This paper presents an implementation of an Intrusion Detection System (IDS) aiming to secure the AODV protocol designed for MANET. The IDS is designed as multiple static agents that run on a subset of the nodes in the network and executes a monitoring protocol that observes the process of route establishment. The monitoring protocol uses specification based intrusion detection to identify misuses to the routing messages. The IDS design is a correlation of previous work done in the field of MANET security. The IDS is implemented using ns-2 simulator and its ability to detect attacks was tested using previously devised attack scripts. Detailed specification for the runtime behavior of the AODV protocol was derived in the process of implementation.
Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way.
This paper describes the research conducted to develop Nedgty, the open source Web Services Firewall. Nedgty secures web services by applying business specific rules in a centralized manner. It has the ability to secure Web Services against Denial of Service, Buffer Overflow, and XML Denial of Service attacks; as well as having an authorization mechanism.
In this paper, we analyze one of the secure mobile ad hoc networks protocols, which is Authenticated routing for ad hoc networks (ARAN). Such protocol is classified as a secure reactive routing protocol, which is based on some type of query-reply dialog. That means ARAN does not attempt to continuously maintain the up-to-date topology of the network, but rather when there is a need, it invokes a function to find a route to the destination. Here, we detail how ARAN works, criticize how an authenticated misbehaving node can abuse the bandwidth and propose different solutions for this flaw in the protocol.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.