Abstract
Security protocol participants are software and/or hardware agents that are — as with any system — potentially vulnerable to failure. Protocol analysis should extend not just to an analysis of the protocol specification, but also to its implementation and configuration in its target environment. However, an in-depth formal analysis that considers the behaviour and interaction of all components in their environment is not feasible in practice.
This paper considers the analysis of protocol deployment rather than implementation. Instead of concentrating on detailed semantics and formal verification of the protocol and implementation, we are concerned more with with the ability to trace, at a practical level of abstraction, how the protocol deployment, that is, the configuration of the protocol components, relate to each other and the overall protocol goals. We believe that a complete security verification of a system is not currently achievable in practice and seek some degree of useful feedback from an analysis that a particular protocol deployment is reasonable.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bella, G., Bistarelli, S.: Soft constraint programming to analysing security protocols. Theory and Practice of Logic Programming 4(5), 1–28 (2004)
Bella, G.: Formal Correctness of Security Protocols. In: Information Security and Cryptography. Springer, Heidelberg (2007)
Bistarelli, S.: Semirings for Soft Constraint Solving and Programming. LNCS, vol. 2962. Springer, Heidelberg (2004)
Bond, M., Anderson, R.: API-level attacks on embedded systems. Computer 34(10), 67–75 (2001)
Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)
Foley, S.N.: Conduit cascades and secure synchronization. In: Proceedings of ACM New Security Paradigms Workshop (2000)
Foley, S.N., Bistarelli, S., O’Sullivan, B., Herbert, J., Swart, G.: Multilevel security and the quality of protection. In: Proceedings of First Workshop on Quality of Protection. LNCS, Como, Italy. Springer, Heidelberg (2005)
Millen, J.K., Schwartz, M.W.: The cascading problem for interconnected networks. In: 4th Aerospace Computer Security Applications Conference. IEEE CS Press, Los Alamitos (1988)
TNI. Trusted computer system evaluation criteria: Trusted network interpretation. Technical report, National Computer Security Center (1987) (Red Book)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Foley, S.N., Bella, G., Bistarelli, S. (2011). Security Protocol Deployment Risk. In: Christianson, B., Malcolm, J.A., Matyas, V., Roe, M. (eds) Security Protocols XVI. Security Protocols 2008. Lecture Notes in Computer Science, vol 6615. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22137-8_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-22137-8_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22136-1
Online ISBN: 978-3-642-22137-8
eBook Packages: Computer ScienceComputer Science (R0)