安全协议的规范化设计

提出运用组合方法进行安全协议设计。给出了协议中基件与组件的定义,根据组件的安全属性设计实现相应安全目标的单步协议;定义组合规则,确保不同的单步协议能够组合成为一个复合协议,同时各个单步协议还能实现各自的安全目标。根据具体的应用背景选择合适的单步协议,按照组合规则组合后可得到满足需求的安全协议。该组合方法可将一个复合协议分解为若干基于组件的简单单步协议,使得协议的设计与分析易于实现。     

Synthesizing Distributed Protocol Specifications from a UML State Machine Modeled Service Specification

The object-oriented paradigm is widely applied in designing and implementing communication systems.Unified Modeling Language(UML) is a standard language used to model the design of object-oriented systems.A protocol state machine is a UML adopted diagram that is widely used in designing communication protocols.It has two key attractive advantages over traditional finite state machines:modeling concurrency and modeling nested hierarchical states.In a distributed communication system,each entity of the system has its own protocol that defines when and how the entity exchanges messages with other communicating entities in the system.The order of the exchanged messages must conform to the overall service specifications of the system.In object-oriented systems,both the service and the protocol specifications are modeled in UML protocol state machines.Protocol specification synthesis methods have to be applied to automatically derive the protocol specification from the service specification.Otherwise,a time-consuming process of design,analysis,and error detection and correction has to be applied iteratively until the design of the protocol becomes error-free and consistent with the service specification.Several synthesis methods are proposed in the literature for models other than UML protocol state machines,and therefore,because of the unique features of the protocol state machines,these methods are inapplicable to services modeled in UML protocol state machines.In this paper,we propose a synthesis method that automatically synthesizes the protocol specification of distributed protocol entities from the service specification,given that both types of specifications are modeled in UML protocol state machines.Our method is based on the latest UML version(UML2.3),and it is proven to synthesize protocol specifications that are syntactically and semantically correct.As an example application,the synthesis method is used to derive the protocol specification of the H.323 standard used in Internet calls.     

An approach to testing specifications

An approach to testing the consistency of specifications is explored, which is applicable to the design validation of communication protocols and other cases of step-wise refinement. In this approach, a testing module compares a trace of interactions obtained from an execution of the refined specification (e.g., the protocol specification) with the reference specification (e.g., the communication service specification). Nondeterminism in reference specifications presents certain problems. Using an extended finite state transition model for the specifications, a strategy for limiting the amount of nondeterminacy is presented. An automated method for constructing a testing module for a given reference specification is discussed. Experience with the application of this testing approach to the design of a transport protocol and a distributed mutual exclusion algorithm is described.     

Formal models of communication services: a case study

Formal methods can play an important role in exploring new communication systems services. The telecommunications and data communications communities have long accepted the need for formally describing protocols, but only recently have they considered formally describing a service by abstracting specifications from a particular protocol that provides that service. Specifying a service at an abstract level meets two important needs: standardization and customization. The author presents a simplified atomic multicast as an example service and input/output automata for the formal model. He shows how to represent the service specification, a protocol, and implementations of that protocol. He also sketches how to prove the correctness of the protocol and implementation, that is, how to show that the specified service is actually provided     

Automatic synthesis of communication controller hardware fromprotocol specifications

Controllers for serial protocols are control-oriented designs that include complex state machines. Manually designing protocol controllers is thus tedious, error prone, and time-consuming. We present a new methodology for the efficient design of communication controller hardware suited for (but not limited to) complex, bit-serial protocols. Our methodology synthesizes controller hardware from a formal high-level specification of the protocol. In this approach, a single run of the synthesis algorithm synthesizes a complete communication architecture from a single protocol specification. The method not only reduces modeling effort but also ensures that both the interacting transaction producer and consumer controllers conform to the initial protocol specification     

分布实现完全LOTOS规范的转换方法

基于LOTOS规范语言,文章从系统功能规范出发,结合实际系统的分布特性,推导出符合实际系统结构的模块化规范的转换方法.用标注的完全LOTOS语言规范表达复杂的系统分布特性,研究了使用广播通信方式进行协同的、直接处理多模块划分的规范分解算法.     

基于同态加密技术的安全多方乘积协议

安全多方乘积计算是一类特殊的安全多方计算问题,用于共享多个参与方进行乘积计算的结果。针对现有安全多方乘积协议频繁调用安全两方乘积协议造成的通信代价高,数据量大的问题,在半诚实模型下,利用同态加密技术,提出了适用于复杂网络环境的串行安全多方乘积协议和理想通信环境下的并行安全多方乘积协议,并从理论上证明了协议的正确性与安全性。通过已有协议的对比分析,证明了提出的两个协议在通信代价和执行效率上具有明显的优势。     

