We propose a holistic Model-Based Protocol Specification (MBPS) framework. Standards, procedures, and protocols are important anchors for interconnected systems: they facilitate the connectivity of billions of devices around the world, commodify advanced technologies and solutions, and enable efficient services involving trillions of transactions in aviation, medicine, e-commerce, transportation, infrastructure, and other domains. Domain protocols allow for conventional interactions within a domain among ecosystem entities and humans (eg, airline ticketing, financial transactions, etc). Protocol specifications must be formal, consistent, and verifiable. Nevertheless, most current standard protocols are text-based, unverifiable, and often inconsistent with themselves and with other standards. Text-based standards are difficult to manage, track, control, and adopt. MBPS includes three critical enablers: a modeling language, a modeling process, and a model-supported standardization process. This paper employs Object-Process Methodology (OPM), a model-based systems engineering framework, endorsed as ISO-19450, for modeling and simulation of the generic protocol specification process and for two examples: (a) a Kerberos authentication protocol revision based on a previous Kerberos model and on a recently discovered vulnerability and (b) a domain-specific Publish-Subscribe protocol application for selective information distribution. K E Y W O R D S formal protocol specification, Kerberos, model-based systems engineering (MBSE), objectprocess methodology (OPM), publish-subscribe
INTRODUCTIONThe ISO 9000 revolution in the world of business process management and quality led to clear definitions of the terms standard and procedure. 1 A standard is a specification of requirements, guidelines, or characteristics that can be used consistently to ensure that materials, products, processes, and services are fit for their purpose. As this definition implies, standards are nonbinding, often informal documents, yet broadly accepted, adopted, and applied, even if they lack in formality. Standards often include or constitute specifications of procedures and protocols, among other elements such as conventions, attributes, and quality requirements. A procedure is a specification of an activity or process. The term protocol, which originated from the domains of law and diplomacy, has become a common term in computer and communication technology for formal conventions. Large standardization bodies publish standards for common practices, industry-wide conventions, solution integration, compatibility, exchangeability, and interoperability. The International Organization for Standardization (ISO), the Institute of Electrical and Electronics Engineers (IEEE), the US Federal Drug Administration (FDA), the Inter-net Engineering Task Force (IETF) and the Object Modeling Group (OMG) are major standardization bodies. Standards are sometimes premature, when they are formed for emerging domains, such as Internet of Things (IoT) 2,3 and electric v...