We specify and verify a connection management protocol for use between entities connected by channels that can lose, reorder, and duplicate messages. The protocol is symmetric. Each entity is in one of the following states: closed, listen, open, active opening, passive opening, or closing. The first three are stable states to be exited only by user request, while the last three are transient states. Each entity maintains a local incarnation number at all times, and a remote incarnation number only when opening, open, and closing. Our protocol employs the 3-way handshake used in TCP and ISO Transport Protocol (Class 4).
rnWe verify the safety property that when an entity is open, its remote incarnation number matches the remote entity's local incarnation number. This ensures that data messages from past connection instances are not delivered to the user. We verify the following progress properties: an actively opening entity will eventually establish a connection, provided that the remote entity is willing to communicate or is itself actively opening; the states of active opening, passive opening, and closing are transient; if the entities remain closed, the channels will eventually become empty, assuming messages have a maximum lifetime.
rnThis protocol specification can be immediately combined with the data transfer protocol specifications presented in [SHAN1, SHAN2, SHAN3] to provide a transport layer protocol with the functions of connection management and two-way data transfer. The verifications too can be immediately combined to provide a hierarchical verification of the multi-function protocol. The specifications and verifications can be combined because the connection management and data transfer protocols are images of the multi-function protocol. This illustrates the power of protocol projections in constructing multi-function protocols.
我们指定并验证连接管理协议,以供通过可能丢失,重新排序和重复消息的渠道连接的实体之间使用。该协议是对称的。每个实体都处于以下状态之一:关闭,监听,打开,主动打开,被动打开或关闭。前三个是稳定状态,只能通过用户请求退出,而后三个是瞬态。每个实体始终保持本地化身编号,仅在打开,打开和关闭时维护一个远程化身编号。我们的协议采用了TCP和ISO传输协议(第4类)中使用的三向握手。 P> rn
我们验证安全性,即当实体打开时,其远程化身编号与远程实体的本地化身匹配数。这样可以确保来自过去的连接实例的数据消息不会传递给用户。我们验证以下进度属性:主动打开的实体最终将建立连接,前提是远程实体愿意进行通信或自己正在主动打开;主动打开,被动打开和关闭的状态是瞬态的;如果实体保持关闭状态,则假定消息具有最长生存期,通道最终将变为空。 P> rn
该协议规范可以立即与[SHAN1,SHAN2,SHAN3]中介绍的数据传输协议规范结合使用提供具有连接管理和双向数据传输功能的传输层协议。验证也可以立即组合以提供多功能协议的分层验证。由于连接管理和数据传输协议是多功能协议的映像,因此可以组合规格和验证。这说明了协议投影在构建多功能协议中的强大功能。 P>
Univ. of Maryland, College Park;
机译:传输层的连接管理:服务规范和协议验证
机译:基于真实MANET实验的传输层协议(UDP和TCP)仿真模型的开发和验证
机译:在计算模型中使用Crypto Verif对传输层安全1.2协议的安全属性进行机械化验证
机译:自动验证NBS 4类传输协议的连接管理
机译:分层通讯协议的规范,组成和自动验证。
机译:影响空穴传输层对反型热稳定性的影响使用加速热寿命协议的有机光伏
机译:在会话描述协议(SDP)中,通过传输层安全(TLS)协议的连接介质传输
机译:基于定时器的可靠传输协议连接管理机制:TCp和Delta-T协议方法的比较