Taxonomy of conflicts in network security policies

Network security polices are essential elements in Internet security devices that provide traffic filtering, integrity, confidentiality, and authentication. Network security perimeter devices such as firewalls, IPSec, and IDS/IPS devices operate based on locally configured policies. However, configuring network security policies remains a complex and error-prone task due to rule dependency semantics and the interaction between policies in the network. This complexity is likely to increase as the network size increases. A successful deployment of a network security system requires global analysis of policy configurations of all network security devices in order to avoid policy conflicts and inconsistency. Policy conflicts may cause serious security breaches and network vulnerability such as blocking legitimate traffic, permitting unwanted traffic, and insecure data transmission. This article presents a comprehensive classification of security policy conflicts that might potentially exist in a single security device (intrapolicy conflicts) or between different network devices (interpolicy conflicts) in enterprise networks. We also show the high probability of creating such conflicts even by expert system administrators and network practitioners.     

A New Model for Secure Dissemination of XML Content

The paper proposes an approach to content dissemination that exploits the structural properties of an Extensible Markup Language (XML) document object model in order to provide an efficient dissemination and at the same time assuring content integrity and confidentiality. Our approach is based on the notion of encrypted postorder numbers that support the integrity and confidentiality requirements of XML content as well as facilitate efficient identification, extraction, and distribution of selected content portions. By using such notion, we develop a structure-based routing scheme that prevents information leaks in the XML data dissemination, and assures that content is delivered to users according to the access control policies, that is, policies specifying which users can receive which portions of the contents. Our proposed dissemination approach further enhances such structure-based, policy-based routing by combining it with multicast in order to achieve high efficiency in terms of bandwidth usage and speed of data delivery, thereby enhancing scalability. Our dissemination approach thus represents an efficient and secure mechanism for use in applications such as publish-subscribe systems for XML Documents. The publish-subscribe model restricts the consumer and document source information to the routers to which they register with. Our framework facilitates dissemination of contents with varying degrees of confidentiality and integrity requirements in a mix of trusted and untrusted networks, which is prevalent in current settings across enterprise networks and the Web. Also, it does not require the routers to be aware of any security policy in the sense that the routers do not need to implement any policy related to access control.     

Building an Application-Aware IPsec Policy System

As a security mechanism at the network-layer, the IP security protocol (IPsec) has been available for years, but its usage is limited to virtual private networks (VPNs). The end-to-end security services provided by IPsec have not been widely used. To bring the IPsec services into wide usage, a standard IPsec API is a potential solution. However, the realization of a user-friendly IPsec API involves many modifications on the current IPsec and Internet key exchange (IKE) implementations. An alternative approach is to configure application-specific IPsec policies, but the current IPsec policy system lacks the knowledge of the context of applications running at upper layers, making it infeasible to configure application-specific policies in practice. In this paper, we propose an application-aware IPsec policy system on the existing IPsec/IKE infrastructure, in which a socket monitor running in the application context reports the socket activities to the application policy engine. In turn, the engine translates the application policies into the underlying security policies, and then writes them into the IPsec security policy database (SPD) via the existing IPsec policy management interface. We implement a prototype in Linux (Kernel 2.6) and evaluate it in our testbed. The experimental results show that the overhead of policy translation is insignificant, and the overall system performance of the enhanced IPsec is comparable to those of security mechanisms at upper layers. Configured with the application-aware IPsec policies, both secured applications at upper layers and legacy applications can transparently obtain IP security enhancements.     

Timed secure colored Petri net based analysis of information flow

We present in this paper a novel framework named Timed Secure Colored Petri Net (Tscpn) to carry out security verification in a formal and systematic manner,Tscpn is a security policy model to both express time constraints on information (availability) and specify a wide range of information flow security requirements (through multilevel security policies such as Bell-LaPadula) in a decentralized way. We also propose a suitable analysis method to verify security properties by constructing and examining the state space of the constructed model. However as timed models are generally infinite, applying this method must pass by contracting its state space into a finite graph (state class graph) preserving properties of interest. According to this graph, it is possible to verify confidentiality and integrity, enforce control on information flow security, specify temporal access control and information availability. By using this formal method, many security drawbacks can be eliminated in advance during the system design.     

