Applying protocol analysis to security device interfaces

Despite best efforts, general-purpose computing platforms and servers continue to be insecure. Due to their complexity, furthermore, it seems unlikely that a completely secure system can be built in the foreseeable future. Fortunately, a promising alternative exists: the use of trusted cryptographic devices and subsystems. Like smart cards, such devices hold and use secret cryptographic keys on behalf of a larger general-purpose system. Because such devices are small, specialized, and have relatively simple functionality, it might be feasible to develop subsystems that are actually secure. If so, these trusted devices could be ´boot-strapped´ into acting as trusted monitors or policy enforcers on an enterprise´s systems or as a party´s universally trusted proxy in a distributed system. In other words, this technology could allow enterprises to leverage trust (in a specific device´s interface) into trust (of larger systems and networks). However, trust in the interface must be established via a security analysis of some sort. In this paper, the author suggests adapting protocol analysis techniques to this purpose