Abstract

An ad-hoc network is perceived as a community of autonomous devices that interconnect, interact and collaborate with each other. Ad-hoc networks have dynamic topologies and cannot rely on a continuous connection to the Internet. This introduces difficult security issues when attempting to provide authentication, membership management and access control. Thus, the users have to rely on other peers in the community to relay or provide security information in the form of assertions. We term this as peer trust. In this paper, we propose a policy-based approach to regulate the behaviour of users by explicitly defining the required policies for an ad-hoc community. A community specification, namely doctrine, defines a set of participants in terms of roles, the user-role assignment (URA) policies, authorisation and obligation policies, as well as constraint specifications. However, enforcing the policies itself is a challenging task and this paper describes the conditions under which peer trust can be used to perform authentication as well as to assist the enforcement of policies, in particular the URA policies