CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

A Protection Scheme For Security Policies In Ubiquitous Environments Using One-Way Functions

Håkan Kvarnström (Institutionen för datorteknik, Datasäkerhet) ; Hans Hedbom (Institutionen för datorteknik, Datasäkerhet) ; Erland Jonsson (Institutionen för datorteknik, Datasäkerhet)
UBICOMP2002 - Workshop on Security in Ubiquitous Computing, Göteborg, 29 September 2002 (2002)
[Konferensbidrag, refereegranskat]

This paper addresses the problem of protecting security policies and other security-related information in security mechanisms and products, such as the detection policy in an Intrusion Detection System (IDS) or the filtering policy in a firewall. Unauthorized disclosure of the such information is particularly serious, since it might reveal the fundamental principles and methods for the security and protection of the whole system or network, which is much more far-reaching that the protection of the target system or security mechanism itself. This problem is especially noticeable in ubiquitous environments where a possible large number of nodes need knowledge about the security policy of their domain. In order to avoid this risk we suggest that security information should be protected using one-way functions and the paper suggests a basic scheme for protecting stateless policies. A stateless policy is a policy that only takes the current event into consideration when decisions are made and not the preceding chain of events. Thus, the process of comparing events towards the policy, i.e. making decisions, could be done in much the same way that passwords are hashed and compared in UNIX systems. However, one important distinction is that security policies contain a certain variability that must be handled and a method for this is discussed. The suggested scheme is very basic and has certain drawbacks as regards practical implementation, but does still clearly demonstrate the protection principle. We expect further research to result in extended methods that are more suitable for practical design.

Nyckelord: intrusion detection systems, detection policy, protection schemes, one-way functions

Denna post skapades 2013-06-13.
CPL Pubid: 178387


Läs direkt!

Länk till annan sajt (kan kräva inloggning)

Institutioner (Chalmers)

Institutionen för datorteknik, Datasäkerhet (2002-2004)


Data- och informationsvetenskap

Chalmers infrastruktur