| US 7,559,080 B2 | ||
| Automatically generating security policies for web services | ||
| Karthikeyan Bhargavan, Cambridge (United Kingdom); Cedric Fournet, Cambridge (United Kingdom); Andrew Donald Gordon, Cambridge (United Kingdom); and Christopher G. Kaler, Sammamish, Wash. (US) | ||
| Assigned to Microsoft Corporation, Redmond, Wash. (US) | ||
| Filed on Dec. 29, 2004, as Appl. No. 11/25,375. | ||
| Claims priority of provisional application 60/568138, filed on May 04, 2004. | ||
| Prior Publication US 2005/0251853 A1, Nov. 10, 2005 | ||
| Int. Cl. G06F 21/00 (2006.01) | ||
| U.S. Cl. 726—1 [713/151; 713/168] | 18 Claims |
| 1. A computer-implemented method comprising:
describing one or more links between one or more endpoints with an abstract link description such that, for each link of the
one or more links, one or more security goals associated with exchange of message(s) between the one or more endpoints associated
with the link are described, the one or more endpoints hosting respective principals networked in a distributed operating
environment;
automatically generating, from the abstract link description, detailed security policies for enforcement during exchange of
messages between the one or more endpoints; and
in response to a request for a communication between a first endpoint of the one or more endpoints and a second endpoint of
the one or more endpoints, the first endpoint and the second endpoint being Simple Object Access Protocol (SOAP) processors:
automatically generating a model from the detailed security policies,
automatically evaluating the model to determine whether the detailed security policies are secure in a distributed operating
environment,
allowing the communication when the detailed security policies are secure in the distributed operating environment, and
denying the communication and outputting a counterexample when the detailed security policies are not secure in the distributed
operating environment.
|