Abstract
In this paper, we coin the term Policy Enforcement
as a Service (PEPS), which enables the provision of innovative
inter-layer and inter-domain Access Control. We leverage the
architecture of Software-Defined-Network (SDN) to introduce
a common network-level enforcement point, which is made
available to a range of access control systems. With our PEPS
model, it is possible to have a ‘defense in depth’ protection
model and drop unsuccessful access requests before engaging
the data provider (e.g. a database system). Moreover, the current
implementation of access control within the ‘trusted’ perimeter
of an organization is no longer a restriction so that the potential
for novel, distributed and cooperative security services can be
realized. We conduct an analysis of the security requirements and
technical challenges for implementing Policy Enforcement as a
Service. To illustrate the benefits of our proposal in practice, we
include a report on our prototype PEPS-enabled location-based
access control.
Original language | English |
---|---|
Title of host publication | Proceedings of the IEEE Conference on Network Functions Virtualization and Software-Defined Networking |
Place of Publication | Palo Alto, California |
Publisher | Institute of Electrical and Electronics Engineers (IEEE) |
Number of pages | 6 |
ISBN (Print) | 978-1-5090-0933-6 |
Publication status | Published - 08 May 2017 |
Event | 2016 IEEE Conference on Network Functions Virtualization and Software-Defined Networking - Palo Alto, United States Duration: 07 Nov 2016 → 09 Nov 2016 http://nfvsdn2016.ieee-nfvsdn.org/ (Link to event details online) |
Conference
Conference | 2016 IEEE Conference on Network Functions Virtualization and Software-Defined Networking |
---|---|
Abbreviated title | NFV-SDN '16 |
Country/Territory | United States |
City | Palo Alto |
Period | 07/11/2016 → 09/11/2016 |
Internet address |
|