Towards a Framework for Autonomic Security Protocols Simon N. Foley and Hongbin Zhou Boole Centre for Research in Informatics, Department of Computer Science, University College, Cork, Ireland. {s.foley,zhou}@cs.ucc.ie Abstract. This paper proposes a belief logic based approach that al- lows principals to negotiate and on-the-ﬂy generate security protocols. When principals wish to interact then, rather than oﬀering each other a ﬁxed menu of ‘known’ protocols, they negotiate and generate a new protocol that is tailored speciﬁcally to their current security environ- ment and requirements. This approach provides a basis for autonomic security protocols. Such protocols are self-conﬁguring since only princi- pal assumptions and protocol goals need to be a-priori conﬁgured. The approach has the potential to survive security compromises that can be modelled as changes in the beliefs of the principals. A compromise of a key or a change in the trust relationships between principals can result in a principal self-healing and synthesising a new protocol to survive the event. 1 Introduction Networked services and applications are typically commissioned with a ﬁxed repertoire of security protocols that provide for necessary authen- tication, key-exchange, non-repudiation, delegation, and so forth. Appli- cations and services are expected to negotiate with each other and agree on appropriate security protocols that both can (and are willing to) use. A simple example is a web-service that requires clients to establish SSL based connections. When negotiating a connection, the client and server agree on the version of the protocol to use. While protocols may be de- signed to support a range of diﬀerent underlying authentication protocols, and so forth, it is not feasible to expect principals to be, a priori, conver- sant in all possible protocols. Protocol agnostic approaches such as Jini [8] allow resource providers to register the protocol, that its clients should use, with a Jini Server. While more ﬂexible, the provider’s protocol is ﬁxed and is not generally suitable for security protocols.