Protecting Security Policies in Ubiquitous Environments Using One-Way Functions
Paper in proceedings, 2004

This paper addresses the problem of protecting security policies and other security-related information in security mechanisms, such as the detection policy of an Intrusion Detection System or the filtering policy of a firewall. Unauthorized disclosure of such information can reveal the fundamental principles and methods for the protection of the whole network, especially in ubiquitous environments where a large number of nodes store knowledge about the security policy of their domain. To avoid this risk we suggest a scheme for protecting stateless security policies using one-way functions. A stateless policy is one that only takes into consideration, the current event, and not the preceding chain of events, when decisions are made. The scheme has a simple and basic design but can still be used for practical implementations, as illustrated in two examples in real-life enviroments. Further research aims to extend the scheme to stateful policies.


Håkan Kvarnström

Chalmers, Department of Computer Engineering

Hans Hedbom

Chalmers, Department of Computer Engineering, Computer Security

Erland Jonsson

Chalmers, Department of Computer Engineering

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

03029743 (ISSN) 16113349 (eISSN)

Vol. 2802 71-85

Subject Categories

Computer and Information Science



More information