A security policy language for wireless sensor networks

doi:10.1016/j.jss.2008.05.010

Journal of Systems and Software

Volume 82, Issue 1, January 2009, Pages 101-111

https://doi.org/10.1016/j.jss.2008.05.010 Get rights and content

Abstract

Authenticated computer system users are only authorized to access certain data within the system. In the future, wireless sensor networks (WSNs) will need to restrict access to data as well. To date, WSN security has largely been based on encryption and authentication schemes. The WSN Authorization Specification Language (WASL) is a mechanism-independent composable WSN policy language that can specify arbitrary and composable security policies that are able to span and integrate multiple WSN policies. Using WASL, a multi-level security policy for a 1000 node network requires only 60 bytes of memory per node.

Introduction

Because of advancements in micro-electro-mechanical systems, wireless sensor network (WSN) nodes can now be made smaller than their power sources. Improvements in computing and wireless networking technologies will provide access to the sensors’ data at a level heretofore unattainable. We envision a future with WSNs composed of nano-sensors embedded within, say, building materials to provide data on the condition of the material or environment around it. While it is not the case with WSNs currently, we maintain that data within a WSN should have (and indeed will soon be required to have) the same level of data protection as that found in modern computer operating systems. Furthermore, it can reasonably be expected that WSNs with distinct security policies will eventually be required to interact with each other while maintaining their respective security policies. Therefore, policy composition must be supported by WSN security policies too.

Some research and development has focused on restricting WSN resources to authorized users via authentication protocols (Perrig et al., 2001, Di Pietro et al., 2003, Benenson et al., 2005). Particular access control schemes have also been proposed including (Donggang, 2007, Wang and Li, 2006, Zhou et al., 2007). Encryption has been used to enforce confidentiality and to restrict computing resources to authorized entities (Oliveira et al., 2007, Karlof et al., 2004, Gaubatz et al., 2005). Encryption and authentication are well-established techniques that address particular aspects of security; they are essential but incomplete elements of security in a WSN. Encryption will indeed protect the confidentiality of WSN data during transmission while authentication will prevent unauthorized users from accessing a WSN. Even so, we rightly expect that even authorized users of computer systems will not have access to all the data on the system. That is, we expect our files and data to remain confidential even from other authorized users of the system. As WSNs become more commonplace, the same will be expected of them.

WSN nodes, however, have severe limits on processing power, memory, wireless communication capabilities, and energy stores (Zhao and Guibas, 2004). The MICA2 Mote (Crossbow, 2007), for example, weighs 18 g and operates on two “AA” batteries. It hosts the TinyOS operating system on an ATmega128L 8 bit processor running at 8 MHz with 4 kB RAM and 128 kB flash RAM for code. Therefore, any practical security scheme will have to take this into account. We see this severely resource-constrained environment as a persistent characteristic of current WSN nodes as well as the micro- or nano-scale nodes of the future.

Security policies are generally represented by sets of rules. Given a request for some action, a servicing agent evaluates these rules according to the current status of the system and relevant information about the query. The information required by the agent to make a decision can be quite large—all the user identifications and groupings, object identities and groupings, associations of users and objects with security levels, mandatory authorizations and discretionary rules and explicit authorizations, and information about the history of actions performed in the system. Significant processing power and memory may be required to evaluate a number of rules against all the variables. Alternatively, memory could be saved by requiring that relevant associations (e.g., user groupings) be sent with a query, adding to the data required during query transmission.

With these considerations in mind, we propose a mechanism-independent composable WSN policy language called the WSN Authorization Specification Language (WASL). The resulting system distributes only system authorizations to nodes, reducing both the memory and computational requirements at the nodes. WASL is based on the Authorization Specification Language (ASL) (Jajodia et al., 1997) that provides a formal basis for specifying security policies, capturing policy authorizations, and describing the environments in which the policies function. WSN-specific modifications to ASL adapts it to a wireless environment. WASL, in conjunction with existing encryption and authentication mechanisms, constitute a robust system that will prevent, per the specified policy, unauthorized access to WSN resources. Although security policies, not mechanisms, are the focus of this research, we also present a simple implementation scheme to demonstrate that our system can be reasonably implemented within the constraints of a WSN node.

The remainder of this paper is organized as follows: Section 2 introduces the notion of security used in this work. The key contribution is the language WASL, as presented in Section 3 followed by implementation considerations made Section 4. Section 5 presents results of composition and compilation of WASL-encoded policies.

Section snippets

Background

This section provides a brief overview of security elements, security policies, and policy composition. Security is often defined in terms of three properties: integrity, availability, and confidentiality. Integrity pertains to the trustworthiness of data and can be formally expressed using Biba’s Model (Biba, 1977). Availability is the ability of a user to access data on demand. Confidentiality ensures restricted data remain hidden from unauthorized users.

