Managing network security policies in tactical MANETs using DRAMA

Military networks are required to adapt their access control policies to the Information Operations Condition (INFOCON) levels to minimize the impact of potential malicious activities. Such adaptations must be automated to the extent possible, consistent with mission requirements, and applied network-wide. In this paper, we present a Policy-Based Network Security (PBNS) management approach for tactical MANETs. This approach leverages the DRAMA policy based network management system and the Smart Firewall system to meet the above requirement. It allows administrators to specify low-level network access control policies for each INFOCON level using high-level policies (adapted from the Smart Firewalls approach). The high-level policies are securely distributed to all the policy decision points in the network, which evaluate and enforce policies in a distributed manner. As a consequence of enforcing policies in response to INFOCON level changes, appropriate access control policies will be derived and applied to local firewall devices without human intervention. Thus, operator burden can be significantly reduced and inadvertent errors can be avoided.