Skip to main content
SpringerLink
Log in

Security Protocol Deployment Risk

  • Conference paper
Security Protocols XVI (Security Protocols 2008)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6615))

Included in the following conference series:

  • 513 Accesses

Abstract

Security protocol participants are software and/or hardware agents that are — as with any system — potentially vulnerable to failure. Protocol analysis should extend not just to an analysis of the protocol specification, but also to its implementation and configuration in its target environment. However, an in-depth formal analysis that considers the behaviour and interaction of all components in their environment is not feasible in practice.

This paper considers the analysis of protocol deployment rather than implementation. Instead of concentrating on detailed semantics and formal verification of the protocol and implementation, we are concerned more with with the ability to trace, at a practical level of abstraction, how the protocol deployment, that is, the configuration of the protocol components, relate to each other and the overall protocol goals. We believe that a complete security verification of a system is not currently achievable in practice and seek some degree of useful feedback from an analysis that a particular protocol deployment is reasonable.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bella, G., Bistarelli, S.: Soft constraint programming to analysing security protocols. Theory and Practice of Logic Programming 4(5), 1–28 (2004)

    MathSciNet  MATH  Google Scholar 

  2. Bella, G.: Formal Correctness of Security Protocols. In: Information Security and Cryptography. Springer, Heidelberg (2007)

    Google Scholar 

  3. Bistarelli, S.: Semirings for Soft Constraint Solving and Programming. LNCS, vol. 2962. Springer, Heidelberg (2004)

    MATH  Google Scholar 

  4. Bond, M., Anderson, R.: API-level attacks on embedded systems. Computer 34(10), 67–75 (2001)

    Article  Google Scholar 

  5. Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)

    Article  MathSciNet  MATH  Google Scholar 

  6. Foley, S.N.: Conduit cascades and secure synchronization. In: Proceedings of ACM New Security Paradigms Workshop (2000)

    Google Scholar 

  7. Foley, S.N., Bistarelli, S., O’Sullivan, B., Herbert, J., Swart, G.: Multilevel security and the quality of protection. In: Proceedings of First Workshop on Quality of Protection. LNCS, Como, Italy. Springer, Heidelberg (2005)

    Google Scholar 

  8. Millen, J.K., Schwartz, M.W.: The cascading problem for interconnected networks. In: 4th Aerospace Computer Security Applications Conference. IEEE CS Press, Los Alamitos (1988)

    Google Scholar 

  9. TNI. Trusted computer system evaluation criteria: Trusted network interpretation. Technical report, National Computer Security Center (1987) (Red Book)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University College Cork, Ireland

    Simon N. Foley

  2. SAP Research, Mougins, France

    Giampaolo Bella

  3. Dipartimento di Matematica e Informatica, Università di Catania, Italy

    Giampaolo Bella

  4. Dipartimento di Scienze, Universitá degli Studi “G. D’Annunzio”, Pescara, Italy

    Stefano Bistarelli

  5. Istituto di Informatica e Telematica, CNR, Pisa, Italy

    Stefano Bistarelli

Authors
  1. Simon N. Foley
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Giampaolo Bella
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stefano Bistarelli
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department, University of Hertfordshire, AL10 9AB, Hatfield, UK

    Bruce Christianson , James A. Malcolm  & Michael Roe ,  & 

  2. Faculty of Informatics, Masaryk University, Botanicka 68a, 602 00, Brno, Czech Republic

    Vashek Matyas

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Foley, S.N., Bella, G., Bistarelli, S. (2011). Security Protocol Deployment Risk. In: Christianson, B., Malcolm, J.A., Matyas, V., Roe, M. (eds) Security Protocols XVI. Security Protocols 2008. Lecture Notes in Computer Science, vol 6615. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22137-8_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-22137-8_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-22136-1

  • Online ISBN: 978-3-642-22137-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation