Policy refinement of network services for MANETs

Author

Zhao, Hang ; Lobo, Jorge ; Roy, Amab ; Bellovin, Steven M.

Author_Institution

Dept. of Comput. Sci., Columbia Univ., New York, NY, USA

fYear

2011

fDate

23-27 May 2011

Firstpage

113

Lastpage

120

Abstract

In this paper, we describe a framework for a refinement scheme located in a centralized policy server that consists of three components: a knowledge database, a refinement rule set, and a policy repository. The refinement process includes two successive steps: policy transformation and policy composition. Our refinement scheme takes policies written in our logic-based abstract policy language as input and generates low level rules directly implementable by individual enforcement points. We provide concrete policy examples in a coalition scenario that forms a mobile ad hoc network (MANET). We demonstrate policy composition using a distributed firewall scheme named ROFL (ROuting as the Firewall Layer) and access control list as enforcement mechanisms.

Keywords

authorisation; mobile ad hoc networks; telecommunication security; MANET; access control list; centralized policy server; distributed firewall scheme; enforcement mechanism; knowledge database; logic-based abstract policy language; mobile ad hoc network; network services; policy composition; policy refinement; policy repository; policy transformation; refinement rule set; routing as the firewall layer; Ad hoc networks; Cryptography; Databases; Fires; Laboratories; Mobile computing; Authorization; MANETs; Policy; Refinement;

fLanguage

English

Publisher

ieee

Conference_Titel

Integrated Network Management (IM), 2011 IFIP/IEEE International Symposium on

Conference_Location

Dublin

Print_ISBN

978-1-4244-9219-0

Electronic_ISBN

978-1-4244-9220-6

Type

conf

DOI

10.1109/INM.2011.5990681

Filename

5990681