This material was presented in a series of lectures at FOSAD, a summer school on Foundations of Security Analysis and Design, at the University of Bologna Center at Bertinoro in September 2000. It has two main purposes.
The first purpose is to explain how to model and analyze two important security problems, and how to derive systematic solutions to them. One problem area is the "packet protection problem," concerning how to use the security services provided by routers—services such as packet filtering and the IP security protocols—to achieve useful protection in complex networks. The other problem area, the "Dolev-Yao" problem, concerns how to determine, given a cryptographic protocol, what authentication and con dentiality properties it achieves, assuming that the cryptographic primitives it uses are ideal.
Our secondary purpose is to argue in favor of an overall approach to modeling and then solving information security problems. We argue in favor of discovering security goals for specific domains by examining the threats and enforcement mechanisms available in those domains. Mathematical modeling allows us to develop algorithms and proof methods to ensure that the mechanisms achieve particular security goals. This leads to a systematic approach to trust management, often a more pressing information security problem than inventing new and improved security mechanisms.
* Work reported here was supported by the National Security Agency through US Army CECOM contract DAAB07-99-C-C201. Work was in collaboration with Amy L. Herzog, Jonathan C. Herzog, and F. Javier Thayer.
