The application of software and safety engineering techniques to security protocol development

Security protocols are series of steps designed to achieve a particular aim, whilst also providing security functions. However, despite extensive research, protocols are still being designed which are susceptible to common flaws and attacks. Much of the research in this area has focused on protocol verification and, to a lesser extent, protocol design. Many comparisons have been made between software and safety and security engineering. This thesis builds on these comparisons in order to identify an approach to protocol development which reduces the likelihood of the occurrence of common flaws and attacks. This thesis proposes a process model for protocol development and justifies why such a model should be used to structure protocol development. One area that has often been overlooked in protocol research is that of the requirements of the security protocol. In this thesis, this area is investigated and, as a result, two techniques for the analysis and elicitation of security protocol requirements have been developed. The first technique is the Vulnerability Identification and Analysis (VIA) method. This is based on the HAZOP technique, which is successfully used in safety engineering, as well as a wide variety of other industries. The VIA method provides a structured approach to the deviation analysis of security protocol requirements, as well as the elicitation of further requirements. The second technique, Requirements Analysis and Elicitation (RAE) trees, extends the tree based analysis techniques which have been developed for the security field and draws on ideas from the safety analysis technique Fault Tree Analysis. The RAE trees are used to determine the causes of, and identify requirements to address, protocol vulnerabilities.