csperkins.org

Improving Protocol Standards for a more Trustworthy Internet

I'm pleased that the EPSRC has agreed to support our work on "Improving Protocol Standards for a more Trustworthy Internet". This is a two year project, funded under the Engineering for a Prosperous Nation call, that aims to make the Internet more robust by improving the way in which the underlying protocol standards are developed. Stephen McQuistin will join the project as a Research Assistant, and I expect to advertise for a further RA position shortly.

This project will make the Internet's infrastructure and applications more reliable and secure, more trustworthy and less vulnerable to cyber attack, by improving the engineering processes by which the network is designed. The Internet comprises a large number of laptops, smartphones, and other edge devices, connecting to servers located in data centres around the world via numerous interconnecting links and switching devices. To make this work, all the devices must agree on how they should communicate. That is, they must speak a common language, known as a "protocol" that describes the format of the information that is sent and the operations to be performed. There are many such protocols, describing the different types of communication. For example, the HTTP protocol describes how browsers fetch pages from websites.

IETF logo

To ensure interoperability between devices from different manufacturers, these protocols are described in a series of standards documents, published by organisations such as the Internet Engineering Task Force (IETF). These standards are developed incrementally by teams of engineers working over several months, or perhaps years, to produce a written specification that describes how the protocol should work. Despite the best efforts of those developing the standards, however, the results are often found to contain inconsistencies and ambiguities. These can lead to devices from different manufacturers failing to work together, due to differing interpretations of the standard, and in the worst cases can lead to vulnerabilities that open devices up to cyber attack.

Much of the reason for these inconsistencies and ambiguities is that the protocol standards are written in English, and hence there's no automated way of checking them for correctness. Researchers have proposed ways of describing protocols using methods (known as "formal languages") that are more like computer programming languages, and that would allow automated consistency checks to be made, but these have not been widely adopted by the standards community.

This project will study the social, cultural, and educational barriers to adoption of these new techniques, to understand why standards continue to be written in English. We will explore the perceived limitations of the alternatives, to understand why they've been adopted in certain niches, and for certain purposes, but are not used more broadly in standards development.

We'll then formulate a model for the adoption of formal languages and their supporting tools in the protocol standards community, and use it identify areas that are ready to increase use of such techniques in their standards. Finally, we'll use the knowledge gained to propose formal languages, that are designed to fit the way the standards developers work, and begin the process of introducing these into the standards process, to improve protocol specifications and make them less vulnerable to attack. The work will be conduced in the IETF, since it's the key international technical standards body developing Internet protocol standards. The aim is to improve the quality and trustworthiness of the standards that the IETF develops, and increase security, robustness, and interoperability of the Internet. The novel engineering research idea we will explore is that formal languages need to be adapted to the community of interest. It is not enough that they help solve the technical problem of how to specify a protocol: they must do so in a way that fits the expertise and culture of those who need to use them. Research into structured approaches and formal languages for protocol design has not yet considered the nature of the standards process, and hence has not seen wide uptake. We start with a deep awareness of the standards process, consider social and technical barriers to uptake, and propose new techniques to improve the way standards are developed.