SPAR

Security and Privacy Applied Research Lab

A Security Architecture For Information Assurance And Availability in MANETs

Angelos Stavrou
George Mason University

Abstract

Currently, End-to-End protection architectures, including pervasive ones such as the Internet Protocol suite, as well as others, typically focus on protecting the network availability ignoring the end-system host or device. Unfortunately, this leads to attacks against the availability and information assurance of the overall system including host-based denial of service attacks and data ex-filtration. In MANETs, such attacks become even more debilitating because each node has a dual role acting both as a source and as a router.

To address such attacks, we extend the protection beyond the network encompassing the host end-system platform. By isolating each application running on the end hosts, we extend our ability to scalably and effectively enforce policies beyond network communications to memory, file I/O, and inter-application communications. However, the functions are not merely those of a separation kernel, as applications must interact with the underlying host OS and other applications, whenever permitted by policy.

A direct implication of our architecture is that the realization of an end-to-end security protection system must include specific security mechanisms on the host that would be able to isolate services and regulate their resources. Our approach exploits the complementary strengths of four well-known components: lightweight virtualization, kernel-level resource management, mandatory access control (MAC) frameworks, and stackable file systems. Finally, we show that our system does not incur significant resource overhead or performance degradation making it appropriate for real-time applications on resource constraint platforms.

This is joint work with Dr. Anup Ghosh.

Biography

Angelos Stavrou is Assistant Professor in the Department of Information and Software Engineering and a member of the Center for Secure Information Systems at George Mason University, Fairfax, Virginia. He received his M.Sc. in Electrical Engineering, M.Phil. and Ph.D. (with distinction) in Computer Science all from Columbia University. He also holds an M.Sc. in theoretical Computer Science from University of Athens, and a B.Sc. in Physics with distinction from University of Patras, Greece. His current research interests include security and reliability for distributed systems, security principles for virtualization, and anonymity with a focus on building and deploying large-scale systems. He is a member of the ACM, the IEEE, and USENIX.