TulaFale: A Security Tool for Web Services

TulaFale is a new specification language for writing machine-checkable descriptions of SOAP-based security protocols and their properties. TulaFale is based on the pi calculus (for writing collections of SOAP processors running in parallel), plus XML syntax (to express SOAP messaging), logical predicates (to construct and filter SOAP messages), and correspondence assertions (to specify authentication goals of protocols). Our implementation compiles TulaFale into the applied pi calculus, and then runs Blanchet's resolution-based protocol verifier. Hence, we can automatically verify authentication and secrecy properties of SOAP protocols. This release includes scripts, documentation and example policies from our recent papers "Secure Sessions for Web Services" and "Verifying Policy-based Security for Web Services."


File NameTulaFale.msi
Date Published15 May 2006
Download Size2.24 MB