Routing with confidence: supporting discretionary routing requirements in policy based networks

We propose a novel policy-based secure routing framework that extends the mandatory nature of network access-control policies and allows users to exercise discretionary control on what routes they choose in a given network. In contrast to existing research that focuses mainly on restricting network access based on user credentials, we present a model that allows users to specify discretionary constraints on path characteristics and discover routes based on situational trust attributes of routers in a network. In this context, we present three levels of trust-attribute certification based on inherent, consensus based, and inferred characteristics of routers. We also define a "confidence" measure that captures the "quality of protection" of a route with regard to various dynamic trust relationships that arise from this interaction between user preferences and network policy. Based on this measure, we show how to generate paths of highest confidence efficiently by using shortest path algorithms. We show how our model generalizes the notion of quality of protection (QoP) for secure routing and discuss how it can be applied to anonymous and privacy-aware routing, intrusion tolerant communication, and secure resource discovery for ubiquitous computing, high performance, and peer-to-peer environments.