Related projects :

Design by Minimalistic Design

Powered By GForge Collaborative Development Environment

Copyright 2010 INRIA

Vérification de la sécurité des services Web:

politiques de contrôle d'accès et firewalls XML

Ce projet est financé par le programme STIC Tunisie, DGRSRT et INRIA.

Objectifs

XML and Web services (WS) are major and widely adopted standards for the automatic management of distributed information and web transactions. Web services provide a standardised way that support interoperable machine to machine interaction over the Internet, based on XML messages, between various applications and data sources.

While providing advanced business functionality over the Internet, Web services introduce significant security consideration and challenges that need to be managed, as threats becomes more important. Security is a critical issue for Web services, because the Internet is an insecure and untrustable public network infrastructure, where the information available has different levels of confidentiality. A service consumer may invoke web services using false identity, access Web services with insufficient permissions and gain confidential information, or weaken web services reliability, e.g., using an XML message based denial of service attack. Thus, security consideration becomes very critical for the successful deployment of service-oriented systems.

In this project, we focus on two important aspects of Web services security: XML Access Control Policies (ACP) and XML Firewalling. XML ACP specify the authorizations to access some parts of XML documents, and XML firewalls are network appliances that filter XML messages targeted to Web Services, according to their contents.

Our goal is to provide users and administrators some methods and tools to assist them in the development, the validation and the maintenance of XML ACPs and XML firewall configurations. One argument generally agreed is that these tasks are highly error prone and that entirely manual management is impossible. We are planing to address this problem by the development of automatic solutions based on formal models and formal methods for the analysis and error correction of XML ACP and XML firewall configurations.

Read more...

Texte de la proposition.

Mots clés

méthodes formelles, services Web, contrôle d'accès, firewalls XML.

Équipes