TY - GEN
T1 - Formal prototyping in early stages of protocol design
AU - Goodloe, Alwyn
AU - Gunter, Carl
AU - Stehr, Mark Oliver
PY - 2005
Y1 - 2005
N2 - Network protocol design is usually an informal process where debugging is based on successive iterations of a prototype implementation. The feedback provided by a prototype can be indispensable since the requirements are often incomplete at the start. A draw-back of this technique is that errors in protocols can be notoriously difficult to detect by testing alone. Applying formal methods such as theorem proving can greatly increase one's confidence that the protocol is correct. However, formal methods can be tedious to use, rarely support successive design iterations and prototyping, are difficult to scale to entire designs, and typically require a clear understanding of requirements in advance. We investigate how formal simulation based on Maude executable specifications overcomes many of these hurdles. We apply this technique in the early stages of the design of a new security protocol, known as Layer 3 Accounting (L3A), aimed at protecting known vulnerabilities in the wireless accounting infrastructure. The protocol sets up a collection of IPsec security associations that provide the necessary protection. We demonstrate how formal simulation uncovered problems in several successive iterations of the L3A protocol design.
AB - Network protocol design is usually an informal process where debugging is based on successive iterations of a prototype implementation. The feedback provided by a prototype can be indispensable since the requirements are often incomplete at the start. A draw-back of this technique is that errors in protocols can be notoriously difficult to detect by testing alone. Applying formal methods such as theorem proving can greatly increase one's confidence that the protocol is correct. However, formal methods can be tedious to use, rarely support successive design iterations and prototyping, are difficult to scale to entire designs, and typically require a clear understanding of requirements in advance. We investigate how formal simulation based on Maude executable specifications overcomes many of these hurdles. We apply this technique in the early stages of the design of a new security protocol, known as Layer 3 Accounting (L3A), aimed at protecting known vulnerabilities in the wireless accounting infrastructure. The protocol sets up a collection of IPsec security associations that provide the necessary protection. We demonstrate how formal simulation uncovered problems in several successive iterations of the L3A protocol design.
UR - http://www.scopus.com/inward/record.url?scp=77953980529&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77953980529&partnerID=8YFLogxK
U2 - 10.1145/1045405.1045413
DO - 10.1145/1045405.1045413
M3 - Conference contribution
AN - SCOPUS:77953980529
SN - 1581139802
SN - 9781581139808
T3 - Proceedings of the 2005 Workshop on Issues in the Theory of Security, WITS '05
SP - 67
EP - 80
BT - Proceedings of the 2005 Workshop on Issues in the Theory of Security, WITS '05
T2 - 2005 Workshop on Issues in the Theory of Security, WITS '05
Y2 - 10 January 2005 through 11 January 2005
ER -