An Efficient,Scalable Key Transport Scheme (ESKTS) for Delay/Disruption Tolerant Networks

In the past, security protocols including key transport protocols are designed with the assumption that there are two parties communication with each other and an adversary tries to intercept this communication. In Delay/Disruption Tolerant Networking (DTN), packet delivery relies on intermediate parties in the communication path to store and forward the packets. DTN security architecture requires that integrity and authentication should be verified at intermediate nodes as well as at end nodes and confidentiality should be maintained for end communicating parties. This requires new security protocols and key management to be defined for DTN as traditional end-to-end security protocols will not work with DTN. To contribute towards solving this problem, we propose a novel Efficient and Scalable Key Transport Scheme (ESKTS) to transport the symmetric key generated at a DTN node to other communicating body securely using public key cryptography and proxy signatures. It is unique effort to design a key transport protocol in compliance with DTN architecture. ESKTS ensures that integrity and authentication is achieved at hop-by-hop level as well as end-to-end level. It also ensures end-to-end confidentiality and freshness for end communicating parties. This scheme provides a secure symmetric key transport mechanism based on public key cryptography to exploit the unique bundle buffering characteristics of DTN to reduce communication and computation cost .     

Non‐dominated sorting particle swarm optimization (NSPSO) and network security policy enforcement for Policy Space Analysis

Network operators depend on security services with the aim of safeguarding their IT infrastructure. Various types of network security policies are employed on a global scale and are disseminated among several security middleboxes implemented in networks. But, owing to the complications in security policies, it is not quite efficient to directly use the path‐wise enforcement schemes that are prevalent. The major motivation of this work is to improve security levels and solve the policy enforcement problem. For the first time, this work reports the issue of policy enforcement on middleboxes. The major contribution of this work is to design security policy enforcement as a Weighted K Set Covering Problem, and we designed a Policy Space Analysis (PSA) tool intended for a group of operations in the security policy. This PSA tool was developed based on range‐signified hyper‐rectangles, which are indexed by the Hilbert R‐tree. Leveraging the PSA, we first investigated the topological features of various kinds of policies. Balancing the PSA tool in a non‐dominated sorting particle swarm optimization technique exposes the intrinsic difficulties of this security strategy and provides guidance for designing the enforcement approach. In addition, in this research, a new fuzzy rule‐based classification system is introduced for packet classification. A scope‐wise policy enforcement algorithm was proposed, which chooses a moderate number of enforcement network nodes for deploying multiple policy subsets in a greedy manner. This scheme is much quicker compared with the first one and therefore has found its application in real‐time deployments.     

栅格化网络信任传递技术研究

栅格化网络对信息安全的要求愈加迫切,有必要对其信任传递技术进行研究和验证。构建面向服务的端到端业务访问的安全体系结构,提出栅格环境下跨域业务访问的安全防护等关键技术,形成基于业务属性为驱动的动态安全策略防护机制,实现不同类型业务的安全服务能力,有效地保证系统的可靠运转,为栅格化网络的建设保障提供有力支撑,并对后期的研究工作进行了展望。     

Policy-based IPsec management

Security is vital to the success of e-commerce and many new valued-added IP services. As a consequence, IPsec is an especially important security mechanism in that it provides cryptographic-based protection mechanisms for IP packets. Moreover, in order for IPsec to work properly, security policies that describe how different IP packets are protected must be provisioned on all network elements that offer IPsec protection. Since IPsec policies are quite complex, manually configuring them on individual network elements is inefficient and therefore infeasible for large-scale IPsec deployment. Policy-based IPsec management strives to solve this problem: Policy-based management employs a policy server to manage a network as a whole; it translates business goals or policies into network resource configurations and automates these configurations across multiple different network elements. Policy-based IPsec management significantly simplifies the task of defining, deploying, and maintaining security policies across a network, thereby significantly simplifying large-scale IPsec deployment. This article describes the motivations, key concepts, and recent IETF developments for policy-based IPsec management. It then applies the key concepts to an example a IPsec VPN service provisioning and further describes an example of an IPsec policy server as well as experience gained from implementing such a server. Challenges facing policy-based IPsec management are also discussed.     

