{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,24]],"date-time":"2025-03-24T04:14:26Z","timestamp":1742789666487,"version":"3.40.2"},"reference-count":45,"publisher":"Springer Science and Business Media LLC","issue":"6","license":[{"start":{"date-parts":[[2012,3,24]],"date-time":"2012-03-24T00:00:00Z","timestamp":1332547200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["J Med Syst"],"published-print":{"date-parts":[[2012,12]]},"DOI":"10.1007\/s10916-012-9843-1","type":"journal-article","created":{"date-parts":[[2012,3,23]],"date-time":"2012-03-23T19:43:46Z","timestamp":1332531826000},"page":"3695-3711","source":"Crossref","is-referenced-by-count":3,"title":["Security Analysis of Standards-Driven Communication Protocols for Healthcare Scenarios"],"prefix":"10.1007","volume":"36","author":[{"given":"Massimiliano","family":"Masi","sequence":"first","affiliation":[]},{"given":"Rosario","family":"Pugliese","sequence":"additional","affiliation":[]},{"given":"Francesco","family":"Tiezzi","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2012,3,24]]},"reference":[{"key":"9843_CR1","doi-asserted-by":"crossref","unstructured":"Abadi, M., and Fournet, C., Mobile values, new names, and secure communication. In: POPL, pp. 104\u2013115. ACM, 2001.","DOI":"10.1145\/373243.360213"},{"key":"9843_CR2","unstructured":"ARGE-ELGA, Die \u00f6sterreich elektronische gesundheitsakte. http:\/\/www.arge-elga.at , 2008."},{"key":"9843_CR3","unstructured":"Armando, A., et al., The AVISPA tool for the automated validation of internet security protocols and applications. In: CAV, LNCS, vol. 3576, pp. 281\u2013285. Springer, 2005."},{"key":"9843_CR4","unstructured":"Armando, A., et al., Formal analysis of SAML 2.0 Web browser single sign-on: Breaking the SAML-based single sign-on for Google apps. In: FMSE, pp. 1\u201310. ACM, 2008."},{"key":"9843_CR5","doi-asserted-by":"crossref","unstructured":"Bhargavan, K., Corin, R., Fournet, C., and Gordon, A., Secure sessions for Web services. In: SWS, pp. 56\u201366. ACM, 2004.","DOI":"10.1145\/1111348.1111355"},{"key":"9843_CR6","unstructured":"Bhargavan, K., Fournet, C., Gordon, A., and Pucella, R., TulaFale: A security tool for Web services. In: FMCO, LNCS, vol. 3188, pp. 197\u2013222. Springer, 2004."},{"key":"9843_CR7","unstructured":"Blanchet, B., CryptoVerif: Computationally sound mechanized prover for cryptographic protocols. In: Dagstuhl Seminar \u201cFormal Protocol Verification Applied\u201d, 2007."},{"key":"9843_CR8","doi-asserted-by":"crossref","unstructured":"Bradfield, J., and Stirling, C., Modal logics and mu-calculi: An introduction. Handbook of Process Algebra, pp. 293\u2013330, 2001.","DOI":"10.1016\/B978-044482830-9\/50022-9"},{"key":"9843_CR9","doi-asserted-by":"crossref","unstructured":"Broadfoot, P., and Lowe, G., On distributed security transactions that use secure transport protocols. In: CSFW, pp. 141\u2013151. IEEE Computer Society, 2003.","DOI":"10.1109\/CSFW.2003.1212710"},{"key":"9843_CR10","unstructured":"Clarke, E.M., Grumberg, O., and Peled, D., Model Checking. MIT Press, 1999."},{"issue":"2","key":"9843_CR11","doi-asserted-by":"crossref","first-page":"198","DOI":"10.1109\/TIT.1983.1056650","volume":"29","author":"D Dolev","year":"1983","unstructured":"Dolev, D., and Yao, A., On the security of public key protocols. IEEE Trans. Inf. Theory 29(2):198\u2013207, 1983.","journal-title":"IEEE Trans. Inf. Theory"},{"key":"9843_CR12","unstructured":"EU Commission, M\/403 EN: Standardisation mandate addressed to CEN, CENELEC and ETSI in the field of Information and Communication Technologies. Tech. rep., European Commission Enterprise And Industry Directorate-General (2007). http:\/\/ec.europa.eu\/enterprise\/standards_policy\/mandates\/database\/index.cfm?fuseaction=search.detail&id=363#"},{"key":"9843_CR13","unstructured":"eXtensible Access Control Markup Language TC v2.0 (XACML), Extensible access control markup language (XACML) version 2.0 (2005). http:\/\/docs.oasis-open.org\/xacml\/2.0\/XACML-2.0-OS-NORMATIVE.zip"},{"key":"9843_CR14","unstructured":"Fantechi, A., Gnesi, S., Lapadula, A., Mazzanti, F., Pugliese, R., and Tiezzi, F., A model checking approach for verifying COWS specifications. In: FASE, LNCS, vol. 4961, pp. 230\u2013245. Springer, 2008."