Toggle Main Menu Toggle Search

Open Access padlockePrints

The Rigorous Implementation of a Fair Exchange Protocol for Non-repudiable Web Service Interactions - a case study

Lookup NU author(s): Dr Nick Cook, Dr Paul Robinson, Emeritus Professor Santosh Shrivastava

Downloads

Full text for this publication is not currently held within this repository. Alternative links are provided below where available.


Abstract

The correct implementation of security protocols is a challenging task. To achieve a high degree of confidence in an implementation, as with any software, ideally one requires both: (i) a formal specification that has been subjected to verification, and (ii) tool support to generate an implementation from the verified specification. The formal specification and verification of security protocols has attracted considerable attention, with corresponding advances. However, the state of the art in the generation of implementations has not progressed beyond relatively simple protocols. This paper presents a case study on the implementation of a deterministically fair non-repudiation protocol. Such protocols are among the most complex of security protocols. Sub-protocols are typically required to guarantee timely termination. A trusted third party must be involved to guarantee fairness. Finally, to satisfy requirements such as non-repudiable audit, significant infrastructure support is needed. The case study demonstrates an improved approach to protocol implementation. Starting with a formal specification, a rigorous process with considerable tool support leads to the deployment of a protocol implementation in a flexible Web services-based execution framework. The paper concludes with an evaluation of the approach.


Publication metadata

Author(s): Cook N, Robinson P, Shrivastava S

Editor(s): Oria, V., Elmagarmid, A., Lochovsky, F. et al.

Publication type: Conference Proceedings (inc. Abstract)

Publication status: Published

Conference Name: Second International Workshop on Services Engineering (SEIW 2007). In conjunction with the IEEE 23rd International Conference on Data Engineering (ICDE'07)

Year of Conference: 2007

Pages: 307-314

Publisher: IEEE

URL: http://dx.doi.org/10.1109/ICDEW.2007.4401010

DOI: 10.1109/ICDEW.2007.4401010

Library holdings: Search Newcastle University Library for this item

ISBN: 9781424408313


Share