Confidentiality is defined using the

WSN Authorization Specification Language

To implement a policy-enforcement system we must first have a policy specification language. This language should be flexible enough to express a variety of policy types as well as support various implementations. There are several mature policy specification languages available including Ponder (Damianou et al., 2001) and Rei (Kagal et al., 2003). Any specification language must have sufficient structure to permit a formal examination of the properties of a given policy and identify adherence

Network under study

This section examines the limitations of WSNs that led to certain design decisions. For example, due to bandwidth, memory, and processing power limitations nodes do not perform compilation or composition; these functions are performed at the gateway. WSN characteristics are presented in Section 4.1 while policy-related responsibilities are discussed in Section 4.2.

Results

A straightforward implementation of a WASL system has been created to read, compile, and compose security policies. The system is naïve in that it implements the algorithms described above with few optimizations. Policies for the networks described above are specified in WASL and compiled. The resulting system authorizations are combined using composition rules to yield new sets of system authorizations that are compatible and consistent with the original security policies. System

Conclusion

Security issues for wireless sensor networks continues to be a challenge. Encryption, authentication, and other existing methods are effective for enforcing certain policies, particularly when the WSN is isolated from outside users. While a continually changing security policy is untenable with respect to the resources in a WSN, sensor networks of the future will likely require increasing interactions with external nodes.

WASL is a policy language capable of representing arbitrary policies such

David W. Marsh received a B.S. in Electrical Engineering from Seattle Pacific University in 1992, his M.S. in Computer Engineering from the Air Force Institute of Technology in 2000 and his Ph.D. in Computer Science in 2008. He has served 15 years in the United States Air Force and is a member of Eta Kappa Nu, Tau Beta Pi, and IEEE. His research interests include computer security, software analysis, software engineering, and computer communication networks.

References (18)

A.W. Appel
Modern Compiler Implementation in Java
(1998)
Bell, D.E., LaPadula, L.J., 1975. Secure computer systems: unified exposition and multics interpretation. Tech. Rep....
Benenson, Z., Gedicke, N., Raivio, O., 2005. Realizing robust...
Biba, K.J., 1977. Integrity considerations for secure computer systems. Tech. Rep. MTR-3153, MITRE Corp., Bedford,...
P. Bonatti et al.
An algebra for composing access control policies
ACM Transactions on Information System Security
(2002)
Crossbow, 2007. MICA2 Datasheet. Crossbow Technology Incorporated, 4145 N. First Street, San Jose, CA 95134....
N. Damianou et al.
The ponder policy specification language
R. Di Pietro et al.
Random key-assignment for secure wireless sensor networks
Donggang, Liu, 2007. Efficient and distributed access control for sensor networks. In: Proceedings of the IEEE...

There are more references available in the full text version of this article.

Cited by (13)

Partial differential equation modeling of malware propagation in social networks with mixed delays
2018, Computers and Mathematics with Applications
Citation Excerpt :
The purpose is to ensure, by monitoring equipment conditions, that the equipment is always running with high efficiency. For more applications to malware spreading models; see, for example, [13–15]. In fact, as Khan et al. [15] point out, the advantages of malware spreading models over static wireless sensor networks include enhanced target tracking, improved coverage, energy efficiency, and superior channel capacity.
With the wide applications of social networks, government and individuals increasingly emphasize information networks security. This paper is devoted to investigating a reaction–diffusion malware propagation model with mixed delays to describe the process of social networks. Applying matrix theory for characteristic values, we establish the local stability conditions of a positive equilibrium point. Based on the linear approximation method of nonlinear systems, the Hopf bifurcation at the positive equilibrium point is considered. Additionally, we identify some sensitive parameters in the process of malware propagation that are significant for control theory. Finally, numerical simulations are performed to illustrate the theoretical results.
Stability and bifurcation analysis in a delayed reaction-diffusion malware propagation model
2015, Computers and Mathematics with Applications
Citation Excerpt :
Over the past decade we have witnessed the evolution of wireless sensor networks (WSNs), with advancements in hardware design, communication protocols, resource efficiency, home security, battlefield surveillance and other aspects [1–4].
Mobile wireless sensor networks (MWSNs) have become an area of intense research activity due to technical advances in sensors, wireless communications and networking, and signal processing. Many applications, including environment monitoring, battlefield surveillance, and urban search and rescue especially in hazardous situations, are envisaged. However, MWSNs may be vulnerable to malicious interference because of the large-scale characteristics. When a contaminated node communications with its neighbors, multiple copies of the malware are transmitted to its neighbors, which may destroy, block regular communications, or even damage the integrity of regular data packets. Modeling spatial distribution of malware propagation over time is the first step to predict the trend of malware propagation in MWSNs. We propose a novel wireless malware propagation model with the discrete time delay based on reaction–diffusion equations in mobile wireless sensor networks, and study its dynamic behaviors. By analyzing the stability and Hopf bifurcation of the equilibrium of our model, we search for the sufficient conditions, which leads to the malware propagation disappears or continues. Furthermore, we demonstrate that oscillations in this model occur through the destabilization of the stationary solution at a Hopf bifurcation point. And formulas for determining the stability of the bifurcating periodic oscillations are derived by applying the normal form method and center manifold theorem. Finally, we conduct extensive simulations on large-scale MWSNs to evaluate the proposed model. Numerical evidence shows that the spatial–temporal dynamic characteristics of malware propagation in MWSNs are closely related to the packet transmission rate, the communication rang and the mobile behavior of nodes.
Maintaining awareness using policies; Enabling agents to identify relevance of information
2012, Journal of Computer and System Sciences
The field of computer supported cooperative work aims at providing information technology models, methods, and tools that assist individuals to cooperate. The presented paper is based on three main observations from literature. First, one of the problems in utilizing information technology for cooperation is to identify the relevance of information, called awareness. Second, research in computer supported cooperative work proposes the use of agent technologies to aid individuals to maintain their awareness. Third, literature lacks the formalized methods on how software agents can identify awareness. This paper addresses the problem of awareness identification. The main contribution of this paper is to propose and evaluate a formalized structure, called Policy-based Awareness Management (PAM). PAM extends the logic of general awareness in order to identify relevance of information. PAM formalizes existing policies into Directory Enabled Networks-next generation structure and uses them as a source for awareness identification. The formalism is demonstrated by applying PAM to the space shuttle Columbia disaster occurred in 2003. The paper also argues that efficacy and cost-efficiency of the logic of general awareness will be increased by PAM. This is evaluated by simulation of hypothetical scenarios as well as a case study.
An information diffusion model in social networks with carrier compartment and delay
2018, Nonlinear Analysis: Modelling and Control
WirelessOrBAC: Towards an access-control-based IDS for wireless sensor networks
2017, ACM International Conference Proceeding Series
Optimizing resource and data security in shared sensor networks
2016, Security and Communication Networks