Hybrid firefly bat algorithm (HFBA)–based network security policy enforcement for PSA

Network operators heavily depend on security services to secure their information technology infrastructures. On the other hand, due to the complexity of security policies, it is not appropriate to straightforwardly use previous pathwise enforcement approaches. In this paper, the enforcement problem of the security policy on middleboxes is formulated as a weighted K set covering problem that requires a policy space analysis tool. This tool is intended to be supported on range‐represented hyperrectangles, which are tagged using a prioritized R‐tree. This methodological work initially evaluates the topological features of diverse types of policies. Hybrid firefly bat algorithm–supported heuristic information shows the inherent difficulties of security policies and provides direction for the design of the enforcement algorithm. At the same time, a scopewise policy enforcement procedure is proposed, which requires a moderate number of enforcement network nodes for organizing the various policy subsets in a greedy manner. Our results demonstrate that the proposed hybrid firefly bat algorithm with policy space analysis offer greatly improved outcomes in terms of the rule overhead, network security, packet delivery ratio, packet loss ratio, and time efficiency above the set operations of the security policy.     

Universal privacy‐preserving platform for SecaaS services

With the rapid growth of the Security‐as‐a‐Service market, concerns about privacy in exposing customer security policies to Cloud Service Providers have become critical. To resolve these issues, several solutions have been proposed over the past few years, each for a different kind of security service. However, as the number of security services outsourced into a cloud continues to grow, the need for a unified solution has become significant. This article introduces and presents a universal privacy‐preserving platform for SecaaS services that is based on a hybrid cloud architecture for maintaining the confidentiality of the customer's security policy. It is shown that this platform can be applied to all security services whose security policies can be represented in the form of a decision tree. This includes the vast majority of existing cloud‐based security services. With the small number of computationally‐expensive operations performed in a private cloud, the solution also does not require the implementation of a performant security engine on the customer's premises, allowing full advantage to be taken of private cloud offloading. It is also shown that the platform achieves better performance results than other existing solutions of this type. These findings were confirmed by experimental results.     

Dynamic reconfiguration policies for reconfigurable coded-WDM PONs

This article studies the issues arising when reconfiguring coded-WDM networks to provide protection against eavesdropping. Although the ability to reconfigure coded-WDM PONs dynamically has been recognized as an effective means of improving the security of OCDMA networks, this article provides the first in-depth study of the tradeoffs involved in carrying out this reconfiguration process. The article commences by showing that the degree of confidentiality and the traffic loss are two important, but conflicting, objectives in the design of reconfiguration policies. The reconfiguration problem is then formulated as a Markovian decision process (MDP). The results obtained from MDP theory are applied to establish optimal reconfiguration policies for coded-WDM networks with various system parameters. Finally, the advantages of the optimal reconfiguration policies over a class of threshold-based policies are illustrated through simulation results.     

Towards semantic web-based management of security services

Policy-based management of distributed system has become a commonly accepted approach for such systems. However, there are a number of open technical issues that might put large-scale deployment of policy-based management techniques at risk. They include automated policy translation (i.e., refinement from abstract business goals to final configurations); development of integrated policy architectures for network, service and application management, and dynamic service creation; and methods for policy conflict detection and resolution. Regarding this last issue, there exist some relevant efforts in the security area, but they are still in the design phase and it is not clear how flexible and powerful they will become when they deal with different kinds of security-related policies and scenarios. This article provides the main ideas behind the semantically enriched specification of security policies and describes an automated process for doing conflict detection on these policies.     

