150 likes | 292 Views
Security Analysis of Web-based Identity Federation. Apurva Kumar IBM Research – India. Context. Challenges. Two contrasting styles . Motivation for Hybrid Approach. Overview of Hybrid Approach. Overview of Hybrid Approach. Forward chaining using BAN logic. Idealization.
E N D
Security Analysis of Web-based Identity Federation Apurva Kumar IBM Research – India
Overview of Hybrid Approach Forward chaining using BAN logic. Idealization BAN fomulae Protocol Spec Correspondence about session and token parameters. Retain only those messages that require possession of keys that are not public. Ignore terms that represent neither secrets nor nonces. Simplified Spec General Protocol Model in Alloy Alloy model incorporating results of BAN analysis. Alloy Analyzer Counter Example Goal Spec
Inference Rules: BAN Operators Believes |, Sees , |~ Says, |=> Controls Message Origin Nonce Verification Jurisdiction Rule 8
New Inference Rules • Rules to associate actions with users. 9