A Security Architecture For Information Assurance And Availability in MANETs
George Mason University
Currently, End-to-End protection architectures, including pervasive
ones such as the Internet Protocol suite, as well as others, typically
focus on protecting the network availability ignoring the end-system
host or device. Unfortunately, this leads to attacks against the availability
and information assurance of the overall system including host-based
denial of service attacks and data ex-filtration. In MANETs, such
attacks become even more debilitating because each node has a dual role
acting both as a source and as a router.
To address such attacks, we extend the protection beyond the network
encompassing the host end-system platform. By isolating each
application running on the end hosts, we extend our ability to
scalably and effectively enforce policies beyond network
communications to memory, file I/O, and inter-application
communications. However, the functions are not merely those of a
separation kernel, as applications must interact with the underlying
host OS and other applications, whenever permitted by policy.
A direct implication of our architecture is that the realization of an
end-to-end security protection system must include specific security
mechanisms on the host that would be able to isolate services and
regulate their resources. Our approach exploits the complementary
strengths of four well-known components: lightweight virtualization,
kernel-level resource management, mandatory access control (MAC)
frameworks, and stackable file systems. Finally, we show that
our system does not incur significant resource overhead or
performance degradation making it appropriate for real-time
applications on resource constraint platforms.
This is joint work with Dr. Anup Ghosh.
Angelos Stavrou is Assistant Professor in the Department of Information and Software Engineering and a member of the Center for Secure Information Systems at George Mason University, Fairfax, Virginia. He received his M.Sc. in Electrical Engineering, M.Phil. and Ph.D. (with distinction) in Computer Science all from Columbia University. He also holds an M.Sc. in theoretical Computer Science from University of Athens, and a B.Sc. in Physics with distinction from University of Patras, Greece. His current research interests include security and reliability for distributed systems, security principles for virtualization, and anonymity with a focus on building and deploying large-scale systems. He is a member of the ACM, the IEEE, and USENIX.