WebApp Sec mailing list archives
Research paper on WSE Policy Advisor
From: "Andy Gordon" <adg () microsoft com>
Date: Fri, 16 Sep 2005 11:02:43 +0100
Hi, readers of this list may be interested in a new paper we've written describing the architecture of a tool for checking WSE 2 security policies. These are XML config files that determine the security processing of SOAP messages. Title and abstract below; paper and tool available from our project page http://securing.ws Since XML config files are widely used, the idea of a tool to check them as part of security reviews is very natural. Jon Udell has a nice article about this on his blog from last year, where he advocates partially populating a threat model from config files. http://weblog.infoworld.com/udell/2004/05/25.html Can anyone point me to other tools for analyzing config files for security issues? Thanks, Andy An advisor for web services security policies. With K. Bhargavan, C. Fournet, and G. O'Shea. In 2005 ACM Workshop on Secure Web Services (SWS 2005), Washington DC. ACM Press, 2005. We identify common security vulnerabilities found during security reviews of web services with policy-driven security. We describe the design of an advisor for web services security configurations, the first tool both to identify such vulnerabilities automatically and to offer remedial advice. We report on its implementation as a plugin for Microsoft Web Services Enhancements (WSE).
Current thread:
- Research paper on WSE Policy Advisor Andy Gordon (Sep 16)