History-based Distributed Filtering - A Tagging Approach to Network-Level Access Control
نویسندگان
چکیده
This contribution discusses a network-level access control technique that applies the non-discretionary access control model to individual data packets that are exchanged between hosts or subnets. The proposed technique examines incoming data’s integrity properties to prevent applications within a node or subnetwork from so called subversive channels. It checks outgoing data’s secrecy requirements before transmission. Security labels are used to identify data packets as members of different categories and security levels. Additional tags store context information to validate the trustworthiness of a packet’s content. Labels and tags of a data packet reflect events that may be relevant to access control throughout its life. As opposed to stateful filtering, which is based on the history of a flow of packets, our approach works on the history of an individual packet. Any state information is part of the packet rather than stored in all the nodes inspecting the packet; i.e. nodes do not need to create and maintain state information.
منابع مشابه
Distributed Filtering with Contags and Security-Labels
accessed through and transmitted over these interconThis contribution presents a new access control method based on distributed filtering of data packets at network boundaries. It addresses well-known security problems that occur at network interconnection points. Our method achieves finer-grained access control than existing filtering methods by accumulating context information and distributin...
متن کاملA harmony search-based approach for real-time volt & var control in distribution network by considering distributed generations units
In recent decade, development of telecommunications infrastructure has led to rapid exchange of data between the distribution network components and the control center in many developed countries. These changes, considering the numerous benefits of the Distributed Generators (DGs), have made more motivations for distribution companies to utilize these kinds of generators more than ever before. ...
متن کاملImproving Distributed Firewalls Performance through Vertical Load Balancing
In this paper we present an extension to an existing hash based packet classification technique in order to improve its performance in a distributed network access control environment. We show that such architecture can be modified so that flow states can be kept in a distributed fashion thus reducing the space needed for packet filtering in each component of the architecture. We also show how ...
متن کاملNeural Network Based Protection of Software Defined Network Controller against Distributed Denial of Service Attacks
Software Defined Network (SDN) is a new architecture for network management and its main concept is centralizing network management in the network control level that has an overview of the network and determines the forwarding rules for switches and routers (the data level). Although this centralized control is the main advantage of SDN, it is also a single point of failure. If this main contro...
متن کاملAccess and Mobility Policy Control at the Network Edge
The fifth generation (5G) system architecture is defined as service-based and the core network functions are described as sets of services accessible through application programming interfaces (API). One of the components of 5G is Multi-access Edge Computing (MEC) which provides the open access to radio network functions through API. Using the mobile edge API third party analytics applications ...
متن کامل