WSEmail: secure Internet messaging based on Web services

Home medical devices enable individuals to monitor some of their own health information without the need for visits by nurses or trips to medical facilities. This enables more continuous information to be provided at lower cost and will lead to better healthcare outcomes. The technology depends on network communication of sensitive health data. Requirements for reliability and ease-of-use provide challenges for securing these communications. In this paper we look at protocols for the drop-box architecture, an approach to assisted living that relies on a partially-trusted Assisted Living Service Provider (ALSP). We sketch the requirements and architecture for assisted living based on this architecture and describe its communication protocols. In particular, we give a detailed description of its report and alarm transmission protocols and give an automated proof of correspondence theorems for them. Our formulation shows how to characterize the partial trust vested in the ALSP and use the existing tools to verify this partial trust. AbstractHome medical devices enable individuals to monitor some of their own health information without the need for visits by nurses or trips to medical facilities. This enables more continuous information to be provided at lower cost and will lead to better healthcare outcomes. The technology depends on network communication of sensitive health data. Requirements for reliability and ease-of-use provide challenges for securing these communications. In this paper we look at protocols for the drop-box architecture, an approach to assisted living that relies on a partiallytrusted Assisted Living Service Provider (ALSP). We sketch the requirements and architecture for assisted living based on this architecture and describe its communication protocols. In particular, we give a detailed description of its report and alarm transmission protocols and give an automated proof of correspondence theorems for them. Our formulation shows how to characterize the partial trust vested in the ALSP and use the existing tools to verify this partial trust.

show abstract

“…We adapt the following notation from previous work by the authors in Lug, et al [22]. We assume knowledge of public key certificates.…”

Section: Report and Alarm Protocolsmentioning

confidence: 99%

“…The approach taken to formal methods in this work builds on our work on WSEmail [22], for which we formalized a single protocol and proved a correspondence theorem. Here we have undertaken the formalization and verification of two arguably more complex protocols and proven more complicated theorems.…”

Section: Related Workmentioning

confidence: 99%

Securing the drop-box architecture for assisted living

May

Shin

Gunter

et al. 2006

Proceedings of the Fourth ACM Workshop on Formal Methods in Security

View full text Add to dashboard Cite

show abstract

“…It is effective for standards XML files such as WSDL files, but the authors did not consider how to handle some headers security functions such as OASIS UsernameToken authentication (Bhargavan et al, 2004;Bhargavan and Gordon, 2017;Bhargavan et al, 2007;Lux et al, 2005).…”

Section: Tulafalementioning

confidence: 99%

“…• Send a service request from a requestor to the registry • Send information from the registry to the requestor; • Allow the requestor to bind to the service provider and run the web service (Mainka et al, 2012;Al-Jaroodi and Al-Dhaheri, 2011;Bhargavan et al, 2007) It is important to mention that SOAP is essential for all web services and communication between banking eservices (Hariharan and Babu, 2014;Lux et al, 2005;Keen et al, 2017).…”

Section: Simple Object Access Protocol (Soap) [D]mentioning

confidence: 99%

SSOAM: Automated Security Testing Framework for SOA Middleware in Banking Domain

Al-Fayoumi¹,

Hamad²,

Al-Saraireh³

2018

Journal of Computer Science

View full text Add to dashboard Cite

Abstract:In the banking domain, a high level of security must be considered and achieved to prevent a core-banking system from vulnerabilities and attackers. This is especially true when implementing Service Oriented Architecture Middleware (SOAM), which enables all banking e-services to be connected in a unified way and then allows banking e-services to transmit and share information using simple Object Access Protocol (SOAP). The main challenge in this research is that SOAP is designed without security in mind and there are no security testing tools that guarantee a secure SOAM solution in all its layers. Thus, this paper studies and analyzes the importance of implementing secure banking SOAM design architecture and of having an automated security testing framework. Therefore, Secure SOAM (SSOAM) is proposed, which works in parallel with the banking production environment. SSOAM contains a group of integrated security plugins that are responsible for scanning, finding, analyzing and fixing vulnerabilities and also forecasting new vulnerabilities and attacks in all banking SOAM layers.

show abstract

“…This approach has been followed in modeling many protocols (e.g., [3,4,9,13,18,19,37,39]). Techniques from the programming-language literature, such as typing, have been employed for proofs, sometimes with substantial extensions or variations; specialpurpose techniques have also been developed and exploited, as in the tool ProVerif on which we rely below (e.g., [2,10,23,24,28,33,36]).…”

Section: The Wmf Protocol In the Pi Calculusmentioning

confidence: 99%