Data di Pubblicazione:
2009
Citazione:
Static Detection of Logic Flaws in Service-Oriented Applications / Bodei, C; Brodo, Linda; Bruni, R.. - LNCS 5511:(2009), pp. 70-87. ( Foundations and Applications of Security Analysis, Workshop on Automated Reasoning York, UK March, 28-29).
Abstract:
Application or business logic, used in the development of
services, has to do with the operations that define the application functionalities
and not with the platform ones. Often security problems can
be found at this level, because circumventing or misusing the required
operations can lead to unexpected behaviour or to attacks, called application
logic attacks. We investigate this issue, by using the CaSPiS
calculus to model services, and by providing a Control Flow Analysis
able to detect and prevent some possible misuses.
services, has to do with the operations that define the application functionalities
and not with the platform ones. Often security problems can
be found at this level, because circumventing or misusing the required
operations can lead to unexpected behaviour or to attacks, called application
logic attacks. We investigate this issue, by using the CaSPiS
calculus to model services, and by providing a Control Flow Analysis
able to detect and prevent some possible misuses.
Tipologia CRIS:
4.1 Contributo in Atti di convegno
Elenco autori:
Bodei, C; Brodo, Linda; Bruni, R.
Link alla scheda completa:
Titolo del libro:
Joint Workshop on Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security, ARSPA-WITS 2009
Pubblicato in: