Soumya Maity

An access control framework for semi-infrastructured Ad hoc networks

A semi-infrastructured ad hoc network is a wireless MANET subnetwork connected to a structured backbone network (LAN). This kind of network is becoming popular for low cost implementation and practicability issues. But the security is being considered as the major bottleneck of such semi-infrastructured Ad Hoc network. Uncontrolled access medium, dynamically changing topology, mobility of the hosts in the Ad Hoc mode challenges the security issues if the overall organizational network. In this paper a framework has been proposed to enforce Access Control Policy over such network. Both reactive and proactive routing is considered to implement the access control mechanism. The basis of the framework lies on distributed enforcement of the global access policy through different Policy Enforcing Nodes (PEN). The backbone network contains the Global Policy Management Server (GPMS) and Authentication Server. PENs after being selected and authorized by the GPMS take the responsibility to distribute the Access Control Rules to different Ad Hoc nodes. We have considered an underlying trust model is already implemented over the Ad Hoc network and the nodes are capable to handle symmetric key encryption for Message Authentication. The recent advancement of the research in MANET con rms the assumptions are valid.

Enforcement of access control policy for mobile ad hoc networks

Mobile ad hoc networks (MANETs) lacks enforcement of policy-based access control mechanism to restrict unauthorized accesses on the network resources. Policy-based security infrastructure in MANET is more complex than traditional network due to uncontrolled media access and absence of network perimeters. As access control needs to be applied in a distributed manner, considering the mobility of nodes, traditional security technologies like firewall, IDS etc. cannot fit for MANET. So, to ensure security, distribution and enforcement of the policy rules over different nodes in MANET are the major research challenges. This work proposes a distributed policy-based access control framework for MANET.

A mobile IP based WLAN security management framework with reconfigurable hardware acceleration

The increasing use of wireless technologies in enterprise networks demands strong security management and policy enforcement mechanisms. The conventional security management frameworks used in wired LAN do not suit in wireless domain due to dynamic topology and mobility of hosts. The enforcement of organizational security policies in wireless LAN requires appropriate access control models as well as correct distribution of access control rules in the network access points. In this paper, we propose a WLAN security management framework supported by a spatio-temporal RBAC (STRBAC) model. The concept of mobile IP has been used to ensure a fixed layer 3 address of a mobile host. Each wireless policy zone consists of a Policy Zone Controller that coordinates with a dedicated Local Role Server to extract the low level access configurations corresponding to the zone access routers. The system can be mapped into a reconfigurable hardware to exploit the parallelism in computing. We also propose a formal STRBAC model to represent the global security policies formally and a SAT based decision procedure to verify the access configurations

A Cognitive Trust Model for Access Control Framework in MANET

The proliferation in installation of mobile ad hoc networks (MANET) in different fields of application demands attention in enforcement of trust-based security access control. The decentralized and mobile characteristics of MANET, restrains the traditional access control mechanisms to fit into it. In a MANEt, all peers or nodes are not equally trustworthy to request for a service or to transmit a packet. In decentralized system, concept of social trust has been introduced to compute how trustworthy the peer is. A number of trust models have been proposed by the researchers in the past decade, but still exists a lack of proper integration of trust-based access control with mission-critical MANET. In this paper, we propose an access control framework equipped with cognitive trust-based model. The framework integrates aspect of cognition based trust and reputation model, certification based participation schemes and an overall security access control mechanism for MANET nodes. We argue our proposed scheme is realistic and our approach preserves network properties of mobile ad hoc networks and individual characteristics of the nodes.

QoS prediction for network data traffic using hierarchical modified regularized least squares rough support vector regression

In this paper, we present a novel approach for predicting QoS on networks having complex traffic and multitenant architecture. We propose a soft computing based hierarchical modified regularized least squares rough support vector regression approach on network traffic to deliver better QoS. QoS prediction takes advantage of past service usage experiences. It does not consume any additional invocations of network services and avoids time consuming real world service incantations. We discuss the proposed approach and provide important aspects of QoS prediction. The experiments are conducted on real world public dataset and compared with benchmark dataset. The results show that proposed approach achieves high prediction accuracies than other techniques.

A Query based Formal Security Analysis Framework for Enterprise LAN

The complex security constraints in present day enterprise networks (wired or wireless LAN) demand formal analysis of security policy configurations deployed in the network. One of the needs of a network administrator is to evaluate network service accesses through appropriate queries. The security policy is represented as set of rules for allowing/denying various service accesses through the network and may have spatio-temporal access constraints. The role-based access control (RBAC) mechanisms can also be deployed to strengthen the security perimeter. This paper presents a query based security analysis framework for enterprise networks. It evaluates various service access queries which returns the set of services allowed between specified source and destination network zones under spatio-temporal RBAC constraints. The framework includes (i) a distributed network security policy management system; (ii) a formal model for representing the network topology and STRBAC policy configurations; (iii) a query processing module for analyzing the access model with various queries. The queries are evaluated through a SAT based decision procedure. The framework is applicable for both wired and wireless networks.

