The objective of the effort is to provide Internet sites with the enabling technology that brings together communications security and network security into easily buildable and deployable high-assurance software packages.
Modular software structures are the heart and soul of the approach. Although this is similar to object-oriented approaches, the work avoids excess generality by taking advantage of the well-understood structure of the network software domain. A small number of interface operations between modules define how modules can be combined.
Each module is a "protocol". There are large, state-driver protocols like TCP and smaller protocols single-state protocols that are similar to message filters. There are also "micro-protocols" that provide the glue for building complex applications: switches that disassemble/reassemble messages that are relevant to multiple cryptographic sessions, broadcast support, key managers, and system configuration managers.
The process of combination and configuration is controlled by software tools that are driven from a protocol graph, a set of parameter configuration options that are applicable to individual protocols, and a set of protocol attributes and generic combination rules.
Designers, implementors, and administrators can configure or customize large-scale applications using these tools and software modules. The system handles all site-specific configuration parameters through a uniform interface, and all cryptographic and configuration dependencies are evident from these files.
We have successfully used this approach to implement existing security protocols such as Kerberos and the newly emerging Internet network level security protocol. In addition, we are using it as a design tool in developing a secure group management protocol to be used in conjunction with secure multicast groups and routing protocols.