A spatio-temporal role-based access control model for wireless LAN security policy management

被引：0

作者：

Bera P. ^{[1
]}

Ghosh S.K. ^{[1
]}

Dasgupta P. ^{[2
]}

机构：

[1] Department of Computer science and Engineering, Indian Institute of Technology

来源：

Communications in Computer and Information Science | 2010年 / 54卷

关键词：

Wireless local area networks (WLAN);

D O I：

10.1007/978-3-642-12035-0_9

中图分类号：

学科分类号：

摘要：

The widespread proliferation of wireless networks (WLAN) has opened up new paradigms of security policy management in enterprise networks. To enforce the organizational security policies in wireless local area networks (WLANs), it is required to protect the network resources from unauthorized access. In WLAN security policy management, the standard IP based access control mechanisms are not sufficient to meet the organizational requirements due to its dynamic topology characteristics. In such dynamic network environments, the role-based access control (RBAC) mechanisms can be deployed to strengthen the security perimeter over the network resources. Further, there is a need to incorporate time and location dependent constraints in the access control models. In this paper, we propose a WLAN security management system which supports a spatio-temporal RBAC (STRBAC) model. The system stems from logical partitioning of the WLAN topology into various security policy zones. It includes a Global Policy Server (GPS) that formalizes the organizational access policies and determines the high level policy configurations for different policy zones; a Central Authentication & Role Server (CARS) which authenticates the users (or nodes) and the access points (AP) in various zones and also assigns appropriate roles to the users. Each policy zone consists of an Wireless Policy Zone Controller (WPZCon) that co-ordinates with a dedicated Local Role Server (LRS) to extract the low level access configurations corresponding to the zone access points. We also propose a formal spatio-temporal RBAC (STRBAC) model to represent the security policies formally. © 2010 Springer-Verlag Berlin Heidelberg.

引用

页码：76 / 88

页数：12

共 12 条

[1] Basile C., Lioy A., Prez G.M., Clemente F.J.G., Skarmeta A.F.G., POSITIF: A policy-based security management system, 8th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2007), 2007, (2007)
[2] Lapiotis G., Kim B., Das S., Anjum F., A Policy-based Approach to Wireless LAN Security Management, International Workshop on Security and Privacy for Emerging Areas in Communication, 2005, pp. 181-189, (2005)
[3] Burns J., Cheng A., Gurung P., Rajagopalan S., Rao P., Rosenbluth D., Martin D., Automatic mnagement of network security policy, Proceedings of the 2nd DARPA Information Survivability Conference and Exposition (DISCEX II), 2001, pp. 12-26, (2001)
[4] Yavatkar R., Pendarakis D., Guerin R., RFC 2753: A Framework for Policy-based Admission Control, Internet Society, pp. 1-20, (2000)
[5] Westrinen A., Schnizlein J., Strassner J., Scherling M., Quinn B., Herzog S., Carlson M., Perry J., Wldbusser S., RFC 3198: Terminology for policy-based management, Internet Society, pp. 1-21, (2001)
[6] Chandha R., Lapiotis G., Wright S., Special issue on policy-based networking, IEEE Network Magazine, 16, 2, pp. 8-56, (2002)
[7] Ferraiolo D.F., Sandhu R., Gavrila S., Kuhn D.R., Chandramouli R., Proposed NIST standard for role-based access control, ACM Trnsactions on Information and Systems Security, 4, 3, (2001)
[8] Joshi J.B.D., Bertino E., Latif U., Ghafoor A., A generalized temporal role- based access control model, IEEE Transactions on Knowledge and Data Engineering, 17, 1, pp. 4-23, (2005)
[9] Bertino E., Catania B., Damiani M.L., Perlasca P., GEO-RBAC: A spatially aware RBAC, SACMAT 2005: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies, pp. 29-37, (2005)
[10] Ray I., Toahchoodee M., A spatio-temporal role-based access control model, LNCS, 4602, pp. 211-226, (2007)

← 1 2 →