Enhancing End-Hosts to Improve Computer Security and Wireless Performance for Networked Environments

Doctoral Dissertation
Thumbnail

Abstract

The number of network connected computing devices is continuing to increase substantially, which is made evident as the IPv4 address space continues to run out. This trend of increased devices with network connectivity demands an advancement in the complexity and scale of techniques to properly manage and secure networked devices. When networking was in its infancy, there was a lack of diversity in the types of applications used across a network. Today, however, there is a diverse ecosystem of applications that are driving up bandwidth demands and driving down the effectiveness of ubiquitous security solutions. Context, which refers to the interrelated conditions in which something exists or occurs, is needed in order to effectively manage the network and its resources. This dissertation examines the use of context in order to enhance computer security and 802.11 wireless network performance.

The first portion of this work focuses on enhancing computer security with the use of context. The common techniques of securing a network device based on port number, e.g. traditional firewalls, are too coarse grained because port number is no longer a direct inference of the type of application being used. Rather, a finer grained technique is needed to provide sufficient security management for a network. The use of context from an end-host that describes the interrelated conditions of a network connection is needed for an accurate account of the activities a machine is conducting so that network policy can be adequately enforced. When a network connection is encrypted an end-host solution is capable of gathering context, whereas a centralized solution would struggle.

The second portion of this work focuses on wireless performance and the need for context to enhance performance. When 802.11 wireless was in its infancy, there were fewer devices using the spectrum than today. This paucity of wireless devices made it acceptable for these devices to locally optimize their own performance without consideration for the performance of other devices around them. However, as the number of wireless devices increases, the decisions made by one device can have a detrimental effect on the performance of other devices. In this case, a solution is needed that takes into account the context or performance metrics of neighboring nodes in order optimize and guide the performance adaptation of a single node.

It is the goal of this work to make computing devices aware of the events occurring within their networks via the addition of context in order to improve the security and the performance of wireless devices. In regard to security, techniques are presented that enable fine-grained end-host enforcement with the Linux Security Module framework. In terms of wireless networking, an in depth study involving real-world, laboratory, and simulation experiments about the function of 802.11 is presented, which leads to the creation of a context aware adaptation algorithm. Through these two contributions to both computer security and networking, advancements can be made in the management and performance of wireless devices.

Attributes

Attribute NameValues
URN
  • etd-11192010-185346

Author Andrew Charles Blaich
Advisor Aaron Striegel
Contributor Christian Poellabauer, Committee Member
Contributor Mike Villano, Committee Member
Contributor Aaron Striegel, Committee Chair
Contributor Douglas Thain, Committee Member
Contributor Marina Blanton, Committee Member
Degree Level Doctoral Dissertation
Degree Discipline Computer Science and Engineering
Degree Name PhD
Defense Date
  • 2010-11-12

Submission Date 2010-11-19
Country
  • United States of America

Subject
  • networks

  • computer

  • security

  • wireless

Publisher
  • University of Notre Dame

Language
  • English

Record Visibility and Access Public
Content License
  • All rights reserved

Departments and Units

Files

Please Note: You may encounter a delay before a download begins. Large or infrequently accessed files can take several minutes to retrieve from our archival storage system.