Deny-by-Default Distributed Security Policy Enforcement in Mobile Ad Hoc Networks

Mansoor Alicherry; Angelos D. Keromytis; Angelos Stavrou

Deny-by-Default Distributed Security Policy Enforcement in Mobile Ad Hoc Networks
Alicherry, Mansoor
Keromytis, Angelos D.
Stavrou, Angelos
Computer Science
Permanent URL:
Part Number:
Book/Journal Title:
Security and Privacy in Communication Networks: 5th International ICST Conference, SecureComm 2009, Athens, Greece, September 14-18, 2009: Revised Selected Papers
Book Author:
Chen, Yan
Publisher Location:
New York
Mobile Ad-hoc Networks (MANETs) are increasingly employed in tactical military and civil rapid-deployment networks, including emergency rescue operations and ad hoc disaster-relief networks. However, this flexibility of MANETs comes at a price, when compared to wired and base station-based wireless networks: MANETs are susceptible to both insider and outsider attacks. This is mainly because of the lack of a well-defined defense perimeter preventing the effective use of wired defenses including firewalls and intrusion detection systems. We introduce a novel distributed security policy enforcement architecture that is designed specifically for MANETs. Our approach harnesses and extends the concept of network capabilities and is especially suited for mobile and heterogeneous communication environments. Our model imposes communication restrictions between MANET nodes by enforcing hop-by-hop policies in a distributed manner. We use a deny-by-default principle, allowing compromised nodes to access only authorized services. This significantly limits their ability disrupt or even interfere with end-to-end connectivity and nodes beyond their local communication radius. In this short paper, we only present the overall architecture of the system.
Computer science
Publisher DOI:
Item views:
text | xml
Suggested Citation:
Mansoor Alicherry, Angelos D. Keromytis, Angelos Stavrou, 2009, Deny-by-Default Distributed Security Policy Enforcement in Mobile Ad Hoc Networks, Columbia University Academic Commons, http://hdl.handle.net/10022/AC:P:10853.

In Partnership with the Center for Digital Research and Scholarship at Columbia University Libraries/Information Services | Terms of Use | Copyright