首页    期刊浏览 2024年11月24日 星期日
登录注册

文章基本信息

  • 标题:A Formal Verification Framework for Security Policy Management in Mobile IP Based WLAN
  • 本地全文:下载
  • 作者:Soumya Maity ; P Bera ; S K Ghosh
  • 期刊名称:International Journal of Network Security & Its Applications
  • 印刷版ISSN:0975-2307
  • 电子版ISSN:0974-9330
  • 出版年度:2010
  • 卷号:2
  • 期号:4
  • DOI:10.5121/ijnsa.2010.2415
  • 出版社:Academy & Industry Research Collaboration Center (AIRCC)
  • 摘要:The continuous advancement of wireless technologies especially for enterprise Wireless local area networks (LANs), demands well defined security mechanisms with appropriate architectural support to overcome various security loopholes. Implementing security policies on the basis of Role based Access Control (RBAC) models is an emerging field of research in WLAN security. However, verifying the correctness of the implemented policies over the distributed network devices with changes in topology, remains unexplored in the aforesaid domain. The enforcement of organizational security policies in WLANs require protection over the network resources from unauthorized access. Hence, it is required to ensure correct distribution of access control rules to the network access points conforming to the security policy. In WLAN security policy management, the standard IP based access control mechanisms are not sufficient to meet the organizational requirements due to its dynamic topology characteristics. In an enterprise network environments, the role-based access control (RBAC) mechanisms can be deployed to strengthen the security perimeter over the network resources. Further, there is a need to model the time and location dependent access constraints. In this paper, we propose a WLAN security management system supported by a formal spatio-temporal RBAC (STRBAC) model and a Boolean satisfiability (SAT) based verification framework. The concept of mobile IP has been used to ensure fixed layer 3 address mapping for the mobile hosts in a dynamic scenario. The system stems from logical partitioning of the WLAN topology into various security policy zones. It includes a Global Policy Server (GPS) that formalises the organisational access policies and determines the high level policy configurations for different policy zones; a Central Authentication & Role Server (CARS) which authenticates the users (or nodes) and the access points (AP) in various zones and also assigns appropriate roles to the users. Every host has to register their unique MAC address to a Central Authentication and Role Server(CARS). Each policy zone consists of an Wireless Policy Zone Controller (WPZCon) that coordinates with a dedicated Local Role Server (LRS) to extract the low level access configurations corresponding to the zone access router. We also propose a formal spatio-temporal RBAC (STRBAC) model to represent the global security policies formally and a SAT based verification framework to verify the access configurations
  • 关键词:WLAN; Security Policy; Verification; Mobile IP
国家哲学社会科学文献中心版权所有