A secure medium access control protocol: Security versus performances
Many systems were built in order to protect confidentiality of data and processes. This can be done by using multilevel architectures of machines and networks. But these architectures tolerate the existence of covert channels. We designed an architecture of a distributed security subsystem in order to avoid them, basing it on the use of secure dependencies. Controls exerted on dependencies can control exhaustively elementary flows of information. These controls are achieved by means of some hardware mechanisms which govern the access of hosts to the medium according to secure medium access control protocol (or SMAC). This approach implements in a straightforward manner some multilevel security conditions that ensure a very high degree of protection. We wanted to measure the real cost of introducing security inside a MAC protocol, by comparing under simulation the performances of the SMAC protocol with some other standard but insecure MAC protocols.
Unable to display preview. Download preview PDF.
- 1.P. Bieber, F. Cuppens: A logical view of secure dependencies. In Journal of Computer Security, Vol. 1, Nr. 1, IOS Press, 1992Google Scholar
- 2.D. E. Bell and L. J. Padula: Secure Computer Systems: Unified Exposition and Multics Interpretation, MTR-2997, MITRE Corporation, Bedford, Mass. (1975).Google Scholar
- 3.B. d'Ausbourg and J.H. Llareus: M2S: A machine for multilevel security, European Symposium on Research in Computer Security, ESORICS92, Toulouse, France, 1992Google Scholar
- 4.B. d'Ausbourg: Implementing Secure Dependencies over a Network by designing a Distributed Security SubSystem, ESOR1CS94, Brighton, UK, 1994Google Scholar
- 5.G.Eizenberg: Mandatory policy: secure system model. In AFCET, editor, European Workshop on Computer Security, Paris, 1989.Google Scholar
- 6.H. Golde: University of Washington version of MIT Network Simulator. October 1991. (available by anonymous FTP from june.cs.washington.edu).Google Scholar
- 7.A. Heybey: MIT Network simulator. MIT Laboratory for Computer Science, 1988.Google Scholar
- 8.G.King: A survey of commercially available secure LAN product, in Proc. Int. IEEE Conf. on Computer Security Applications, Tucson, Arizona, December 1989Google Scholar
- 9.MIT: NETSIM mailing list, firstname.lastname@example.org.Google Scholar
- 10.G.R. Sherman: The quality of a scientific simulation in SIMULETTER vol 15, n 3, July 1984.Google Scholar
- 11.Van Jacobson: Congestion avoidance and control, in Proc. of ACM SIGCOMM'88 Symposium, pp. 314–329, August 1988.Google Scholar
- 12.R. Yavatkar, P. Pai and R. Finkel: A reservation based CSMA Protocol for Integrated Manufacturing networks, Tecn. Rep. 216-92, Department of Comp. Sc., Univeristy of Kentucky, Lexington, KY.Google Scholar