Design and implementation of extensible middleware for non-repudiable interactions

Non-repudiation is an aspect of security that is concerned with the creation of irrefutable audits ofan interaction. Ensuring the audit is irrefutable and verifiable by a third party is not a trivial task.A lot of supporting infrastructure is required which adds large expense to the interaction. Thisinfrastructure comprises, (i) a non-repudiation aware run-time environment, (ii) several purposebuilt trusted services and (iii) an appropriate non-repudiation protocol. This thesis presents designand implementation of such an infrastructure. The runtime environment makes use of several trustedservices to achieve external verification of the audit trail. Non-repudiation is achieved by executingfair non-repudiation protocols. The Fairness property of the non-repudiation protocol allows aparticipant to protect their own interests by preventing any party from gaining an advantage bymisbehaviour. The infrastructure has two novel aspects; extensibility and support for automatedimplementation of protocols.Extensibility is achieved by implementing the infrastructure in middleware and by presenting alarge variety of non-repudiable business interaction patterns to the application (a non-repudiableinteraction pattern is a higher level protocol composed from one or more non-repudiation proto-cols). The middleware is highly configurable allowing new non-repudiation protocols and interactionpatterns to be easily added, without disrupting the application.This thesis presents a rigorous mechanism for automated implementation of non-repudiationprotocols. This ensures that the protocol being executed is that which was intended and verifiedby the protocol designer. A family of non-repudiation protocols are taken and inspected. Thisinspection allows a set of generic finite state machines to be produced. These finite state machinescan be used to maintain protocol state and manage the sending and receiving of appropriate protocolmessages.A concrete implementation of the run-time environment and the protocol generation techniques ispresented. This implementation is based on industry supported Web service standards and services.