SANE: A Protection Architecture for Enterprise Networks
نویسندگان
چکیده
Connectivity in today’s enterprise networks is regulated by a combination of complex routing and bridging policies, along with various interdiction mechanisms such as ACLs, packet filters, and other middleboxes that attempt to retrofit access control onto an otherwise permissive network architecture. This leads to enterprise networks that are inflexible, fragile, and difficult to manage. To address these limitations, we offer SANE, a protection architecture for enterprise networks. SANE defines a single protection layer that governs all connectivity within the enterprise. All routing and access control decisions are made by a logically-centralized server that grants access to services by handing out capabilities (encrypted source routes) according to declarative access control policies (e.g., “Alice can access http server foo”). Capabilities are enforced at each switch, which are simple and only minimally trusted. SANE offers strong attack resistance and containment in the face of compromise, yet is practical for everyday use. Our implementation shows that SANE could be deployed in current networks with only a few modifications, and it can easily scale to networks of tens of thousands of nodes.
منابع مشابه
SANE: A Protection Architecture For Enterprise Networks
In a relatively short period, enterprise networks have evolved from small-sized LANs with simple architectures, to present day large networks with very complex architectures. Their topologies now include combinations of Local Area Networks (LANs), Wireless access networks, Metropolitan Area Networks (MANs), Wide Area Networks (WANs) and Virtual Private Networks (VPNs) that often span across mul...
متن کاملArchitectural Support for Security Management in Enterprise Networks a Dissertation Submitted to the Department of Computer Science and the Committee on Graduate Studies of Stanford University in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy
Enterprise networks are often large, run a wide variety of applications and protocols, and operate under strict reliability constraints; thus, they represent a challenging environment for security management. Security policies in todays enterprise are typ ically enforced by regulating connectivity with a combination of complex routing and bridging policies along with various interdiction mecha...
متن کاملطراحی چارچوب معماری اطلاعاتی برای بهکارگیری شبکههای اجتماعی در نظام آموزش عالی ایران
Management of social networks, has become a strategic challenge for different applications including education due to its growing importance. Enterprise Architecture (EA), uses a holistic specification of information technology functions in organizations to decrease the complexity of using information technology and to increase its efficiency. As regards, using social networks in education in ...
متن کاملA Reference Architecture for Automation of Inter-Organizational Process-Oriented Collaboration
In today’s competitive, dynamic, and changing business environment, being able to collaborate globally within and beyond the enterprise borders is critical. Inter-Organizational Collaborations (IOCs) have been proposed as a response to the characteristics of highly competitive global business environments. So far, a number of reference models, frameworks, and ad hoc architectures related to som...
متن کاملEvolution of Neural Network’s Architecture through Symbiotic Neuroevolution
In this paper an extension of SANE that simultaneously evolves the weights and architecture of an MLP neural network is presented. The symbiotic adaptive neuroevolution (SANE) system coevolves a population of neurons that cooperate to form a functioning neural network. Evolutionary Strategies (ES) is applied to evolve the network weights. In order to increase the evolving system performance and...
متن کامل