Mohamed G. Gouda - Böcker

There are two groups of researchers who are interested in designing network protocols and who cannot (yet) effectively communicate with one another c- cerning these protocols. The first is the group of protocol verifiers, and the second is the group of protocol implementors. The main reason for the lack of effective communication between these two groups is that these groups use languages with quite different semantics to specify network protocols. On one hand, the protocol verifiers use specification languages whose semantics are abstract, coarse-grained, and with large atom- ity. Clearly, protocol specifications that are developed based on such semantics are easier to prove correct. On the other hand, the protocol implementors use specification languages whose semantics are concrete, fine-grained, and with small atomicity. Protocol specifications that are developed based on such - mantics are easier to implement using system programming languages such as C, C++, and Java. To help in closing this communication gap between the group of protocol verifiers and the group of protocol implementors, we present in this monograph a protocol specification language called the Timed Abstract Protocol (or TAP, for short) notation. This notation is greatly influenced by the Abstract Protocol Notation in the textbook Elements of Network Protocol Design, written by the second author, Mohamed G. Gouda. The TAP notation has two types of sem- tics: an abstract semantics that appeals to the protocol verifiers and a concrete semantics thatappeals to the protocol implementors group.

Hop Integrity in the Internet introduces a new security defense, hop integrity, that can be used against denial-of-service attacks in the Internet.  If a message that is part of a denial-of-service attack is originated by an adversarial host in the Internet and if the message header includes a wrong address for the originating host (in order to hide the true source of the attack), then the message will be classified as modified or replayed and will be discarded by the first router that receives the message in the Internet.A suite of protocols for providing hop integrity in the Internet is discussed in great detail. In particular, each protocol in the suite is specified and verified using an abstract and formal notation called the Secure Protocol Notation.  The protocols include:- Secure address resolution - Weak hop integrity - Strong hop integrity using soft sequence numbers- Strong hop integrity using hard sequence numbersOther benefits of hop integrity extend to secure routing, mobile IP, and IP multicast.

While we are all becoming familiar with the Internet, which uses the Transfer Control Protocol/Internet Protocol (TCP/IP), more and more additions and changes emerge every year, including protocols that support multimedia, encryption, and other methods of secure data transfer. This book focuses on the design and implementation of these computer network information transfer protocols. Using the Internet as a running case study throughout the book, the authors introduce a formal notation for writing network protocols and organize their discussion around protocol functions.

The TAP notation uses two types of semantics: an abstract semantics for protocol verifiers and a concrete semantics for protocol implementers. The Austin Protocol Compiler illustrates that two types of semantics of TAP are equivalent. Thus, the correctness of TAP specification of some protocol, that is established based on the abstract semantics of TAP, is maintained when this specification is implemented based on concrete semantics of TAP. The equivalence suggests the following for developing a correct implementation of a protocol: 1. Specify the protocol using the TAP notation. 2. Verify the correctness of the specification based on the abstract semantics of TAP. 3. Implement the specification based on the concrete semantics of TAP. For step 3, this book introduces the Austin Protocol Compiler (APC) that takes as input, a TAP specification of some protocol, and produces as output C-code that implements this protocol based on the concrete semantics of TAP.