scispace - formally typeset
Search or ask a question
Author

Gregorio Díaz

Bio: Gregorio Díaz is an academic researcher from University of Castilla–La Mancha. The author has contributed to research in topics: Web service & Web modeling. The author has an hindex of 14, co-authored 65 publications receiving 692 citations.


Papers
More filters
Book ChapterDOI
01 Sep 2005
TL;DR: This paper shows how to translate Web Services described by WS-CDL into a timed automata orchestration, and more specifically in Web services with time restrictions.
Abstract: In this paper we show how we can translate Web Services described by WS-CDL into a timed automata orchestration, and more specifically we are interested in Web services with time restrictions. Our starting point are Web Services descriptions written in WSBPEL- WSCDL (XML-based description languages). These descriptions are then automatically translated into timed automata, and then, we use a well known tool that supports this formalism (UPPAAL) to simulate and analyse the system behaviour. As illustration we take a particular case study, an airline ticket reservation system.

71 citations

Journal ArticleDOI
TL;DR: This paper shows how to use formal methods for describing and analyzing the behavior of Web Services, and more specifically those including time restrictions, by using a well known tool that supports this formalism (UPPAAL).

59 citations

Journal ArticleDOI
TL;DR: An approach for the validation and verification of Web services choreographies, and more specifically, for those composite Web services systems with timing restrictions, by using the generated timed automata of WS-CDL (Web Services Choreography Description Language).

49 citations

Proceedings ArticleDOI
19 Feb 2006
TL;DR: The aim is to generate correct WS-BPEL skeleton documents from WS-CDL documents by using the Timed Automata as an intermediary model in order to check the correctness of the generated Web Services with Model Checking Techniques.
Abstract: In previous work we have presented the generation of WS-CDL and WS-BPEL documents. In this paper we show the unification of both generations. The aim is to generate correct WS-BPEL skeleton documents from WS-CDL documents by using the Timed Automata as an intermediary model in order to check the correctness of the generated Web Services with Model Checking Techniques. The model checker used is UPPAAL, a well known tool in theoretical and industrial cases that performs the verification and validation of Timed Automata. Note that our interest is focused on Web services where the time constraints play a critical role.

45 citations

Proceedings ArticleDOI
14 Mar 2004
TL;DR: A way to use Formal Methods to ensure the e-commerce properties of Transport Layer Security (TLS) by using a known tool for Model Checking (UPPAAL) to describe and analyze the behaviour of the protocol (by means of timed automata).
Abstract: E-commerce is based on transactions between client and server agents These transactions require a protocol that provides privacy and reliability between these two agents A widely used protocol on e-commerce is Transport Layer Security (TLS) In this paper we present a way to use Formal Methods to ensure the e-commerce properties of this protocol Specifically we use a known tool for Model Checking (UPPAAL) to describe and analyze the behaviour of the protocol (by means of timed automata) Thus, with this tool we can make an automatic verification of TLS

36 citations


Cited by
More filters
Book ChapterDOI
01 Jan 2004
TL;DR: This chapter introduces web services and explains their role in Microsoft’s vision of the programmable web and removes some of the confusion surrounding technical terms like WSDL, SOAP, and UDDI.
Abstract: Microsoft has promoted ASP.NET’s new web services more than almost any other part of the.NET Framework. But despite their efforts, confusion is still widespread about what a web service is and, more importantly, what it’s meant to accomplish. This chapter introduces web services and explains their role in Microsoft’s vision of the programmable web. Along the way, you’ll learn about the open standards plumbing that allows web services to work and removes some of the confusion surrounding technical terms like WSDL (Web Service Description Language), SOAP, and UDDI (universal description, discovery, and integration).

