chapter  8
10 Pages

Tool support

One of the most challenging issues for the QoP models is performing a multilevel

evaluation for complex and distributed systems. The manual analysis of such sys-

tems is almost impossible to perform. The analysis of any type of the security pro-

tocol is difficult when the experts do not use automated tools. In literature, we can

indicate programs which helped the experts analyze the protocols. We can indicate

the AVISPA tool [15, 88] or ProVerif [18, 49] application, which verifies security

properties for cryptographic protocols. From the Quality of Protection analysis point

of view, AVISPA and ProVerif have two limitations. The first one refers to the types

of the function which can be modeled; one can model only cryptographic primitives

and cryptographic algorithms. The full QoP analysis must refer to all security factors

which affect overall system security. The second limitation is that these languages

do not provide the structure for evaluation of the security factors’ performance. In

the literature one can indicate the tool for QoP analysis which is modeled on the

UMLsec [39]. This tool can be used for automated analysis of simple models but

when we would like to analyze the scenarios when thousands of hosts take part in

the protocol, then the analysis is too complex and cannot be done properly.