A new language could improve home computer security

Sep 18, 2009

Korean computer scientists have developed a security policy specification for home networks that could make us more secure from cyber attack in our homes. They report details in the International Journal of Ad Hoc and Ubiquitous Computing.

Companies, banks, and other organizations take internet security very seriously and usually have firewalls and IT departments to protect them from attack as a matter of course. Domestic and small office networks are just as vulnerable to hacking, malicious , worms, viruses, and eavesdropping. An attack can wreak havoc on individuals and small businesses when security it compromised.

With home and small office networks connecting all kinds of devices - personal computers, mobile devices, remote security cameras, gaming consoles, and more - they represent an even more heterogeneous mix than many larger offices.

Now, Geon Woo Kim of the Electronics and Telecommunications Research Institute, in Korea, and colleagues there and at Kyungpook National University, have developed a specification for security policy on home networks that can guarantee reliability and availability. The specification also takes into account authentication, authorization, security policy deployment so that all users in the home are not only protected from malware but also can help ensure everyone can use the network when they need to.

Kim and his team explain that home networks most commonly have only a single gateway from the internet. Every packet of information must pass through this gateway at the border between the home network and the internet. It should act as a core component providing all security. "Whenever a new access to the home network is found, it should be able to authenticate and authorize it and enforce the security policy based on rules set by the home administrator," the team says.

However, to make such an approach effective but simple requires a way to consistently describe and specify the security policy. The computer scientists first turned to a computer markup language, eXtensible Access Control Markup Language (XACML). XACML is a general purpose language and so it lacks the notation for security policies and authorization rules. The team has now developed a related language - Home security Description Language, xHDL - that includes the necessary notation for securing a home network.

The new language consists of seven elements: combining-rule element, authentication element, user element, object element, object-group element, role element, and rule elements. Each of these terms within xHDL could be used to run a browser-based control centre. That program would provide the domestic administrator with simple control options to allow access to the home network only for specific devices and to control the packets of information that can pass through the gateway to and from the internet.

More information: "Security policy specification for home network" in Int. J. Ad Hoc and Ubiquitous Computing, 2009, 4, 372-378

Source: Inderscience Publishers (news : web)

Explore further: Coping with floods—of water and data

add to favorites email to friend print save as pdf

Related Stories

Cisco CEO to use 'holistic' security

Feb 17, 2006

Network security is evolving from a "pinpoint" system of attacking isolated threats to a large-scale "holistic" approach to security, said John Chambers, CEO of Cisco Systems, at the 2006 RSA Conference.

Wireless-security campaign steps up

Mar 08, 2006

Talking about connectivity on-the-go and being concerned about storage capacity is no longer a sign of being a geek, but rather very much part of everyday life for many people. Yet as the number of Internet users rises and ...

Recommended for you

Coping with floods—of water and data

Dec 19, 2014

Halloween 2013 brought real terror to an Austin, Texas, neighborhood, when a flash flood killed four residents and damaged roughly 1,200 homes. Following torrential rains, Onion Creek swept over its banks and inundated the ...

Cloud computing helps make sense of cloud forests

Dec 17, 2014

The forests that surround Campos do Jordao are among the foggiest places on Earth. With a canopy shrouded in mist much of time, these are the renowned cloud forests of the Brazilian state of São Paulo. It is here that researchers ...

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

GrayMouser
not rated yet Sep 18, 2009
Well, a good start would be getting away from C based languages. They were created for a specific type of programming (portable assembler) and are poor for programming-in-the-large and high reliability programming. Those CAN be done in C & C++ but the burden is placed on the programmer who often doesn't have the time, tools, or inclination to prove their programs to be free of errors that other languages don't allow.
Foolish1
not rated yet Sep 19, 2009
Pushing intelligence out to the gateway is not a workable solution to the stated problem.

Neither has the act of defining policy been a salient barrier to implementing security. The central hard issue to be addressed is how best to save users from themselves.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.