The Rigorous Implementation of a Fair Exchange Protocol for Non-repudiable Web Service Interactions - a case study

  1. Lookup NU author(s)
  2. Dr Nick Cook
  3. Dr Paul Robinson
  4. Emeritus Professor Santosh Shrivastava
Author(s)Cook N, Robinson P, Shrivastava S
Editor(s)Oria, V., Elmagarmid, A., Lochovsky, F. et al.
Publication type Conference Proceedings (inc. Abstract)
Conference NameSecond International Workshop on Services Engineering (SEIW 2007). In conjunction with the IEEE 23rd International Conference on Data Engineering (ICDE'07)
Conference LocationIstanbul, Turkey
Year of Conference2007
Legacy Date17-20 April 2007
Volume
Pages307-314
ISBN9781424408313
Full text for this publication is not currently held within this repository. Alternative links are provided below where available.
The correct implementation of security protocols is a challenging task. To achieve a high degree of confidence in an implementation, as with any software, ideally one requires both: (i) a formal specification that has been subjected to verification, and (ii) tool support to generate an implementation from the verified specification. The formal specification and verification of security protocols has attracted considerable attention, with corresponding advances. However, the state of the art in the generation of implementations has not progressed beyond relatively simple protocols. This paper presents a case study on the implementation of a deterministically fair non-repudiation protocol. Such protocols are among the most complex of security protocols. Sub-protocols are typically required to guarantee timely termination. A trusted third party must be involved to guarantee fairness. Finally, to satisfy requirements such as non-repudiable audit, significant infrastructure support is needed. The case study demonstrates an improved approach to protocol implementation. Starting with a formal specification, a rigorous process with considerable tool support leads to the deployment of a protocol implementation in a flexible Web services-based execution framework. The paper concludes with an evaluation of the approach.
PublisherIEEE
URLhttp://dx.doi.org/10.1109/ICDEW.2007.4401010
DOI10.1109/ICDEW.2007.4401010
ActionsLink to this publication
Library holdingsSearch Newcastle University Library for this item