A spatio-temporal role-based access control model for wireless LAN security policy management

Abstract

The widespread proliferation of wireless networks (WLAN) has opened up new paradigms of security policy management in enterprise networks. To enforce the organizational security policies in wireless local area networks (WLANs), it is required to protect the network resources from unauthorized access. In WLAN security policy management, the standard IP based access control mechanisms are not sufficient to meet the organizational requirements due to its dynamic topology characteristics. In such dynamic network environments, the role-based access control (RBAC) mechanisms can be deployed to strengthen the security perimeter over the network resources. Further, there is a need to incorporate time and location dependent constraints in the access control models. In this paper, we propose a WLAN security management system which supports a spatio-temporal RBAC (STRBAC) model. The system stems from logical partitioning of the WLAN topology into various security policy zones. It includes a Global Policy Server (GPS) that formalizes the organizational access policies and determines the high level policy configurations for different policy zones; a Central Authentication & Role Server (CARS) which authenticates the users (or nodes) and the access points (AP) in various zones and also assigns appropriate roles to the users. Each policy zone consists of an Wireless Policy Zone Controller (WPZCon) that co-ordinates with a dedicated Local Role Server (LRS) to extract the low level access configurations corresponding to the zone access points. We also propose a formal spatio-temporal RBAC (STRBAC) model to represent the security policies formally.