×

A SAT based verification framework for wireless LAN security policy management supported by STRBAC model. (English) Zbl 1210.68008

Meghanathan, Natarajan (ed.) et al., Recent trends in network security and applications. Third international conference, CNSA 2010, Chennai, India, July 23–25, 2010. Proceedings. Berlin: Springer (ISBN 978-3-642-14477-6/pbk; 978-3-642-14478-3/ebook). Communications in Computer and Information Science 89, 232-241 (2010).
Summary: The widespread proliferation of wireless networks demands formal evaluation and analysis of security policy management in enterprise networks. The enforcement of organizational security policies in Wireless Local Area Networks (WLANs) requires protection over the network resources from unauthorized access. Hence it is required to ensure correct distribution of access control rules to the network access points conforming to the security policy. In WLAN security policy management, the Role-Based Access Control (RBAC) mechanisms can be deployed to strengthen the security perimeter over the network resources. Further, there is a need to model the time and location dependent access constraints.
In this paper, we propose WLAN security management system supported by a spatio-temporal RBAC model and a SAT based verification framework. The system stems from logical partitioning of the WLAN topology into various security policy zones. It includes a Global Policy Server that formalizes the organizational access policies and determines the high level policy configurations; a Central Authentication & Role Server which authenticates the users and the access points in various zones and also assigns appropriate roles to the users. Each policy zone consists of an Wireless Policy Zone Controller that co-ordinates with a dedicated Local Role Server to extract the low level access configurations corresponding to the zone access router. We also propose a formal spatio-temporal RBAC model to represent the global security policies formally and a SAT based verification framework to verify the access configurations.
For the entire collection see [Zbl 1200.68015].

MSC:

68M10 Network design and communication in computer systems
PDFBibTeX XMLCite
Full Text: DOI