A WLAN security management framework based on formal spatio-temporal RBAC model

Abstract

In today's organizations, the large scale deployment of wireless networks has opened up new directions in network security management. The organizational security policies aim at protecting the network resources from unauthorized accesses in the wireless local area networks (WLAN). In WLAN security policy management, the standard IP-based access control mechanisms are not sufficient due to dynamic changes in network topology and access control states. The role-based access control (RBAC) models may be appropriate to strengthen the security perimeter over the network resources. However, formalizing the dynamic binding of the access policies to the roles, depending on various control states, is a major challenge. In this paper, we propose a WLAN security policy management framework based on a formal spatio-temporal RBAC (STRBAC) model. The present work primarily focuses on dynamic computation of security policies based on various control states, its formal representation using STRBAC model, and security property verification of the proposed STRBAC model. The proposed policy management framework logically partitions the WLAN topology into various security policy zones. The framework includes a Central Authentication & Role Server (CARS) which authenticates the users (nodes) and access points (AP) and also assigns appropriate roles to the users; a Global Policy Server (GPS) that dynamically computes the global security policy and policy configurations for different policy zones based on local user-role and control state information; a distributed policy zone control architecture. Each policy zone consists of a Policy Zone Controller (WPZCon) which dynamically computes the low-level access configurations. Finally, a SAT based verification procedure has been presented for verifying the security properties of the proposed STRBAC model.