Show simple item record

A structured approach to network security protocol implementation

dc.contributor.advisorHutchison, Andrew C Men_ZA
dc.contributor.authorTobler, Benjaminen_ZA
dc.date.accessioned2016-02-29T12:07:26Z
dc.date.accessioned2018-11-26T13:54:06Z
dc.date.available2016-02-29T12:07:26Z
dc.date.available2018-11-26T13:54:06Z
dc.date.issued2005en_ZA
dc.identifier.urihttp://hdl.handle.net/11427/17381
dc.identifier.urihttp://repository.aust.edu.ng/xmlui/handle/11427/17381
dc.description.abstractThe implementation of network security protocols has not received the same level of attention in the literature as their analysis. Security protocol analysis has successfully used inference logics, like GNY and BAN, and attack analysis, employing state space examination techniques such as model checking and strand spaces, to verify security protocols. Tools, such as the multi-dimensional analysis environment SPEAR II, exist to help automate security protocol specification and verification, however actual implementation of the specification in executable code is a task still largely left to human programmers. Many vulnerabilities have been found in implementations of security protocols such as SSL, PPTP and RADIUS that are incorporated into widely used operating system software, web servers and other network aware applications. While some of these vulnerabilities may be a result of flawed or unclear specifications, many are the result of the failure of programmers to correctly interpret and implement them. The above indicates a gap between security protocol specifications and their concrete implementations, in that there are methodologies and tools that have been established for developing the former, but not the latter. This dissertation proposes an approach to bridging this gap, describes our implementation of that approach and attempts to evaluate its success. The approach is three-fold, providing different measures to improve current ad-hoc implementation approaches: 1. From Informal to Formal Specifications: If a security protocol has been specified using informal standard notation, it can be converted, using automatic translation, to a formal specification language with well defined semantics. The formal protocol specification can then be analysed using formal techniques, to verify that the desired security properties hold. The precise specification of the protocol behaviour further serves to facilitate the concrete implementation of the protocol in code.en_ZA
dc.language.isoengen_ZA
dc.subject.otherComputer Scienceen_ZA
dc.titleA structured approach to network security protocol implementationen_ZA
dc.typeThesisen_ZA
dc.type.qualificationlevelMastersen_ZA
dc.type.qualificationnameMScen_ZA
dc.publisher.institutionUniversity of Cape Town
dc.publisher.facultyFaculty of Scienceen_ZA
dc.publisher.departmentDepartment of Computer Scienceen_ZA


Files in this item

FilesSizeFormatView
thesis_sci_2005_tobler_benjamin.pdf761.0Kbapplication/pdfView/Open

This item appears in the following Collection(s)

Show simple item record