Experiments and proofs in web-service security

Sheniar, Dawood and Hadaad, Nabeel and Martin, David and Addie, Ron and Abdulla, Shahab (2018) Experiments and proofs in web-service security. In: 28th International Telecommunication Networks and Application Conference: Experiments and Proofs in Web-service Security (ITNAC 2018), 21-23 Nov 2018, Sydney, Australia.

[img]
Preview
Text (Accepted Version)
Experiments and Proofs in Web-service Security-Dawood.pdf

Download (215Kb) | Preview

Abstract

Many web services have a subsystem for allowing users to register, authenticate, reset their password, and change personal details. It is important that such subsystems cannot be abused by attackers to gain access to the accounts of other users. We study a system which was initially prone to such attacks. Specific attacks are demonstrated and the system is then modified to prevent such attacks in future. The design achieved in this way is then analysed to show that it can't be broken in future unless users allow their email to he intercepted. This is achieved by formulating the requirement as a statement of the user's expectations of the system and then analysing the source code of the system to prove that it meets these requirements. The process of attack, correction, and formulation of security rules, and proof that rules hold, is proposed as a methodical security design philosophy.


Statistics for USQ ePrint 35880
Statistics for this ePrint Item
Item Type: Conference or Workshop Item (Commonwealth Reporting Category E) (Paper)
Refereed: Yes
Item Status: Live Archive
Additional Information: Accepted version deposited in accordance with the copyright policy of the publisher.
Faculty/School / Institute/Centre: Current - Open Access College
Date Deposited: 03 May 2019 06:23
Last Modified: 24 Jun 2019 05:38
Uncontrolled Keywords: web service security, security design, password reset, security rules, stakeholder analysis
Fields of Research : 08 Information and Computing Sciences > 0802 Computation Theory and Mathematics > 080201 Analysis of Algorithms and Complexity
Socio-Economic Objective: E Expanding Knowledge > 97 Expanding Knowledge > 970108 Expanding Knowledge in the Information and Computing Sciences
Funding Details:
Identification Number or DOI: 10.1109/ATNAC.2018.8615367
URI: http://eprints.usq.edu.au/id/eprint/35880

Actions (login required)

View Item Archive Repository Staff Only