Controller-Oblivious Dynamic Access Control in Software-Defined Networks
Author
Abstract
Conventional network access control approaches are static (e.g., user roles in Active Directory), coarse-grained (e.g., 802.1x), or both (e.g., VLANs). Such systems are unable to meaningfully stop or hinder motivated attackers seeking to spread throughout an enterprise network. To address this threat, we present Dynamic Flow Isolation (DFI), a novel architecture for supporting dynamic, fine-grained access control policies enforced in a Software-Defined Network (SDN).
Year of Publication
2019
Conference Name
29th IEEE/IFIP International Conference on Dependable Systems and Networks
Date Published
06/2019
Publisher
IEEE
Conference Location
Portland, OR, USA
ISBN Number
978-1-7281-0057-9
Accession Number
18940692
URL
https://ieeexplore.ieee.org/document/8809519
DOI
10.1109/DSN.2019.00053
Google Scholar | BibTeX | XML | DOI