A formalized methodology for constructing safe multiphase protocols

Communication protocols typically go through different phases, where each one performs a distinct function. Phases are implemented as layers (i.e., a protocol constructed on the OSI model) or as alternative functions (a protocol which can perform many functions, but is limited to performing one at a time). In either case, each phase is itself a protocol which can be modelled as a communicating finite state machine. A multiphase communication protocol is constructed by connecting a state (or states) of protocol A to a state (or states) of protocol B in such a way that if the component protocols A and B are safe, then the multiphase protocol is safe. C.H. Chow et al. (1985) proposed a method for connecting states which has this property. An improved method was subsequently proposed by H.A. Lin and C.L. Tarng (1993). We discuss a new protocol verification method which we use to analyze, construct, and verify a multiphase protocol. The State Transition Generation Algorithm, an algorithm which we have developed based upon the method of Lin and Tarng, is used to analyze Prolog specifications for two communicating finite state machines being combined, and to generate any new transitions that are required to ensure the new multiphase protocol is safe. We then use a protocol modelling language and two automated protocol verification tools to construct and verify the multiphase protocol. The multiphase protocol is shown to be safe with respect to specific correctness criteria when the component protocols are augmented with the new transitions generated by the State Transition Generation Algorithm