On the Use of Admission Control for Better Quality of Security

We propose an admission control policy that admits users into a public access network as soon as possible while limiting the overall security impact on the network and other users. In our model, each user has a particular reputation level when first requesting network access. Before admitting a user into the network, the initial risk of a user is assessed by the admission control system using past history and a scanning of the user´s device which delays the user´s admission into the network and updates the user´s reputation level accordingly. We formulate the trade-off between the admission delay and security risk as a convex optimization problem, which can be solved for an admission control policy. The evaluation suggests that our approach can substantially increase the system security for public access networks while minimizing admission delay, in contrast to current approaches widely used in enterprise networks. The proposed framework extends the traditional quality of service- based admission control mechanisms with a well-defined notion of quality of security.