On SDSI's linked local name spaces
Journal of Computer Security
Policy-directed certificate retrieval
Software—Practice & Experience
A logic for SDSI's linked local name spaces
Journal of Computer Security
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Authentication and Confidentiality via IPSEC
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
Compliance Checking in the PolicyMaker Trust Management System
FC '98 Proceedings of the Second International Conference on Financial Cryptography
Analysis of SPKI/SDSI Certificates Using Model Checking
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Protocols for Key Establishment and Authentication
Protocols for Key Establishment and Authentication
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A logical reconstruction of SPKI
Journal of Computer Security - Special issue on CSFW14
Reasoning about Concurrency for Security Tunnels
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
L3A: a protocol for layer three accountingAlwyn Goodloe,
NPSEC'05 Proceedings of the First international conference on Secure network protocols
| Hi-index | 0.00 |
Tunnel-complex protocols construct topologies of security tunnels by directing tunnel-establishment protocols to set up pair-wise tunnels, where the resulting collection of tunnels achieves an overall security objective. Such protocols ease the burden on network managers, but their design exhibits subtleties relating to functional correctness that can benefit from formal analysis. A class of tunnel-complex protocols that are of special interest are discovery protocols that discover security gateways and set up tunnels to negotiate their traversal by delivering the requisite credentials to satisfy the policies at security gateways on the dataflow path. We present a case study of a discovery protocol that sets up a concatenated sequence of tunnels. We then propose the concept of a theorem for discovery protocols that expresses the completeness of the protocol's credential distribution mechanism. The theorem is parameterized for different protocols. We show how it is instantiated for the protocol in our case study and discuss how specific instances of the theorem characterize different classes of discovery protocols.