Research On Security Mechanism Of NGN Open Service Architecture

The next generation network (NGN) will be an integrated network merging voice, data and multimedia services. Obviously, the tendency of telecommunication network would transit form the technology driven to the service driven. The open service architecture and the environment with many kinds of applications is high vulnerable and complex with respect to the security aspects regarding the NGN, where the signalling are transported through IP and controlling entities are running on general computer system. Both of them are apt to be attacked when comparing with the traditional telecom infrastructure. The convergence of multi networks, the interoperability of multi security domains and the opening of network capability make the situation more complicated. The main goal of this thesis is to develop security mechanisms for open service architecture to meet the requirements of NGN service and the network.The main innovation of this thesis is summarized as follows:1. A modeling language based on UML extension is proposed to model the general security requirements of NGN services. And a framework is presented to integrate the security requirements model and concrete security mechanisms. The framework is designed to accommodate different security mechanisms based on their security capabilities, so the security requirements can be fulfilled in heterogeneous environments.2. An attribute-based Access Control mechanism tailored for the NGN open service architecture is proposed and formalized with Description Logic. With the logic formalization, the access control decision and consistency of polices can be reasoned. And ontology description languages are used to represent the policy and user attributes, context attributes for interoperability. The components of Attribute-Based Control Access can be model as ontology of the security domain.3. The security risks of network resources in opening Parlay API environment are investigated and a Time constraint Predicate/Transition Petri Net is defined to analyze the application behavior and to figure the abnormal indication. A Time window approach is proposed to detect the time-related abnormal calls on Parlay API and a sequence matching approach is proposed to detect the sequential abnormal calls.