View all citing articles on Scopus

Rusty O. Baldwin is an Associate Professor of Computer Engineering in the Department of Electrical and Computer Engineering, Air Force Institute of Technology, Wright-Patterson AFB OH. He received a B.S. in Electrical Engineering (cum laude) from New Mexico State University in 1987, an M.S. in Computer Engineering from the Air Force Institute of Technology in 1992, and a Ph.D. in Electrical Engineering from Virginia Polytechnic Institute and State University in 1999. He served 23 years in the United States Air Force. He is a registered Professional Engineer in Ohio, a member of Eta Kappa Nu, and a Senior Member of IEEE. His research interests include computer communication networks, embedded and wireless networking, computer security, cyber operations, and reconfigurable computing systems.

Barry E. Mullins is an Assistant Professor of Computer Engineering in the Department of Electrical and Computer Engineering, Air Force Institute of Technology, Wright-Patterson AFB OH. He received a B.S. in Computer Engineering (cum laude) from the University of Evansville in 1983, an M.S. in Computer Engineering from the Air Force Institute of Technology in 1987, and a Ph.D. in Electrical Engineering from Virginia Polytechnic Institute and State University in 1997. He served 21 years in the Air Force teaching at the U.S. Air Force Academy for seven of those years. He is a registered Professional Engineer in Colorado and a member of Eta Kappa Nu, Tau Beta Pi, IEEE (senior member), and ASEE. He has received the U.S. Air Force Academy’s Outstanding Academy Educator award as well as the Brig. Gen. R. E. Thomas award for outstanding contribution to cadet education twice. His research interests include cyber operations, computer communication networks, embedded (sensor) and wireless networking, and reconfigurable computing systems.

Robert F. Mills is an Assistant Professor of Electrical Engineering in the Department of Electrical and Computer Engineering, Air Force Institute of Technology, Wright-Patterson AFB OH. He received a B.S.E.E from the Montana State University in 1983, an M.S. in Electrical Engineering from the Air Force Institute of Technology in 1987, and a Ph.D. in Electrical Engineering from the University of Kansas in 1994. His research interests include cyber operations, computer communication networks, cognitive radio, and cognitive radio systems.

Michael R. Grimaila (BS, Electrical Engineering; MS, Electrical Engineering; and PhD, Computer Engineering, all from Texas A&M University) is an associate professor and a member of the Center for Cyberspace Research at the Air Force Institute of Technology (AFIT), Wright-Patterson AFB, Ohio. He is a Certified Information Security Manager (CISM), Certified Information System Security Professional (CISSP), and holds NSA IAM/IEM certifications. He teaches and conducts research in the areas of information assurance, information warfare, and information operations. He serves as an Editorial Board member of the Information System Security Association (ISSA) Journal and on the DoD/NII IA Best Practices and Metrics Working Group. He is also a member of the ACM, IRMA, ISACA, ISC2, ISSA, ISSEA, and is a senior member of the IEEE.

View full text

Published by Elsevier Inc.

A security policy language for wireless sensor networks

Abstract

Introduction

Section snippets

Background

WSN Authorization Specification Language

Network under study

Results

Conclusion

Modern Compiler Implementation in Java

An algebra for composing access control policies

ACM Transactions on Information System Security

The ponder policy specification language

Random key-assignment for secure wireless sensor networks