论文信息 - Design and Analysis of Sectrace : A Protocol to Set up Security Associations and Policies in IPSec Networks ∗

Design and Analysis of Sectrace : A Protocol to Set up Security Associations and Policies in IPSec Networks ∗

To provide encryption and authentication services IPSec assumes the existence of suitable security associations and policies. Setting up such associations and policies is not a trivial task, especially in the presence of nested channels and concatenated channels involving several security gateways. Since IPSec does not address this problem, the sectrace protocol has be designed. In this paper we have developed an executable formal specification of the protocol and performed some preliminary analysis. Our analysis indicates that the solutions found by the protocol are not always optimal, because certain possibilities to set up correct security associations are missed. It also shows that that concurrent runs of the protocol can cause undesirable interference effects. As a result of this analysis we are currently investigating formal prototypes of alternative protocol designs. Two of the these are discussed in this paper.

Alwyn Goodloe | Michael McDougall

[1] Narciso Martí-Oliet,et al. Maude: specification and programming in rewriting logic , 2002, Theor. Comput. Sci..

[2] Peter Csaba Ölveczky,et al. Maude as a wide-spectrum framework for formal modeling and analysis of active networks , 2002, Proceedings DARPA Active Networks Conference and Exposition.

[3] José Meseguer,et al. A logical theory of concurrent objects and its realization in the Maude language , 1993 .

[4] José Meseguer,et al. Specification and proof in membership equational logic , 2000, Theor. Comput. Sci..

[5] Carolyn L. Talcott,et al. Plan in Maude: Specifying an Active Network Programming Language , 2004, WRLA.

[6] MeseguerJosé. Conditional rewriting logic as a unified model of concurrency , 1992 .