{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,4]],"date-time":"2025-05-04T08:40:02Z","timestamp":1746348002824,"version":"3.40.4"},"publisher-location":"Cham","reference-count":30,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319113784"},{"type":"electronic","value":"9783319113791"}],"license":[{"start":{"date-parts":[[2014,1,1]],"date-time":"2014-01-01T00:00:00Z","timestamp":1388534400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-319-11379-1_10","type":"book-chapter","created":{"date-parts":[[2014,8,20]],"date-time":"2014-08-20T03:14:54Z","timestamp":1408504494000},"page":"192-211","source":"Crossref","is-referenced-by-count":5,"title":["A Lightweight Formal Approach for Analyzing Security of Web Protocols"],"prefix":"10.1007","author":[{"given":"Apurva","family":"Kumar","sequence":"first","affiliation":[]}],"member":"297","reference":[{"issue":"1","key":"10_CR1","doi-asserted-by":"publisher","first-page":"102","DOI":"10.1145\/1044731.1044735","volume":"52","author":"M. Abadi","year":"2005","unstructured":"Abadi, M., Blanchet, B.: Analyzing security protocols with secrecy types and logic programs. Journal of the ACM (JACM)\u00a052(1), 102\u2013146 (2005)","journal-title":"Journal of the ACM (JACM)"},{"key":"10_CR2","doi-asserted-by":"crossref","unstructured":"Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Proceedings of the 28th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 104\u2013115. ACM (2001)","DOI":"10.1145\/373243.360213"},{"key":"10_CR3","doi-asserted-by":"crossref","unstructured":"Abadi, M., Tuttle, M.: A semantics for a logic of authentication. In: Proceedings of the Tenth Annual ACM Symposium on Principles of Distributed Computing, pp. 201\u2013216. ACM (1991)","DOI":"10.1145\/112600.112618"},{"key":"10_CR4","doi-asserted-by":"crossref","unstructured":"Akhawe, D., Barth, A., Lam, P., Mitchell, J., Song, D.: Towards a formal foundation of web security. In: Proceedings of 23rd IEEE Computer Security Foundations Symposium, pp. 290\u2013304. IEEE (2010)","DOI":"10.1109\/CSF.2010.27"},{"key":"10_CR5","doi-asserted-by":"crossref","unstructured":"Armando, A., Carbone, R., Compagna, L., Cuellar, J., Tobarra, L.: Formal analysis of SAML 2.0 web browser single sign-on: Breaking the SAML-based single sign-on for Google Apps. In: Proceedings of the 6th ACM Workshop on Formal Methods in Security Engineering, pp. 1\u201310. ACM (2008)","DOI":"10.1145\/1456396.1456397"},{"key":"10_CR6","series-title":"Lecture Notes in Artificial Intelligence","doi-asserted-by":"publisher","first-page":"730","DOI":"10.1007\/978-3-540-30227-8_68","volume-title":"Logics in Artificial Intelligence","author":"A. Armando","year":"2004","unstructured":"Armando, A., Compagna, L.: SATMC: A SAT-based model checker for security protocols. In: Alferes, J.J., Leite, J. (eds.) JELIA 2004. LNCS (LNAI), vol.\u00a03229, pp. 730\u2013733. Springer, Heidelberg (2004)"},{"key":"10_CR7","doi-asserted-by":"crossref","unstructured":"Bansal, C., Bhargavan, K., Maffeis, S.: Discovering concrete attacks on website authorization by formal analysis. In: 2012 IEEE 25th Computer Security Foundations Symposium (CSF), pp. 247\u2013262. IEEE (2012)","DOI":"10.1109\/CSF.2012.27"},{"issue":"4","key":"10_CR8","doi-asserted-by":"crossref","first-page":"363","DOI":"10.3233\/JCS-2009-0339","volume":"17","author":"B. Blanchet","year":"2009","unstructured":"Blanchet, B.: Automatic verification of correspondences for security protocols. Journal of Computer Security\u00a017(4), 363\u2013434 (2009)","journal-title":"Journal of Computer