The Meta-Protocol framework

A communication protocol is a set of rules shared by two or more communicating parties on the sequence of operations and the format of messages to be exchanged. Standardization organizations define protocols in the form of recommendations (e.g., RFC) written in technical English, which requires a manual translation of the specification into the protocol implementation. This human translation is error-prone due in part to the ambiguities of natural language and in part due to the complexity of some protocols. To mitigate these problems, we divided the expression of a protocol specification into two parts. First, we designed an XML-based protocol specification language (XPSL) that allows for the high-level specification of a protocol—expressed as a Finite State Machine (FSM)—using Component-Based Software Engineering (CBSE) principles. Then, the components required by the protocol are specified in any suitable technical language (formal or informal). In addition, we developed the multi-layer Meta-Protocol framework, which allows for on-the-fly protocol discovery and negotiation, distribution of protocol specifications and components, and automatic protocol implementation in any programming language.     

Knowledge transformation and fusion in diagnostic systems

Diagnostic systems depend on knowledge bases specifying the causal, structural or functional interactions among components of the diagnosed objects. A diagnostic specification in a diagnostic system is a semantic interpretation of a knowledge base. We introduce the notion of diagnostic specification morphism and some operations of diagnostic specifications that can be used to model knowledge transformation and fusion, respectively. The relation between diagnostic methods in the source system and the target system of a specification morphism is examined. Also, representations of diagnostic methods in a composed system modelled by operations of specifications are given in terms of the corresponding diagnostic methods in its component systems.     

Security by typing

We present an approach for analyzing cryptographic protocols that are subject to attack from an active intruder who takes advantage of knowledge of the protocol rules. The approach uses a form of type system in which types are communication steps and typing constraints characterize all the messages available to the intruder. This reduces verification of authentication and secrecy properties to a typing problem in our type system. We present the typing rules, prove soundness of a type inference algorithm, and establish the correctness of the typing rules with respect to the protocol execution and intruder actions. The protocol specifications used in the approach can be automatically extracted from the conventional, informal cryptographic protocol notation commonly found in the literature. To validate the approach, we implement our algorithm in a tool called DYMNA, which is a practical and efficient environment for the specification and analysis of cryptographic protocols.     

Deriving protocol specifications from service specifications written in LOTOS

Summary.  A complete communication system is broken down into a number of protocol layers each of which provides services to the layer above it and uses services provided by its underlying layer. A service specification defines a particular ordering of the operations that a given layer provides to the layer above it. The active elements in each layer are called entities and they use a protocol in order to implement their service definition. On the basis of this relation between the service and protocol concepts we have developed algorithms for deriving protocol entity specifications from a formal service specification. The derived protocol entities ensure the correct ordering of the service primitives by exchanging synchronization messages through an underlying communication medium. This paper presents an extended version of our earlier derivation algorithms. This version of the algorithm can handle all operators and unrestricted process invocation and recursion as defined by basis LOTOS. The correctness of this derivation algorithm is formally proved. Received: January 1992 / Accepted: February 1996     

Programming simultaneous actions using common knowledge

This work applies the theory of knowledge in distributed systems to the design of efficient fault-tolerant protocols. We define a large class of problems requiring coordinated, simultaneous action in synchronous systems, and give a method of transforming specifications of such problems into protocols that areoptimal in all runs: these protocols are guaranteed to perform the simultaneous actions as soon as any other protocol could possibly perform them, given the input to the system and faulty processor behavior. This transformation is performed in two steps. In the first step we extract, directly from the problem specification, a high-level protocol programmed using explicit tests for common knowledge. In the second step we carefully analyze when facts become common knowledge, thereby providing a method of efficiently implementing these protocols in many variants of the omissions failure model. In the generalized omissions model, however, our analysis shows that testing for common knowledge is NP-hard. Given the close correspondence between common knowledge and simultaneous actions, we are able to show that no optimal protocol for any such problem can be computationally efficient in this model. The analysis in this paper exposes many subtle differences between the failure models, including the precise point at which this gap in complexity occurs.     

Integrated Estelle and ASN.1 specification approach to automatic implementation of application protocol

Estelle currently does not support ASN.1 and encoding and decoding rules. Tools developed for Estelle and ASN.1 have been developed independently of each other. As such, ASN.1 tools do not support Estelle and vice versa. At present, due to these two separate specifications, implementation is time consuming. It is imperative to find a way for ASN.1 and Estelle specifications to be efficiently integrated to facilitate fully automatic implementation. This paper describes how Estelle and ASN.1 can be integrated to give a unified specification which can then be fed into a software environment to produce a truly automatic implementation of an application protocol, including encoding and decoding of protocol data units, when application layer protocols are specified in Estelle and in ASN.1. The integration approach is based on the powerful programming concept, Data Abstraction. The software that implements this integrated specification approach to automatic implementation of application protocol is called EASE (Estelle and ASN.1 Software Environment). To demonstrate the viability of the approach, the unified specification of the ISO ACSE and Presentation protocols are also presented.     

