Securing Delay-Tolerant Networks with BPSec
by Edward J. Birrane, III, Sarah Heiner, Ken McKeever
12Security Policy Overview
The potentially challenged nature of BPv7 networks places unique constraints on the establishment and upkeep of security configuration and policy information. Importantly, policy expressions cannot always be negotiated in real-time between secure endpoints, as there might not exist connectivity between those endpoints.
BPSec, in particular, requires an expressive security policy to handle the processing of security operations in a bundle. This policy being made more complex by the fact that security operations can be applied block-by-block and not bundle-by-bundle, that these operations can use different security contexts, and that Bundle Protocol Agents (BPAs) have multiple roles of sources, verifiers, and acceptors.
This chapter outlines a policy model that can be used as a basis for developing security policy expressions and software implementations for BPv7 networks. This includes a discussion of the ways in which policy can be communicated in a network and common events and actions that should be considered.
After reading this chapter you will be able to:
12.1 Overview
The diversity of BPv7 network constraints, ...