A policy enforcing mechanism for trusted ad hoc networks

Gang Xu, Cristian Borcea, Liviu Iftode

Research output: Contribution to journalArticlepeer-review

19 Scopus citations

Abstract

To ensure fair and secure communication in Mobile Ad hoc Networks (MANETs), the applications running in these networks must be regulated by proper communication policies. However, enforcing policies in MANETs is challenging because they lack the infrastructure and trusted entities encountered in traditional distributed systems. This paper presents the design and implementation of a policy enforcing mechanism based on Satem, a kernel-level trusted execution monitor built on top of the Trusted Platform Module. Under this mechanism, each application or protocol has an associated policy. Two instances of an application running on different nodes may engage in communication only if these nodes enforce the same set of policies for both the application and the underlying protocols used by the application. In this way, nodes can form trusted application-centric networks. Before allowing a node to join such a network, Satem verifies its trustworthiness of enforcing the required set of policies. Furthermore, Satem protects the policies and the software enforcing these policies from being tampered with. If any of them is compromised, Satem disconnects the node from the network. We demonstrate the correctness of our solution through security analysis, and its low overhead through performance evaluation of two MANET applications.

Original languageEnglish (US)
Article number5444889
Pages (from-to)321-326
Number of pages6
JournalIEEE Transactions on Dependable and Secure Computing
Volume8
Issue number3
DOIs
StatePublished - 2011

All Science Journal Classification (ASJC) codes

  • Electrical and Electronic Engineering

Keywords

  • Trusted computing
  • ad hoc networks
  • mobile computing

Fingerprint Dive into the research topics of 'A policy enforcing mechanism for trusted ad hoc networks'. Together they form a unique fingerprint.

Cite this