546 citations

Journal ArticleDOI
05 Jul 2015
TL;DR: Control of Discrete-event Systems provides a survey of the most important topics in the discrete-event systems theory with particular focus on finite-state automata, Petri nets and max-plus algebra.
Abstract: Control of Discrete-event Systems provides a survey of the most important topics in the discrete-event systems theory with particular focus on finite-state automata, Petri nets and max-plus algebra. Coverage ranges from introductory material on the basic notions and definitions of discrete-event systems to more recent results. Special attention is given to results on supervisory control, state estimation and fault diagnosis of both centralized and distributed/decentralized systems developed in the framework of the Distributed Supervisory Control of Large Plants (DISC) project. Later parts of the text are devoted to the study of congested systems though fluidization, an over approximation allowing a much more efficient study of observation and control problems of timed Petri nets. Finally, the max-plus algebraic approach to the analysis and control of choice-free systems is also considered. Control of Discrete-event Systems provides an introduction to discrete-event systems for readers that are not familiar with this class of systems, but also provides an introduction to research problems and open issues of current interest to readers already familiar with them. Most of the material in this book has been presented during a Ph.D. school held in Cagliari, Italy, in June 2011. This book constitutes the refereed proceedings of the Third International Workshop on Tools and Algorithms for the Construction and Analysis of Systems, TACAS '97, held in Enschede, The Netherlands, in April 1997. The book presents 20 revised full papers and 5 tool demonstrations carefully selected out of 54 submissions; also included are two extended abstracts and a full paper corresponding to invited talks. The papers are organized in topical sections on space reduction techniques, tool demonstrations, logical techniques, verification support, specification and analysis, and theorem proving, model checking and applications. The refereed proceedings of the 24th International Conference on Applications and Theory of Petri Nets, ICATPN 2003, held in Eindhoven, The Netherlands, in June 2003. The 25 revised full papers presented together with 6 invited contributions were carefully reviewed and selected from 77 submissions. All current issues on research and development in the area of Petri nets are addressed, in particular concurrent systems design and analysis, model checking, networking, business process modeling, formal methods in software engineering, agent systems, systems specification, systems validation, discrete event systems, protocols, and prototyping. The contents of this volume are application oriented. The volume contains a de tailed presentation of 19 applications of CP-nets, covering a broad range of ap plication areas. Most of the projects have been carried out in an industrial set ting.

315 citations

Proceedings Article
12 Aug 2015
TL;DR: This approach can catch an interesting class of implementation flaws that is apparently common in security protocol implementations: in three of the TLS implementations analysed new security flaws were found (in GnuTLS, the Java Secure Socket Extension, and OpenSSL).
Abstract: We describe a largely automated and systematic analysis of TLS implementations by what we call 'protocol state fuzzing': we use state machine learning to infer state machines from protocol implementations, using only blackbox testing, and then inspect the inferred state machines to look for spurious behaviour which might be an indication of flaws in the program logic. For detecting the presence of spurious behaviour the approach is almost fully automatic: we automatically obtain state machines and any spurious behaviour is then trivial to see. Detecting whether the spurious behaviour introduces exploitable security weaknesses does require manual investigation. Still, we take the point of view that any spurious functionality in a security protocol implementation is dangerous and should be removed. We analysed both server- and client-side implementations with a test harness that supports several key exchange algorithms and the option of client certificate authentication. We show that this approach can catch an interesting class of implementation flaws that is apparently common in security protocol implementations: in three of the TLS implementations analysed new security flaws were found (in GnuTLS, the Java Secure Socket Extension, and OpenSSL). This shows that protocol state fuzzing is a useful technique to systematically analyse security protocol implementations. As our analysis of different TLS implementations resulted in different and unique state machines for each one, the technique can also be used for fingerprinting TLS implementations.

204 citations

Proceedings ArticleDOI
19 May 2013
TL;DR: A verified reference implementation of TLS 1.2 is developed, including security specifications for its main components, such as authenticated stream encryption for the record layer and key establishment for the handshake, and typecheck the protocol state machine.
Abstract: TLS is possibly the most used protocol for secure communications, with a 18-year history of flaws and fixes, ranging from its protocol logic to its cryptographic design, and from the Internet standard to its diverse implementations. We develop a verified reference implementation of TLS 1.2. Our code fully supports its wire formats, ciphersuites, sessions and connections, re-handshakes and resumptions, alerts and errors, and data fragmentation, as prescribed in the RFCs; it interoperates with mainstream web browsers and servers. At the same time, our code is carefully structured to enable its modular, automated verification, from its main API down to computational assumptions on its cryptographic algorithms. Our implementation is written in F# and specified in F7. We present security specifications for its main components, such as authenticated stream encryption for the record layer and key establishment for the handshake. We describe their verification using the F7 typechecker. To this end, we equip each cryptographic primitive and construction of TLS with a new typed interface that captures its security properties, and we gradually replace concrete implementations with ideal functionalities. We finally typecheck the protocol state machine, and obtain precise security theorems for TLS, as it is implemented and deployed. We also revisit classic attacks and report a few new ones.

189 citations