Security"},{"key":"10_CR9","first-page":"86","volume":"5","author":"B. Blanchet","year":"2011","unstructured":"Blanchet, B.: Using Horn clauses for analyzing security protocols. Formal Models and Techniques for Analyzing Security Protocols\u00a05, 86\u2013111 (2011)","journal-title":"Formal Models and Techniques for Analyzing Security Protocols"},{"issue":"1","key":"10_CR10","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1016\/j.jlap.2007.06.002","volume":"75","author":"B. Blanchet","year":"2008","unstructured":"Blanchet, B., Abadi, M., Fournet, C.: Automated verification of selected equivalences for security protocols. Journal of Logic and Algebraic Programming\u00a075(1), 3\u201351 (2008)","journal-title":"Journal of Logic and Algebraic Programming"},{"key":"10_CR11","doi-asserted-by":"crossref","unstructured":"Blanchet, B., et al.: An efficient cryptographic protocol verifier based on Prolog rules. In: Proceedings of the 14th IEEE workshop on Computer Security Foundations, pp. 82\u201396 (2001)","DOI":"10.1109\/CSFW.2001.930138"},{"issue":"1","key":"10_CR12","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1145\/77648.77649","volume":"8","author":"M. Burrows","year":"1990","unstructured":"Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Transactions on Computer Systems\u00a08(1), 18\u201336 (1990)","journal-title":"ACM Transactions on Computer Systems"},{"key":"10_CR13","unstructured":"Cantor, S., Kemp, I., Philpott, N., Maler, E.: Assertions and protocols for the OASIS Security Assertion Markup Language V2.0. OASIS Standard (March 2005)"},{"key":"10_CR14","unstructured":"Cervesato, I., Durgin, N.A., Lincoln, P., Mitchell, J.C., Scedrov, A.: A meta-notation for protocol analysis. In: Proceedings of the 12th IEEE Computer Security Foundations Workshop, pp. 55\u201369. IEEE (1999)"},{"key":"10_CR15","unstructured":"Craigen, D., Saaltink, M.: Using EVES to analyze authentication protocols. Technical Report TR-96-5508-05, pp. 6\u201355 (1996)"},{"key":"10_CR16","doi-asserted-by":"crossref","unstructured":"Cremers, C.: Unbounded verification, falsification, and characterization of security protocols by pattern refinement. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 119\u2013128. ACM (2008)","DOI":"10.1145\/1455770.1455787"},{"key":"10_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"70","DOI":"10.1007\/978-3-642-02002-5_5","volume-title":"Formal to Practical Security","author":"C.J.F. Cremers","year":"2009","unstructured":"Cremers, C.J.F., Lafourcade, P., Nadeau, P.: Comparing state spaces in automatic security protocol analysis. In: Cortier, V., Kirchner, C., Okada, M., Sakurada, H. (eds.) Formal to Practical Security. LNCS, vol.\u00a05458, pp. 70\u201394. Springer, Heidelberg (2009)"},{"issue":"2","key":"10_CR18","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1109\/TIT.1983.1056650","volume":"29","author":"D. Dolev","year":"1983","unstructured":"Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory\u00a029(2), 198\u2013208 (1983)","journal-title":"IEEE Transactions on Information Theory"},{"key":"10_CR19","unstructured":"Durgin, N., Lincoln, P., Mitchell, J., Scedrov, A.: Undecidability of bounded security protocols. In: Proceedings of the Workshop on Formal Methods and Security Protocols (1999)"},{"key":"10_CR20","doi-asserted-by":"crossref","unstructured":"F\u00e1brega, F., Herzog, J., Guttman, J.: Strand spaces: Why is a security protocol correct? In: Proceedings of 1998 IEEE Symposium on Research in Security and Privacy, pp. 160\u2013171. IEEE (1998)","DOI":"10.21236\/ADA459060"},{"key":"10_CR21","unstructured":"Hammer-Lahav, E., Recordon, D., Hardt, D.: The OAuth 2.0 authorization protocol. tools.ietf.org\/html\/ietf-oauth-v2-31, 8 (2011)"},{"issue":"2","key":"10_CR22","doi-asserted-by":"publisher","first-page":"256","DOI":"10.1145\/505145.505149","volume":"11","author":"D. Jackson","year":"2002","unstructured":"Jackson, D.: Alloy: A lightweight object modelling notation. ACM Transactions on Software Engineering and Methodology (TOSEM)\u00a011(2), 256\u2013290 (2002)","journal-title":"ACM Transactions on Software Engineering and Methodology (TOSEM)"},{"key":"10_CR23","unstructured":"Kindred, D., Wing, J.: Fast, automatic checking of security protocols. In: Proceedings of 2nd Workshop on Electronic Commerce, pp. 41\u201352. USENIX (1996)"},{"key":"10_CR24","doi-asserted-by":"crossref","unstructured":"Kumar, A.: Model driven security analysis of IDaaS protocols. In: Kappel, G., Maamar, Z., Motahari-Nezhad, H.R. (eds.) ICSOC 2011. LNCS, vol.\u00a07084, pp. 312\u2013327. Springer, Heidelberg (2011)","DOI":"10.1007\/978-3-642-25535-9_21"},{"key":"10_CR25","doi-asserted-by":"crossref","unstructured":"Kumar, A.: Using automated model analysis for reasoning about security of web protocols. In: Proceedings of 28th Annual Computer Security Applications Conference, ACSAC 2012, pp. 289\u2013298 (2012)","DOI":"10.1145\/2420950.2420993"},{"issue":"2","key":"10_CR26","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1145\/382258.382789","volume":"24","author":"D. Nessett","year":"1990","unstructured":"Nessett, D.: A critique of the Burrows, Abadi and Needham logic. ACM SIGOPS Operating Systems Review\u00a024(2), 35\u201338 (1990)","journal-title":"ACM SIGOPS Operating Systems Review"},{"key":"10_CR27","doi-asserted-by":"crossref","unstructured":"Recordon, D., Reed, D.: OpenID 2.0: A platform for user-centric identity management. In: Proceedings of the Second ACM Workshop on Digital Identity Management, pp. 11\u201316. ACM (2006)","DOI":"10.1145\/1179529.1179532"},{"key":"10_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1007\/3-540-63104-6_12","volume-title":"Automated Deduction - CADE-14","author":"J. Schumann","year":"1997","unstructured":"Schumann, J.: Automatic verification of cryptographic protocols with SETHEO. In: McCune, W. (ed.) CADE 1997. LNCS, vol.\u00a01249, pp. 87\u2013100. Springer, Heidelberg (1997)"},{"issue":"1\/2","key":"10_CR29","doi-asserted-by":"crossref","first-page":"47","DOI":"10.3233\/JCS-2001-91-203","volume":"9","author":"D. Song","year":"2001","unstructured":"Song, D., Berezin, S., Perrig, A.: Athena: A novel approach to efficient automatic security protocol analysis. Journal of Computer Security\u00a09(1\/2), 47\u201374 (2001)","journal-title":"Journal of Computer Security"},{"key":"10_CR30","doi-asserted-by":"crossref","unstructured":"Syverson, P., Van Oorschot, P.: On unifying some cryptographic protocol logics. In: Proceedings of 1994 IEEE Symposium on Research in Security and Privacy, pp. 14\u201328. IEEE (1994)","DOI":"10.21236\/ADA465512"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions and Defenses"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-11379-1_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,4]],"date-time":"2025-05-04T08:27:06Z","timestamp":1746347226000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-11379-1_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783319113784","9783319113791"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-11379-1_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2014]]}}}