LEDS: Providing Location-Aware End-to-End Data Security in Wireless Sensor Networks

Providing desirable data security, that is, confidentiality, authenticity, and availability, in wireless sensor networks (WSNs) is challenging, as a WSN usually consists of a large number of resource constraint sensor nodes that are generally deployed in unattended/hostile environments and, hence, are exposed to many types of severe insider attacks due to node compromise. Existing security designs mostly provide a hop-by-hop security paradigm and thus are vulnerable to such attacks. Furthermore, existing security designs are also vulnerable to many types of denial of service (DoS) attacks, such as report disruption attacks and selective forwarding attacks and thus put data availability at stake. In this paper, we seek to overcome these vulnerabilities for large-scale static WSNs. We come up with a location-aware end-to-end security framework in which secret keys are bound to geographic locations and each node stores a few keys based on its own location. This location-aware property effectively limits the impact of compromised nodes only to their vicinity without affecting end-to-end data security. The proposed multifunctional key management framework assures both node-to-sink and node-to-node authentication along the report forwarding routes. Moreover, the proposed data delivery approach guarantees efficient en-route bogus data filtering and is highly robust against DoS attacks. The evaluation demonstrates that the proposed design is highly resilient against an increasing number of compromised nodes and effective in energy savings.     

Securing wireless sensor networks against aggregator compromises [security in mobile ad hoc]

A common approach to overcome the limited nature of sensor networks is to aggregate data at intermediate nodes. A challenging issue in this context is to guarantee end-to-end security mainly because sensor networks are extremely vulnerable to node compromises. We propose three schemes to secure data aggregation that rely on multipath routing. The first guarantees data confidentiality through secret sharing, while the second and third provide data availability through information dispersal. Based on qualitative analysis and implementation, we show that by applying these schemes, a sensor network can achieve data confidentiality, authenticity, and protection against denial of service attacks even in the presence of multiple compromised nodes.     

利用双线性对构造的面向电子商务的同时签密

Concurrent signature was introduced as an efficient approach to solving the problem of fair exchange of signatures. Almost all fair exchange e-commerce protocols based on concurrent signature that have been proposed until now either do not provide message privacy protection or adopt the sign-then-encrypt scheme to provide confidentiality. However, confidentiality is an important requirement of fair exchange e-commerce protocol. In this paper, a new concept called concurrent signcryption which combines the concepts of concurrent signature and signcryption together to resolve the confidentiality problem in e-commerce systems based on concurrent signature. We also propose a concurrent signcryption scheme using bilinear pairings and prove its security in the random oracle model. Compared with the sign-then-encrypt scheme using bilinear pairings, our scheme enjoys shorter message length and less operation cost. Moreover, in our scheme the two ambiguous signcryptions can be published in any order.     

一种针对JVM运行时库安全策略的全自动检测方法

JVM运行时库通过调用自身库函数的安全管理器类能够实现多种安全策略,其中非常重要的一条安全策略是保证程序在执行敏感操作之前必须进行相应的访问控制权限检查.传统上依赖于人工分析来确保JVM运行时库满足该安全策略,由于Java标准类库涵盖上千个类,上万个方法,且处于快速发展和演化过程中,人工分析费时费力,容易出错.本文提出一种全自动、高效、快速的模型检测方法评估JVM是否遵守这一安全策略,扫描Java标准类库字节码文件,将类的成员方法生成控制流图,通过定义检验模型,结合污点分析计算出方法摘要,自动检测出风险方法.     