A methodology for constructing communication protocols with multiple concurrent functions

A methodology is presented for the construction of communication protocols which perform several distinct functions simultaneously. The construction of such a multi-function protocol consists of three steps: (1) the development of component protocols for the different functions, (2) the integration of component protocols into a merged protocol, and (3) the specification of operational relationship among the component protocols. The conditions required for the resulting merged protocol to retain the safety properties, such as freedom from unspecified receptions, freedom from deadlocks, and boundedness, of the component protocols are discussed. The methodology is simple and facilitates the reuse of existing protocols. Two examples are given to illustrate its usage: a full-duplex data transfer protocol and another data transfer protocol with pipelining and flow control. Huai-An Lin received the B.S.E.E. degree from National Taiwan University, Taiwan, in 1977, and the M.S. and Ph.D. degrees in computer and information science from the Ohio State University, Columbus, Ohio, in 1981 and 1983, respectively. From 1983 to 1985, he was with the Gould Research Center at Rolling Meadows, Illinois. Since 1985, he has been an Assistant Professor of Electrical Engineering at University of Washington, Seattle, Washington. His research interests include computer communication networks, distributed systems, and software engineering. Dr. Lin is a member of the Institute of Electrical and Electronics Engineers and the Association for Computing Machinery.This research was partially supported by the Graduate School Research Fund of University of Washington     

Archetype: a unified method for the design and implementation ofprotocol architectures

A method for the automated design, specification, and implementation of protocol architectures is introduced. A natural-language-like protocol architecture specification technique, called Archetype, is formulated. This technique aids the design by enabling an unambiguous specification of the protocol architecture on the level of the communications technologies used, without involvement in the complex implementation details of these technologies. The author defines a data-driven concurrent execution model and specifies the generation of executable specifications from abstract protocol architecture specifications. The exploitation of parallelism in the execution model enables the fulfilment of performance constraints placed on protocol architectures. An architecture based on a single X.25-level 3-like protocol is used as an illustrative example     

一种针对不同总线协议测试设备通信的通用ICD设计

针对民机测试中测试设备的通信协议繁杂、难以进行统一管控的问题,提出了一种基于可扩展标记语言(XML)的通用接口控制文档(ICD)设计方法。利用ICD的通用性特点将其设计成工程层级、设备层级和消息层级3个层级,分别描述各类总线协议的工程测试中的设备通信活动、设备通信过程和通信消息帧。通过加载通用ICD,可实现不同总线协议的被测数据与测试设备进行集中交互,并在某型的民用飞机中的总装功能试验中进行了实践应用。实践结果表明,该方法能实现多协议测试设备的通信,有效解决了测试设备通信协议种类繁多、统一管理难的问题,促进了民机集成测试技术的发展。     

Towards a new open communication standard between homes and service robots,the DHCompliant case

The interoperability of service robots and digital home was a user demand from the past years. In response to that necessity, the researchers from the Infobotica Research Group, in cooperation with a group of companies and universities, have proposed a new open standard and architecture. It is composed of different virtual services, protocols as well as an open adapters’ architecture, on top of the UPnP protocol stack. The proposed application protocols and the general architecture provide a communication environment for positioning devices, rules compliance checks, the collaboration between devices and managing energy efficiently. The different tools, adapters, and protocols, developed within the DHCompliant architecture, have defined a new level of application protocol that has allowed increased integration of those modules into home automation, improving their interoperability, and allowing the addition of new services to the same standard and commercial hardware.     

Protocol converter generation using the STS approach

During the past four years, the authors have developed the Synchronizing Transition Set (STS) approach to solve protocol conversion problems for interconnecting heterogeneous computer networks. The STS approach is a 5-step formal algorithm: given service specifications of target protocols as its input, it derives a protocol converter specification as output. Several variations of the STS algorithm have been studied, and it was formally proven that all of these variations support the same correctness properties [1–4], such as conformity, liveness and transparency properties. Recently, the STS algorithm has been fully implemented in an STS protocol converter generation package. The package is written in the C language under a standard UNIX operating system. It needs less than 1000 lines of C statements to fully implement the STS algorithm. Moreover, to generate a converter between some classical example protocols, such as ABP (alternating bit protocol) and go-back-n protocols, it only takes a few seconds to derive a correct protocol converter specification using a desktop workstation. In this paper, the STS algorithm and its implementation are presented.     

可防冲突的专用协议栈

由于网络一般都使用公共的网络协议, 对于一些特殊的用户, 出于特殊的考虑, 对公共协议的安全性不够放心, 需要量身打造适合自己的专用协议, 以满足安全性和特殊性的需求. 设计了基于CIPSO标准改造的专用协议, 实现在现有网络环境下的正常通信, 满足根据安全级别等特定信息对数据流转进行控制的需求. 为避免因相似性造成的协议冲突问题, 提出防冲突标识的概念并设计出防冲突协商机制. 采用移植LWIP协议栈的方式实现该专用协议.