Controlling the language of security

Korean computer scientists have developed a security policy specification for home networks that could make us more secure from cyber attack in our homes. They report details in the International Journal of Ad Hoc and Ubiquitous Computing.

Companies, banks, and other organizations take internet security very seriously and usually have firewalls and IT departments to protect them from attack as a matter of course. Domestic and small office networks are just as vulnerable to hacking, malicious computer code, worms, viruses, and eavesdropping. An attack can wreak havoc on individuals and small businesses when security it compromised.

With home and small office networks connecting all kinds of devices - personal computers, mobile devices, remote security cameras, gaming consoles, and more - they represent an even more heterogeneous mix than many larger offices.

Now, Geon Woo Kim of the Electronics and Telecommunications Research Institute, in Korea, and colleagues there and at Kyungpook National University, have developed a specification for security policy on home networks that can guarantee reliability and availability. The specification also takes into account authentication, authorization, security policy deployment so that all users in the home are not only protected from malware but also can help ensure everyone can use the network when they need to.

Kim and his team explain that home networks most commonly have only a single gateway from the internet. Every packet of information must pass through this gateway at the border between the home network and the internet. It should act as a core component providing all security. "Whenever a new access to the home network is found, it should be able to authenticate and authorize it and enforce the security policy based on rules set by the home administrator," the team says.

However, to make such an approach effective but simple requires a way to consistently describe and specify the security policy. The computer scientists first turned to a computer markup language, eXtensible Access Control Markup Language (XACML). XACML is a general purpose language and so it lacks the notation for security policies and authorization rules. The team has now developed a related language - Home security Description Language, xHDL - that includes the necessary notation for securing a home network.

The new language consists of seven elements: combining-rule element, authentication element, user element, object element, object-group element, role element, and rule elements. Each of these terms within xHDL could be used to run a browser-based control centre. That program would provide the domestic administrator with simple control options to allow access to the home network only for specific devices and to control the packets of information that can pass through the gateway to and from the internet.

"Security policy specification for home network" in Int. J. Ad Hoc and Ubiquitous Computing, 2009, 4, 372-378