation). We have applied the platform to a large number of industrial case studies, collected into the AVANTSSAR Library of validated problem cases. In doing so, we unveiled a number of problems and vulnerabilities in deployed services. These include, most notably, a serious flaw in the SAML-based Single Sign-On for Google Apps (now corrected by Google as a result of our findings). We also report on the migration of the platform to industry.
7214 2012
Proceedings of 18th International Conference, TACAS 2012, Lecture Notes in Computer Science

File(s) associated to this reference

Fulltext file(s):

Limited access
tacas12.pdfPublisher postprint297.57 kBRequest a copy

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.