A new language could improve home computer security

Sep 18, 2009

Korean computer scientists have developed a security policy specification for home networks that could make us more secure from cyber attack in our homes. They report details in the International Journal of Ad Hoc and Ubiquitous Computing.

Companies, banks, and other organizations take internet security very seriously and usually have firewalls and IT departments to protect them from attack as a matter of course. Domestic and small office networks are just as vulnerable to hacking, malicious , worms, viruses, and eavesdropping. An attack can wreak havoc on individuals and small businesses when security it compromised.

With home and small office networks connecting all kinds of devices - personal computers, mobile devices, remote security cameras, gaming consoles, and more - they represent an even more heterogeneous mix than many larger offices.

Now, Geon Woo Kim of the Electronics and Telecommunications Research Institute, in Korea, and colleagues there and at Kyungpook National University, have developed a specification for security policy on home networks that can guarantee reliability and availability. The specification also takes into account authentication, authorization, security policy deployment so that all users in the home are not only protected from malware but also can help ensure everyone can use the network when they need to.

Kim and his team explain that home networks most commonly have only a single gateway from the internet. Every packet of information must pass through this gateway at the border between the home network and the internet. It should act as a core component providing all security. "Whenever a new access to the home network is found, it should be able to authenticate and authorize it and enforce the security policy based on rules set by the home administrator," the team says.

However, to make such an approach effective but simple requires a way to consistently describe and specify the security policy. The computer scientists first turned to a computer markup language, eXtensible Access Control Markup Language (XACML). XACML is a general purpose language and so it lacks the notation for security policies and authorization rules. The team has now developed a related language - Home security Description Language, xHDL - that includes the necessary notation for securing a home network.

The new language consists of seven elements: combining-rule element, authentication element, user element, object element, object-group element, role element, and rule elements. Each of these terms within xHDL could be used to run a browser-based control centre. That program would provide the domestic administrator with simple control options to allow access to the home network only for specific devices and to control the packets of information that can pass through the gateway to and from the internet.

More information: "Security policy specification for home network" in Int. J. Ad Hoc and Ubiquitous Computing, 2009, 4, 372-378

Source: Inderscience Publishers (news : web)

Explore further: Forging a photo is easy, but how do you spot a fake?

add to favorites email to friend print save as pdf

Related Stories

Cisco CEO to use 'holistic' security

Feb 17, 2006

Network security is evolving from a "pinpoint" system of attacking isolated threats to a large-scale "holistic" approach to security, said John Chambers, CEO of Cisco Systems, at the 2006 RSA Conference.

Wireless-security campaign steps up

Mar 08, 2006

Talking about connectivity on-the-go and being concerned about storage capacity is no longer a sign of being a geek, but rather very much part of everyday life for many people. Yet as the number of Internet users rises and ...

Recommended for you

Forging a photo is easy, but how do you spot a fake?

Nov 21, 2014

Faking photographs is not a new phenomenon. The Cottingley Fairies seemed convincing to some in 1917, just as the images recently broadcast on Russian television, purporting to be satellite images showin ...

Algorithm, not live committee, performs author ranking

Nov 21, 2014

Thousands of authors' works enter the public domain each year, but only a small number of them end up being widely available. So how to choose the ones taking center-stage? And how well can a machine-learning ...

Professor proposes alternative to 'Turing Test'

Nov 19, 2014

(Phys.org) —A Georgia Tech professor is offering an alternative to the celebrated "Turing Test" to determine whether a machine or computer program exhibits human-level intelligence. The Turing Test - originally ...

Image descriptions from computers show gains

Nov 18, 2014

"Man in black shirt is playing guitar." "Man in blue wetsuit is surfing on wave." "Black and white dog jumps over bar." The picture captions were not written by humans but through software capable of accurately ...

Converting data into knowledge

Nov 17, 2014

When a movie-streaming service recommends a new film you might like, sometimes that recommendation becomes a new favorite; other times, the computer's suggestion really misses the mark. Yisong Yue, assistant ...

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

GrayMouser
not rated yet Sep 18, 2009
Well, a good start would be getting away from C based languages. They were created for a specific type of programming (portable assembler) and are poor for programming-in-the-large and high reliability programming. Those CAN be done in C & C++ but the burden is placed on the programmer who often doesn't have the time, tools, or inclination to prove their programs to be free of errors that other languages don't allow.
Foolish1
not rated yet Sep 19, 2009
Pushing intelligence out to the gateway is not a workable solution to the stated problem.

Neither has the act of defining policy been a salient barrier to implementing security. The central hard issue to be addressed is how best to save users from themselves.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.