A communication protocol is an agreement among two or more parties on the sequence of operations and the format of messages to be exchanged. Standardization organizations define protocols in the form of recommendations (e.g., RFC) written in technical English, which requires a manual translation of the specification into the protocol implementation. This human translation is error-prone due in part to the ambiguities of natural language and in part due to the complexity of some protocols. We propose an XML-based language for protocol specification along with a process, based in XSLT stylesheets, for automatic code generation. The code generated uses components from a library of special purpose components that perform frequently executed functions (e.g., encryption). Our approach was validated on three different protocols: Needham-Schroeder's authentication protocol, TCP's three-way handshake, and SSL's handshake. We developed a Java XSLT stylesheet along with an XML Schema for validation of the XML specifications.

Group communication is increasingly used as a low cost building block for the development of highly available and survivable services in dynamic environments. However, contemporary frameworks often provide limited facilities for the definition and enforcement of precise security policies. This paper presents the Antigone 2.0 framework that allows the flexible specification and enforcement of group security policies. Enforcement is achieved through the policy directed composition and configuration of sets of basic security services implementing the group. We summarize the design of the Antigone 2.0 architecture, its use, and the Application Programming Interface (API). The use of the API is illustrated through two applications built on Antigone; a reliable multicast system and host level multicast security service. We conclude with a description of current status and plans for future work. 1

Security policy management for a dynamic coalition with multiple members, each with its own policy requirements and mechanisms, and with limited mutual trust, is a complex task. In this paper, we present the architecture of MSME, a system that addresses this problem by providing mechanisms to express security requirements for large groups abstractly; exchange and reconcile these communication requirements among members of a group; and automatically bind these abstract requirements to mechanisms that can enforce them at different levels of the TCP/IP stack. 1.

The process of policy reconciliation allows multiple parties with possibly different policies to resolve differences in order to reach an agreement on an acceptable policy. Previous solutions for policy reconciliation required the participants to reveal their entire security policy in order to reach an agreement. It was not until recently that new protocols were developed which take into account the privacy concerns of reconciliating parties. In this paper we present a performance evaluation of these privacy-preserving reconciliation protocols with a focus on quantifying the added cost due to the privacy guarantees. 1

Most security protocols share a similar set of algorithms and functions and exhibit common sequences and patterns in the way they operate. These observations led us to propose a unified architecture for the implementation of security protocols in the form of a security toolbox system. Our design, based on the concepts of Component Based Software Engineering (CBSE), provides fast and flexible implementation and deployment of security protocols.

Entities define their own set of rules under which they are willing to collaborate, e.g., interact, share and exchange resources or information with others. Typically, these individual policies differ for different parties. Thus, collaboration requires the resolving of differences and reaching a consensus. This process is generally referred to as policy reconciliation. Current solutions for policy reconciliation do not take into account the privacy concerns of reconciliating parties. This paper addresses the problem of preserving privacy during policy reconciliation. We introduce new protocols that meet the privacy requirements of the organizations and allow parties to find a common policy rule which optimizes their individual preferences. 1