Policy Refinement of Network Services for MANETs

In this paper, we describe a framework for a refinement scheme located in a centralized policy server that consists of three components: a knowledge database, a refinement rule set, and a policy repository. The refinement process includes two successive steps: policy transformation and policy composition. Our refinement scheme takes policies written in our logic-based abstract policy language as input and generates low level rules directly implementable by individual enforcement points. We provide concrete policy examples in a coalition scenario that forms a mobile ad hoc network (MANET). We demonstrate policy composition using a distributed firewall scheme named ROFL (ROuting as the Firewall Layer) and access control list as enforcement mechanisms

A Review of the Energy Efficient and Secure Multicast Routing Protocols for Mobile Ad hoc Networks

This paper presents a thorough survey of recent work addressing energy efficient multicast routing protocols and secure multicast routing protocols in Mobile Ad hoc Networks (MANETs). There are so many issues and solutions which witness the need of energy management and security in ad hoc wireless networks. The objective of a multicast routing protocol for MANETs is to support the propagation of data from a sender to all the receivers of a multicast group while trying to use the available bandwidth efficiently in the presence of frequent topology changes. Multicasting can improve the efficiency of the wireless link when sending multiple copies of messages by exploiting the inherent broadcast property of wireless transmission. Secure multicast routing plays a significant role in MANETs. However, offering energy efficient and secure multicast routing is a difficult and challenging task. In recent years, various multicast routing protocols have been proposed for MANETs. These protocols have distinguishing features and use different mechanismsComment: 15 page

Reliable Restricted Process Theory

Malfunctions of a mobile ad hoc network (MANET) protocol caused by a conceptual mistake in the protocol design, rather than unreliable communication, can often be detected only by considering communication among the nodes in the network to be reliable. In Restricted Broadcast Process Theory, which was developed for the specification and verification of MANET protocols, the communication operator is lossy. Replacing unreliable with reliable communication invalidates existing results for this process theory. We examine the effects of this adaptation on the semantics of the framework with regard to the non-blocking property of communication in MANETs, the notion of behavioral equivalence relation and its axiomatization. To utilize our complete axiomatization for analyzing the correctness of protocols at the syntactic level, we introduce a precongruence relation which abstracts away from a sequence of multi-hop communications, leading to an application-level action preconditioned by a multi-hop constraint over the topology. We illustrate the applicability of our framework through a simple routing protocol. To prove its correctness, we introduce a novel proof process, based on our precongruence relation

Security Policy Definition and Enforcement in Distributed Systems

Security in computer systems is concerned with protecting resources from unauthorized access while ensuring legitimate requests can be satisfied all the time. The recent growth of computer systems both in scale and complexity poses tremendous management challenges. Policy-based systems management is a very promising solution in this scenario. It allows the separation of the rules that govern the behavior choices of a system from the provided functionality, and can be adapted to handle a large number of system elements. In the past two decades there have been many advances in the field of policy research. Although existing solutions in centralized systems are well-established, they do not work nearly as well in distributed environments because of scalability, network partitions, and the heterogeneity of the endpoints. This dissertation contributes to this endeavor by proposing three novel techniques to address the problem of security policy definition and enforcement in large-scale distributed systems. To correctly enforce service and security requirements from users who have no intimate knowledge of the underlying systems, we introduce the first distributed policy refinement solution that translates high-level policies into low-level implementable rules, for which the syntax and semantics can be fully interpreted by individual enforcement points. Taking advantage of both the centralized and end-to-end enforcement approaches, we propose a novel policy algebra framework for policy delegation, composition and analysis. As a concrete instantiation of policy delegation enabled by the algebraic framework, we invent a novel firewall system, called ROFL (routing as the firewall layer), that implements packet filtering using the underlying routing techniques. ROFL implements a form of ubiquitous enforcement, and is able to drop malicious packets closer to their origins to save transmission bandwidth and battery power, especially for resource-limited devices in mobile ad hoc networks (MANET). The correctness and consistency of ROFL can be verified using policy algebra. It provides formalisms to address the complexity of distributed environments, increase assurance and show how to tune tradeoffs and improve security with ubiquitous enforcement. To demonstrate the effectiveness and efficiency of ROFL as a high-performance firewall mechanism, we analyze its performance quantitatively and conduct experiments in a simulated environment with two ad-hoc routing protocols. Empirical study shows that the increase in traffic for handling ROFL routing messages is more than outweighed by the savings by early drops of unwanted traffic

Policy Refinement: Decomposition and Operationalization for Dynamic Domains

We describe a method for policy refinement. The refinement process involves stages of decomposition, operationalization, deployment and re-refinement, and operates on policies expressed in a logical language flexible enough to be translated into many different enforceable policy dialects. We illustrate with examples from a coalition scenario, and describe how the stages of decomposition and operationaliztion work internally, and fit together in an interleaved fashion. Domains are represented in a logical formalization of UML diagrams. Both authorization and obligation policies are supported. © 2011 IFIP.Accepted versio

Understanding the role of mobile ad hoc networks in non-traditional contexts

With the rapid development of short-range wireless technology new venues to apply it in more sophisticated, complex, and dynamic environments have been opened. Nevertheless, the applicability of such technology in nontraditional settings like face-to-face encounters and disaster relief environments, remains unclear. This article describes a research effort aimed to narrow that gap by means of using two non-traditional settings as case studies; face-to-face encounters among unacquainted people and first responders in urban disaster relief environments. Among the results obtained are: a) interactions among unacquainted people may be promoted, though the level of interaction becomes easily constrained due to the current state of RF technology and the design of the experiments, and b) it is feasible to obtain a reliable communication platform for first responders operating in disaster relief missions. These results supports the idea that short-range wireless technology may play both a facilitator and a promoter role in face-to-face contexts, and at least a facilitator role in the case of users co-located in highly dynamic contexts.8th IFIP/IEEE International conference on Mobile and Wireless CommunicationRed de Universidades con Carreras en Informática (RedUNCI

Routing UAVs to Co-Optimize Mission Effectiveness and Network Performance with Dynamic Programming

In support of the Air Force Research Laboratory\u27s (AFRL) vision of the layered sensing operations center, command and control intelligence surveillance and reconnaissance (C2ISR) more focus must be placed on architectures that support information systems, rather than just the information systems themselves. By extending the role of UAVs beyond simply intelligence, surveillance, and reconnaissance (ISR) operations and into a dual-role with networking operations we can better utilize our information assets. To achieve the goal of dual-role UAVs, a concrete approach to planning must be taken. This research defines a mathematical model and a non-trivial deterministic algorithmic approach to determining UAV placement to support ad-hoc network capability, while maintaining the valuable service of surveillance activities