1. Field of the Invention
The present invention relates generally to cryptographic network protocols and, more particularly, to a method for automatically selecting an appropriate service to provide particular logical guarantees.
2. Description of the Background Art
Cryptographic network protocols are implemented by programs used for making secure connections over computer networks. In the process of building such a protocol, a highly skilled analyst must typically be employed in order to examine the entire protocol, including all of its components.
A protocol may incorporate a number of components that, together, may be used to perform the routines necessary to implement the protocol. The protocol may rely on services that are independently designed in order to implement the complete protocol, as is often easily accomplished in object-oriented software systems. In a typical object-oriented software system, a programmer of the protocol could define an interface, and could then accept any service that meets the defined interface. This behavior is commonly termed “polymorphism.”
Polymorphism appears in a different form in modem Web Services systems. Many Web Services systems use some method of service discovery to identify services on a network and assemble them into a useful system. This typically requires the system and the assembled services to agree on the name of the service or a required function.
A drawback of this kind of flexibility is that there is no way to know that a system composed in this manner will retain any security properties of the individual services. Security analysis of a protocol designed in this manner requires, as previously noted, the examination of the entire protocol and its components. Unfortunately, requiring that the entire protocol be specified before analysis conflicts with the availability of this level of flexibility.
Accordingly, what is desired is a method for retaining the flexibility of polymorphism in a cryptographic network protocol while simultaneously facilitating security verification of the entire protocol and its components.