Security Protocol Deployment Risk

Security protocol participants are software and/or hardware agents that are?as with any system?potentially vulnerable to failure. Protocol analysis should extend not just to an analysis of the protocol specification, but also to its implementation and configuration in its target environment. However, an in-depth formal analysis that considers the behavior and interaction of all com- ponents in their environment is not feasible in practice. This paper considers the analysis of protocol deployment rather than imple- mentation. Instead of concentrating on detailed semantics and formal verification of the protocol and implementation, we are concerned more with with the abil- ity to trace, at a practical level of abstraction, how the protocol deployment, that is, the configuration of the protocol components, relate to each other and the overall protocol goals. We believe that a complete security verification of a system is not currently achievable in practice and seek some degree of useful feedback from an analysis that a particular protocol deployment is reasonable. This paper considers the analysis of protocol deployment rather than imple- mentation. Instead of concentrating on detailed semantics and formal verification of the protocol and implementation, we are concerned more with with the abil- ity to trace, at a practical level of abstraction, how the protocol deployment, that is, the configuration of the protocol components, relate to each other and the overall protocol goals. We believe that a complete security verification of a system is not currently achievable in practice and seek some degree of useful feedback from an analysis that a particular protocol deployment is reasonable.