End-to-end privacy preserving scheme for IoT-based healthcare systems

Preserving patients’ privacy is one of the most important challenges in IoT-based healthcare systems. Although patient privacy has been widely addressed in previous work, there is a lack of a comprehensive end-to-end approach that simultaneously preserves the location and data privacy of patients assuming that system entities are untrusted. Most of the past researches assume that parts of this end-to-end system are trustworthy while privacy may be threatened by insider attacks. In this paper, we propose an end-to-end privacy preserving scheme for the patients assuming that all main entities of the healthcare system (including sensors, gateways, and application providers) are untrusted. The proposed scheme preserves end-to-end privacy against insider threats as well as external attacks concerning the resource restrictions of the sensors. This scheme provides mutual authentication between main entities while preserves patients’ anonymity. Only the allowed users can access the real identity of patients alongside their locations and their healthcare information. Informal security analysis and formal security verification of the proposed protocol in AVISPA show that it is secure against impersonation, replay, modification, and man-in-the-middle attacks. Moreover, performance assessments show that the proposed protocol provides more security services without considerable growth in the computation overhead of the sensors. Also, it is shown that the proposed protocol diminishes the signaling overhead of the sensors and so their energy consumption compared to the literature at the expense of adding a little more signaling overhead to the gateways.

     

Security performance of optical CDMA Against eavesdropping

Enhanced security has often been cited as an important benefit of optical CDMA (O-CDMA) signaling. However, the quality and degree of security enhancement has not been closely examined in the literature. This paper examines the degree and types of security that may be provided by O-CDMA encoding. A quantitative analysis of data confidentiality is presented for O-CDMA encoding techniques that use both time spreading and wavelength hopping. The probability of successful data interception is calculated as a function of several parameters, including signal-to-noise ratio and fraction of total available system capacity. For reasonable choices of system and encoding parameters, it is shown that increasing code complexity can increase the signal-to-noise ratio (SNR) required for an eavesdropper to "break" the encoding by only a few dB, while the processing of fewer than 100 bits by an eavesdropper can reduce the SNR required to break the encoding by up to 12 dB. The overall degree of confidentiality obtainable through O-CDMA encoding is also compared with that obtainable through standard cryptography. time-spreading/wavelength-hopping in particular, and O-CDMA in general, are found to provide considerably less data confidentiality than cryptography, and the confidentiality provided is found to be highly dependent on system design and implementation parameters.     

Performance Evaluation of Resource Reservation Policies for Rate-Controlled Earliest-Deadline-First Scheduling in Multi-Service Packet Networks

The paper addresses the issue of reserving resources at packet switches along the path of flows requiring a deterministic bound on end-to-end delay. The switches are assumed to schedule outgoing packets using the Rate-Controlled Earliest-Deadline-First (RC-EDF) scheduling discipline. EDF is known to be an optimal scheduling discipline for deterministic delay services in the single scheduler case. We propose a number of static and dynamic reservation policies for mapping the end-to-end delay requirement of a flow into local delay deadlines to be reserved at each scheduler. These policies are based on non-even resource reservation where the resources reserved depend on the capacities and loading at each node in the network. We define and prove the optimality of a certain non-even policy for the case of a single path network with homogenous static traffic. We present extensive simulation results for different scenarios which show that dynamic non-even resource reservation provides superior performance when compared to simple policies such as even dividing of end-to-end delay among the schedulers.     

Secure Distributed Routing Algorithm with Optimizing Energy Consumption for Cognitive Radio Networks

In cognitive radio networks, the non-cooperative behavior is an inherent security issue. Then it is important to guarantee the support of the cooperation among nodes. In this paper, first the distributed routing problems with optimizing energy use are translated into a 0–1 integer programming problem by analyzing the dynamical power interference among nodes. Secondly, the key allocation about end nodes is devised to realize the confidentiality about data transmission. Thirdly, a secure distributed routing algorithm (SDRA) with energy use is proposed to ensure the security on end-to-end communication. The simulation and analysis show that the energy use for the SDRA is lower than that of the spectrum and energy aware routing protocol. Moreover, the trust mechanism based on Bayesian theorem is more compatible than that of Beta function for distributed routing algorithm in the actual situation.