Research And Implementation Of Multi-objective-language-oriented Automatic Code Generation For Security Protocols

At present, the code realization of a security protocol is still mainly dependent onmanual coding. However, manual coding is inefficient, error-prone and easy tointroduce flaws, and it also militates against the revise and updates of security protocols.The automatic code realization of a security protocol has not been extensively anddeeply investigated, and the existing work also has many shortcomings.Therefore, we put forward a multi-objective-language-oriented automatic codegeneration scheme for security protocols. Firstly, we design a formal description methodof security protocols based on XML to map the abstract protocol to its XMLspecification. Secondly, we provide a basic support for the running of security protocolswith a reusable object-oriented code skeleton. Finally, we develop an interpreter totranslate XML specification into the corresponding objective code.To enhance the security and robustness of the generated code, we focus on thefollowing aspects:(1) In the protocol design stage, we translate the XML specificationof security protocol into the corresponding CAPSL specification before code generation,which makes it impossible to use the existing formal verification tools to analyzeprotocol security, and avoid some flaws or attacks.(2) In the protocol realization stage,we propose and implement some practical methods to prevent parallel session attacksand type flaw attacks that are common in security protocols.Compared with manual coding, our scheme can improve the efficiency of protocoldevelopment, shorten the development cycle, save lots of manual costs, reduce theprogramming workload, avoid some code deficiencies and improve the security androbustness of protocol realization. The scheme is also suitable for deploying andupdating security protocols in distributed system. Compared with the existing schemes,this scheme has advantages on universality, the selectivity of algorithms, expandability,the formalization knowledge, the support of multi-objective language, and avoidingflaws in code.