Formal integrated network security analysis tool: formal query-based network security configuration analysis

Owing to increasing complexity of network configurations with large topology and use of heterogeneous network services, enterprise networks deploy various security measures based on the organisational security policies. Typically, security policy represents the high level requirements for controlling the resource accesses by traffic source, destination, protocol, access time and so on. Security policies are implemented in the network devices (routers, firewalls and so on) in a distributed fashion through various access control lists (ACLs). The ACL configurations may contain different level of inconsistencies which may make the network vulnerable. In addition, there may exist inconsistent ‘hidden access paths’ in the implementation because of transitive access relationships between the network services. Further, the failure of network link(s) may form alternative routing paths that violate ACL. Manual analysis of this problem can be overwhelming and potentially inaccurate. In this study, a query-based formal security analysis tool has been presented that automates the process using Boolean satisfiability (SAT). The tool allows network administrators to systematically evaluate the distributed ACL configurations through various standard and complex service access queries. The tool evaluates the static access queries through SAT-based decision procedures, and the fault-based queries (under network link failures) through graph mining procedures.

PoliCon: a policy conciliation framework for heterogeneous mobile ad hoc networks

It is increasingly important to implement a conflict-free access control policies for co-allied networks where different organizations are involve for a common goal. Mobile ad hoc networks are widely used for mission critical situations where teams from different organizational networks cooperate to form a single network to implement their respective operations. These teams or quads have different sets of local policies enforced for their own security resulting heterogeneity in access control. Each team wants to preserve its access control policies at a maximum level. Moreover, a set of allied policies govern the cooperation and interaction between the different teams, which may conflict with their local policies. The policy conflicts arise from the transitivity of policy rules, mobility of the nodes, cooperative behaviors, and so on. In addition, the policy rules may be temporal or static. To achieve the successful completion of the mission, it may be required to compromise with the stringency of the enforcement of the conflicting rules for the quads. In this paper, we propose an automated and formal framework to find the optimal conciliation of the policy rules to preserve the mission and thus ensure minimal compromise with the enforcement of policy for each quad. The efficacy of the work lies on optimizing the enforcement of access control policies to achieve the coalition instead of negating the policy. Copyright

Conflict Resolution in Heterogeneous Co-allied MANET: A Formal Approach

Implementing a conflict free access control policies for coallied networks where different organizations involve for a common goal is becoming important. In mission-critical scenarios, different organizational networks cooperate to form a single mobile ad hoc network to implement their respective operations. These teams or quads are operated under different set of local policies for their own security, which results heterogeneity in access control. Each team wants to preserve its access control policies at maximum level. Moreover, a set of allied policies governs the interaction among the different teams, which may conflict with their local policies. In mobile ad hoc networks this becomes more challenging due to absence of network perimeter and mobility. In addition, the policy rules may have local and transitive conflicts. To achieve successful completion of the mission, compromising with the stringency of the enforcement of the conflicting rules for the quads may be required. In this paper, we propose a formal method to find the optimal negotiation of the policy rules to preserve the mission. The efficacy of the work lies on optimizing the enforcement of access control policies to achieve the coalition instead of negating the policy.

Policy Based ACL Configuration Synthesis in Enterprise Networks: A Formal Approach

Due to extensive use of network services and applications, most of the enterprise networks today deploy policy based security devices (e.g. routers, firewalls, IPSec etc.) for controlling accesses to network resources based on organizational security policy. The organizational network security policy is becoming more fine-grained, where access control list (ACL) configuration depends on various constraints like, service priority, time, location etc. The major challenge that the network administrators are facing today is to determine the correct access control configurations that satisfy the organizational policy. Throughout the last two decades, a significant amount of research has been done in formally verifying the correctness and consistency of access control policy configurations in enterprise network. However, this bottom-up analysis may not be useful because of its high state-space requirement for large scale networks. In addition, this approach requires repairing sequences of misconfigurations iteratively to meet a specific requirement. This paper presents a framework for synthesizing correct and conflict-free ACL configuration model, given the global organizational security policy and underlying network topology. This framework includes two major functions: (i) deriving the conflict-free model of the organizational security policy, and (ii) extraction of the correct ACL distributions for the network. The framework formally models the organizational security policy and generates the conflict-free policy model by resolving the policy rule conflicts. Then, ACL model is extracted based on the conflict-free policy model and the underlying network topology. The efficacy of the proposed framework has been demonstrated through a case study.