Title :
Towards Validating Security Protocol Deployment in the Wild
Author :
Compagna, Luca ; Flegel, Ulrich ; Lotz, Volkmar
Author_Institution :
SAP Labs. France, Mougins, France
Abstract :
As computing technology becomes increasingly pervasive and interconnected, mobility leads to shorter-lasting relationships between end-points with many different security requirements. Also the rapid development of new service landscapes calls for standardized, yet highly flexible security protocols. It has been demonstrated that the increasing number of application contexts of these highly flexible security protocols opens vulnerabilities emerging from the difficulty of assessing the impact of the selected protocol options on the actual security of the relationship established using the protocol. This contribution clearly identifies the underlying problem more generally and establishes the need for run-time on-the-fly verification of security protocol instances considering the actual choice of options and environment assumptions. Extending security protocol verification from the design-time realm into deployment and even run-time generates various challenges. This paper identifies these new challenges and proposes directions for research on solutions.
Keywords :
cryptographic protocols; formal verification; mobile computing; computing technology mobility; pervasive technology; run-time on-the-fly verification; security protocol instance; security protocol validation; security protocol verification; Application software; Communications technology; Computer applications; Computer security; Information security; LAN interconnection; Pervasive computing; Protocols; Runtime environment; Service oriented architecture; protocol verification;
Conference_Titel :
Computer Software and Applications Conference, 2009. COMPSAC '09. 33rd Annual IEEE International
Conference_Location :
Seattle, WA
Print_ISBN :
978-0-7695-3726-9
DOI :
10.1109/COMPSAC.2009.172
