MSNetViews: Geographically Distributed Management of Enterprise Network Security Policy

Proceedings of the 28th ACM Symposium on Access Control Models and Technologies Pub Date : 2023-05-24 DOI:10.1145/3589608.3593836

I. Anjum, Jessica Sokal, Hafiza Ramzah Rehman, Ben Weintraub, Ethan Leba, W. Enck, C. Nita-Rotaru, Bradley Reaves

{"title":"MSNetViews: Geographically Distributed Management of Enterprise Network Security Policy","authors":"I. Anjum, Jessica Sokal, Hafiza Ramzah Rehman, Ben Weintraub, Ethan Leba, W. Enck, C. Nita-Rotaru, Bradley Reaves","doi":"10.1145/3589608.3593836","DOIUrl":null,"url":null,"abstract":"Commercially-available software defined networking (SDN) technologies will play an important role in protecting the on-premises resources that remain as enterprises transition to zero trust architectures. However, existing solutions assume the entire network resides in a single geographic location, requiring organizations with multiple sites to manually ensure consistency of security policy across all sites. In this paper, we present MSNetViews, which extends a single, globally-defined and managed, enterprise network security policy to many geographically distributed sites. Each site operates independently and enforces a site-specific policy slice that is dynamically parameterized with user location as employees roam between sites. We build a prototype of MSNetViews and show that for an enterprise with globally distributed sites, the average time for policy state to settle after a user roams to a new site is well below two seconds. As such, we demonstrate that multisite organizations can efficiently protect their on-premises network-attached devices via a single global perspective.","PeriodicalId":124020,"journal":{"name":"Proceedings of the 28th ACM Symposium on Access Control Models and Technologies","volume":"53 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 28th ACM Symposium on Access Control Models and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3589608.3593836","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Commercially-available software defined networking (SDN) technologies will play an important role in protecting the on-premises resources that remain as enterprises transition to zero trust architectures. However, existing solutions assume the entire network resides in a single geographic location, requiring organizations with multiple sites to manually ensure consistency of security policy across all sites. In this paper, we present MSNetViews, which extends a single, globally-defined and managed, enterprise network security policy to many geographically distributed sites. Each site operates independently and enforces a site-specific policy slice that is dynamically parameterized with user location as employees roam between sites. We build a prototype of MSNetViews and show that for an enterprise with globally distributed sites, the average time for policy state to settle after a user roams to a new site is well below two seconds. As such, we demonstrate that multisite organizations can efficiently protect their on-premises network-attached devices via a single global perspective.

查看原文本刊更多论文

企业网络安全策略的地理分布管理

随着企业向零信任架构过渡，商用软件定义网络(SDN)技术将在保护内部部署资源方面发挥重要作用。然而，现有的解决方案假设整个网络位于单个地理位置，这要求拥有多个站点的组织手动确保所有站点的安全策略的一致性。在本文中，我们提出了MSNetViews，它将单一的、全局定义和管理的企业网络安全策略扩展到许多地理分布的站点。每个站点独立运行，并执行特定于站点的策略片，当员工在站点之间漫游时，该策略片与用户位置动态参数化。我们构建了一个MSNetViews的原型，并表明对于一个具有全球分布式站点的企业，在用户漫游到一个新站点后，策略状态的平均时间远低于2秒。因此，我们证明了多站点组织可以通过单一全局视图有效地保护其本地网络连接设备。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 28th ACM Symposium on Access Control Models and Technologies

自引率

0.00%

发文量