},{"key":"9843_CR15","unstructured":"Fidge, C., A Survey of Verification Techniques for Security Protocols. Tech. Rep. 01-22, Software Verification Research Centre, The University of Queensland (2001)"},{"key":"9843_CR16","unstructured":"GIP DMP, Dossier M\u00e9dical Personnel. http:\/\/www.d-m-p.org , 2009."},{"key":"9843_CR17","doi-asserted-by":"crossref","unstructured":"Gro\u00df, T., Security analysis of the SAML single sign-on browser\/artifact profile. In: ACSAC, pp. 298\u2013307. IEEE Computer Society, 2003.","DOI":"10.1109\/CSAC.2003.1254334"},{"key":"9843_CR18","unstructured":"Grumberg, O., and Veith, H. (eds.), 25 years of model checking\u2014History, achievements, perspectives. In: LNCS, vol. 5000. Springer, 2008."},{"key":"9843_CR19","doi-asserted-by":"crossref","unstructured":"Hansen, S., Skriver, J., and Nielson, H., Using static analysis to validate the SAML single sign-on protocol. In: WITS, pp. 27\u201340. ACM, 2005.","DOI":"10.1145\/1045405.1045409"},{"key":"9843_CR20","unstructured":"Health Level Seven organization, Hl7 standards. http:\/\/www.hl7.org , 2009."},{"issue":"1","key":"9843_CR21","doi-asserted-by":"crossref","first-page":"34","DOI":"10.1016\/j.jlap.2006.05.004","volume":"70","author":"J Johnson","year":"2007","unstructured":"Johnson, J., Langworthy, D., Lamport, L., and Vogt, F., Formal specification of a Web services protocol. J. Log. Algebr. Program. 70(1):34\u201352, 2007.","journal-title":"J. Log. Algebr. Program."},{"key":"9843_CR22","doi-asserted-by":"crossref","unstructured":"Kleiner, E., and Roscoe, A., On the relationship between Web services security and traditional protocols. In: MFPS, ENTCS, vol. 155, pp. 583\u2013603. Elsevier, 2006.","DOI":"10.1016\/j.entcs.2005.11.074"},{"key":"9843_CR23","unstructured":"Lamport, L., Specifying systems, the TLA+ language and tools for hardware and software engineers. Addison-Wesley, 2002."},{"key":"9843_CR24","unstructured":"Lamport, L., and Yu, Y., TLC\u2014The TLA+ Model Checker. http:\/\/research.microsoft.com\/en-us\/um\/people\/lamport\/tla\/tlc.html , 2003."},{"issue":"1","key":"9843_CR25","doi-asserted-by":"crossref","first-page":"2","DOI":"10.1016\/j.jal.2011.11.002","volume":"10","author":"R Pugliese","year":"2012","unstructured":"Pugliese, R., and Tiezzi, F., A calculus for orchestration of Web services. J. Applied Logic 10(1):2\u201331, 2012.","journal-title":"J. Applied Logic"},{"key":"9843_CR26","unstructured":"Lapadula, A., Pugliese, R., and Tiezzi, F., Specifying and analysing SOC applications with COWS. In: Concurrency, Graphs and Models, LNCS, vol. 5065, pp. 701\u2013720. Springer, 2008."},{"key":"9843_CR27","doi-asserted-by":"crossref","unstructured":"Lowe, G., A hierarchy of authentication specifications. In: CSFW, pp. 31\u201344. IEEE Computer Society, 1997.","DOI":"10.1109\/CSFW.1997.596782"},{"issue":"1\u20132","key":"9843_CR28","doi-asserted-by":"crossref","first-page":"53","DOI":"10.3233\/JCS-1998-61-204","volume":"6","author":"G Lowe","year":"1998","unstructured":"Lowe, G., Casper: A compiler for the analysis of security protocols. J. Comp. Security 6(1\u20132):53\u201384, 1998.","journal-title":"J. Comp. Security"},{"key":"9843_CR29","first-page":"23","volume":"1","author":"L Ma","year":"2001","unstructured":"Ma, L., and Tsai, J., Formal verification techniques for computer communication security protocols. SE&KE Handbook 1:23\u201346, 2001.","journal-title":"SE&KE Handbook"},{"issue":"9","key":"9843_CR30","doi-asserted-by":"crossref","first-page":"33","DOI":"10.1109\/35.312841","volume":"32","author":"B Neuman","year":"1994","unstructured":"Neuman, B., and Ts\u2019o, T., Kerberos: An authentication service for computer networks. IEEE Comm. Magazine 32(9):33\u201338, 1994.","journal-title":"IEEE Comm. Magazine"},{"key":"9843_CR31","unstructured":"OASIS Security Services TC, Assertions and protocols for the OASIS security assertion markup language (SAML) v2.02. http:\/\/docs.oasis-open.org\/security\/saml\/v2.0\/saml-core-2.0-os.pdf , 2005."