Completeness of discovery protocols

Alwyn E. Goodloe, Carl A. Gunter

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Tunnel-complex protocols construct topologies of security tunnels by directing tunnel-establishment protocols to set up pair-wise tunnels, where the resulting collection of tunnels achieves an overall security objective. Such protocols ease the burden on network managers, but their design exhibits subtleties relating to functional correctness that can benefit from formal analysis. A class of tunnel-complex protocols that are of special interest are discovery protocols that discover security gateways and set up tunnels to negotiate their traversal by delivering the requisite credentials to satisfy the policies at security gateways on the dataflow path. We present a case study of a discovery protocol that sets up a concatenated sequence of tunnels. We then propose the concept of a theorem for discovery protocols that expresses the completeness of the protocol's credential distribution mechanism. The theorem is parameterized for different protocols. We show how it is instantiated for the protocol in our case study and discuss how specific instances of the theorem characterize different classes of discovery protocols.

Original languageEnglish (US)
Title of host publicationProceedings of the 2nd ACM Workshop on Assurable and Usable Security Configuration, SafeConfig '09, Co-located with the 16th ACM Computer and Communications Security Conference, CCS'09
Pages29-36
Number of pages8
DOIs
StatePublished - 2009
Event2nd ACM Workshop on Assurable and Usable Security Configuration, SafeConfig '09, Co-located with the 16th ACM Computer and Communications Security Conference, CCS'09 - Chicago, IL, United States
Duration: Nov 9 2009Nov 13 2009

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Other

Other2nd ACM Workshop on Assurable and Usable Security Configuration, SafeConfig '09, Co-located with the 16th ACM Computer and Communications Security Conference, CCS'09
Country/TerritoryUnited States
CityChicago, IL
Period11/9/0911/13/09

Keywords

  • Certificates
  • Discovery protocols
  • Formal methods
  • IPsec
  • Security gateways

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Completeness of discovery protocols'. Together they form a unique fingerprint.

Cite this