@inproceedings{f756c678fb0949dab14959474e737c77,
title = "Completeness of discovery protocols",
abstract = "Tunnel-complex protocols construct topologies of security tunnels by directing tunnel-establishment protocols to set up pair-wise tunnels, where the resulting collection of tunnels achieves an overall security objective. Such protocols ease the burden on network managers, but their design exhibits subtleties relating to functional correctness that can benefit from formal analysis. A class of tunnel-complex protocols that are of special interest are discovery protocols that discover security gateways and set up tunnels to negotiate their traversal by delivering the requisite credentials to satisfy the policies at security gateways on the dataflow path. We present a case study of a discovery protocol that sets up a concatenated sequence of tunnels. We then propose the concept of a theorem for discovery protocols that expresses the completeness of the protocol's credential distribution mechanism. The theorem is parameterized for different protocols. We show how it is instantiated for the protocol in our case study and discuss how specific instances of the theorem characterize different classes of discovery protocols.",
keywords = "Certificates, Discovery protocols, Formal methods, IPsec, Security gateways",
author = "Goodloe, {Alwyn E.} and Gunter, {Carl A.}",
note = "Copyright: Copyright 2012 Elsevier B.V., All rights reserved.; 2nd ACM Workshop on Assurable and Usable Security Configuration, SafeConfig '09, Co-located with the 16th ACM Computer and Communications Security Conference, CCS'09 ; Conference date: 09-11-2009 Through 13-11-2009",
year = "2009",
doi = "10.1145/1655062.1655070",
language = "English (US)",
isbn = "9781605587783",
series = "Proceedings of the ACM Conference on Computer and Communications Security",
pages = "29--36",
booktitle = "Proceedings of the 2nd ACM Workshop on Assurable and Usable Security Configuration, SafeConfig '09, Co-located with the 16th ACM Computer and Communications Security Conference, CCS'09",
}