},{"key":"9843_CR32","unstructured":"OASIS Security Services TC, Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0. http:\/\/docs.oasis-open.org\/security\/saml\/v2.0\/saml-profiles-2.0-os.pdf , 2005."},{"key":"9843_CR33","unstructured":"OASIS Security Services TC, SAML V2.0 Holder-of-Key Assertion Profile. http:\/\/docs.oasis-open.org\/security\/saml\/Post2.0\/sstc-saml2-holder-of-key-cd-01.pdf , 2009."},{"key":"9843_CR34","unstructured":"OASIS Web Services Security TC, Username token profile v1.1. http:\/\/www.oasis-open.org\/committees\/download.php\/16782\/wss-v1.1-spec-os-UsernameTokenProfile.pdf , 2006."},{"key":"9843_CR35","unstructured":"OASIS Web Services Security TC, WS-Trust 1.3. http:\/\/docs.oasis-open.org\/ws-sx\/ws-trust\/200512\/ws-trust-1.3-os.pdf , 2007."},{"key":"9843_CR36","unstructured":"OASIS WS-BPEL TC, Web Services Business Process Execution Language Version 2.0. http:\/\/docs.oasis-open.org\/wsbpel\/2.0\/OS\/wsbpel-v2.0-OS.html , 2007."},{"key":"9843_CR37","unstructured":"Roessler, T., Yiu, K., Solo, D., Hirsch, F., Reagle, J., and Eastlake, D., XML signature syntax and processing version 1.1. W3C working draft, W3C. http:\/\/www.w3.org\/TR\/2009\/WD-xmldsig-core1-20090730\/ , 2009."},{"key":"9843_CR38","unstructured":"Rogers, T., Hadley, M., and Gudgin, M., Web services addressing 1.0\u2014core. W3C recommendation, W3C. http:\/\/www.w3.org\/TR\/2006\/REC-ws-addr-core-20060509 , 2006."},{"key":"9843_CR39","unstructured":"Tech. rep., Security Analysis of Standards-Driven Communication Protocols for Healthcare Scenarios. http:\/\/dl.dropbox.com\/u\/1952111\/xds-xdm-blind.pdf , 2011."},{"key":"9843_CR40","unstructured":"The Direct Project, Threat Models. http:\/\/wiki.directproject.org\/Threat+Models , 2010."},{"key":"9843_CR41","unstructured":"The epSOS project, A European ehealth project. http:\/\/www.epsos.eu , 2010."},{"key":"9843_CR42","unstructured":"The IHE Initiative, IT Infrastructure Tecnical Framework. http:\/\/www.ihe.net , 2009."},{"key":"9843_CR43","unstructured":"The Nationwide Health Information Network (NHIN), An American eHealth Project. http:\/\/healthit.hhs.gov\/portal\/server.pt , 2009."},{"key":"9843_CR44","unstructured":"The South African Department of Health, EHR project in South Africa. http:\/\/southafrica.usembassy.gov\/root\/pdfs\/pepfar-hmis-docs\/ndoh-e-hr-for-south-africa.pdf , 2009."},{"key":"9843_CR45","unstructured":"US Congress, Health Insurance Portability and Accountability Act. Tech. rep., Department of Health. http:\/\/www.cms.gov\/HIPAAGenInfo\/ , 1996."}],"container-title":["Journal of Medical Systems"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10916-012-9843-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10916-012-9843-1\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10916-012-9843-1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,23]],"date-time":"2025-03-23T21:55:55Z","timestamp":1742766955000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10916-012-9843-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012,3,24]]},"references-count":45,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2012,12]]}},"alternative-id":["9843"],"URL":"https:\/\/doi.org\/10.1007\/s10916-012-9843-1","relation":{},"ISSN":["0148-5598","1573-689X"],"issn-type":[{"type":"print","value":"0148-5598"},{"type":"electronic","value":"1573-689X"}],"subject":[],"published":{"date-parts":[[2012,3,24]]}}}