PhD ThesisNon-repudiation is an aspect of security that is concerned with the creation of irrefutable audits of
an interaction. Ensuring the audit is irrefutable and verifiable by a third party is not a trivial task.
A lot of supporting infrastructure is required which adds large expense to the interaction. This
infrastructure comprises, (i) a non-repudiation aware run-time environment, (ii) several purpose
built trusted services and (iii) an appropriate non-repudiation protocol. This thesis presents design
and implementation of such an infrastructure. The runtime environment makes use of several trusted
services to achieve external verification of the audit trail. Non-repudiation is achieved by executing
fair non-repudiation protocols. The Fairness property of the non-repudiation protocol allows a
participant to protect their own interests by preventing any party from gaining an advantage by
misbehaviour. The infrastructure has two novel aspects; extensibility and support for automated
implementation of protocols.
Extensibility is achieved by implementing the infrastructure in middleware and by presenting a
large variety of non-repudiable business interaction patterns to the application (a non-repudiable
interaction pattern is a higher level protocol composed from one or more non-repudiation protocols).
The middleware is highly configurable allowing new non-repudiation protocols and interaction
patterns to be easily added, without disrupting the application.
This thesis presents a rigorous mechanism for automated implementation of non-repudiation
protocols. This ensures that the protocol being executed is that which was intended and verified
by the protocol designer. A family of non-repudiation protocols are taken and inspected. This
inspection allows a set of generic finite state machines to be produced. These finite state machines
can be used to maintain protocol state and manage the sending and receiving of appropriate protocol
messages.
A concrete implementation of the run-time environment and the protocol generation techniques is
presented. This implementation is based on industry supported Web service standards and services.EPSRC, The Hewlett Packard Arjuna La