Saugaus maršrutizavimo Ad Hoc tinkluose tyrimas / Research on security aware routing in Ad Hoc networks

Narbutaitis, Tomas

31 August 2011

Mobilūs Ad-Hoc tinklai yra labai naudingi įvairiose situacijose, tačiau jų realizacijose vis dar neišspręsta daug problemų ir viena iš didžiausių problemų yra saugumas. Maršrutizavimui reikalingi specialiai suprojektuoti maršruto protokolai ir jie yra gana gerai išvystyti, išskyrus saugumo sritį. Darbe aš labiausiai telkiau dėmesį į įvairias aktyvias atakas prieš ad hoc tinklą, vykdomas iškreipiant maršruto parinkimo procesą ir kompromituojant tinklo paslaugų prieinamumą, duomenų vientisumą ir konfidencialumą, o labiausiai į saugaus maršruto parinkimo protokolų, kurie gali būti naudojami siekiant išvengti šių pavojų, analizę. Naujos koncepcijos saugaus maršruto parinkimo protokolas siūlomas, kaip konkretaus atvejo - iš tiesų didelio kenkiančių mazgų kiekio tinkle sprendimas ir sukurtas nesaugaus ad hoc tinklo modelis, kuris naudojamas siekiant imituoti, gauti ir palyginti keleto saugaus maršruto parinkimo protokolų rodiklius. / Mobile Ad-Hoc networks are very useful in certain situations, but raise many challenges and one of the biggest is security. Specially designed routing protocols are required and they are quite well developed except for security area. In this thesis I concentrate on various active attacks on ad-hoc network during routing process, compromising network availability, data integrity and confidentiality and analyze some security aware protocols, that can be used to avoid these risks. New concept routing protocol is proposed, for coping with a specific scenario of really high level of malicious nodes on the network and insecure network model is created, which is used to simulate, get and compare performance metrics of some security aware routing protocols.

Informatics Engineering

Ad Hoc

Saugus

Maršrutizavimas

NS-3

AODV

Ad Hoc

Routing

Security-aware

NS-3

AODV

The concept of self-defending objects and the development of security aware applications

Holford, John William

January 2006

The self-defending object (SDO) concept is an extension to the object-oriented programming paradigm, whereby those objects that encapsulate the protected resources of a security aware application (SAA), are made aware of, and responsible for, the defence of those resources. That defence takes two forms, the enforcement of mandatory access control on protected resources and the generation of the corresponding portion of the SAA's audit trail. The SDO concept acts as the philosophy that guides the application level mandatory access control within SAAs which ensures that the provided access control is both complete and non bypassable. Although SDOs accept responsibility for controlling access to the protected data and functionality that they encapsulate, an SDO delegates the responsibility for making authorisation decisions to an associated authorisation object. Thus, SDOs fulfill their access control obligations by initiating the authorisation check and then enforcing the decision made on their behalf. A simple, yet effective mechanism for enforcing that access control at the object level involves controlling the ability to invoke those SDO methods that access protected resources. In the absence of previous research on this approach to the enforcement of application level access control, the primary aim of this research was to demonstrate that the SDO concept is a viable paradigm for developing SAAs. That aim was achieved in two stages. The first stage targeted the provision of a 'proof of concept', that demonstrated that the SDO concept could be applied to the development of non-distributed SAAs. The second stage demonstrated its applicability to the development of distributed SAAs. In the second stage, two versions of a distributed prototype were developed, one based on a traditional (proprietary) distributed computing model, (Java RMI), and the second using the currently popular Web services model, to demonstrate the general applicability of the SDO concept. Having already demonstrated that the SDO concept could be applied to SAAs executing on a single machine, the major focus of that research was to devise a mechanism by which SDOs could be transferred between machines. The research then concentrated on determining what impacts the adoption of the SDO concept would have on SAA development. Experimentation carried out using the distributed prototypes demonstrated that (1) the adoption of the SDO does not restrict the use of inheritance hierarchies that include SDOs, (2) the restriction of the lifetime of SDOs can be supported, (3) usage rights enforcement can be employed, and (4) the use of cryptographic techniques to provide additional security guarantees is not affected. A key feature of the SDO concept, is that no major changes need to be made to current development tools or　methodologies, so its adoption is not hampered by significant financial or training impediments. This research demonstrated that the SDO concept is practical and constitutes a valuable extension to the object oriented paradigm that will help address the current lack of security in information systems. The SDO approach warrants additional research and adoption.

mandatory access control

authorisation

security aware applications

information security

computer security

information technology

software engineering

object oriented programming

programming paradigms