An autonomic and policy-based authorization framework for OpenFlow networks

2017 13th International Conference on Network and Service Management (CNSM) Pub Date : 2017-11-01 DOI:10.23919/CNSM.2017.8255990

Daniel Rosendo, P. Endo, D. Sadok, J. Kelner

{"title":"An autonomic and policy-based authorization framework for OpenFlow networks","authors":"Daniel Rosendo, P. Endo, D. Sadok, J. Kelner","doi":"10.23919/CNSM.2017.8255990","DOIUrl":null,"url":null,"abstract":"The Network Access Control (NAC) management is a critical task, especially in current networks that are composed of many heterogeneous things (Internet of Things) connected to share data, resources and Internet access. The Software-Defined Networking (SDN) simplifies the network design and operation, and offers new opportunities (programmability, flexibility, dy-namicity, and standardization) to manage the network. Despite this, the access control management remains a challenge, once managing security policies involves dealing with a large set of access control rules, detecting conflicting policies, defining priorities, delegating rights, and reacting against network state changes and events. This work presents the HACFlow, a novel, autonomic, and policy-based framework for access control management in OpenFlow networks. HACFlow aims to simplify and automate the network management allowing network operators to govern rights of network entities by defining dynamic, fine-grained, and high-level access control policies. We analyzed the performance of HACFlow and compared it against related approaches.","PeriodicalId":211611,"journal":{"name":"2017 13th International Conference on Network and Service Management (CNSM)","volume":"59 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 13th International Conference on Network and Service Management (CNSM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/CNSM.2017.8255990","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

Abstract

The Network Access Control (NAC) management is a critical task, especially in current networks that are composed of many heterogeneous things (Internet of Things) connected to share data, resources and Internet access. The Software-Defined Networking (SDN) simplifies the network design and operation, and offers new opportunities (programmability, flexibility, dy-namicity, and standardization) to manage the network. Despite this, the access control management remains a challenge, once managing security policies involves dealing with a large set of access control rules, detecting conflicting policies, defining priorities, delegating rights, and reacting against network state changes and events. This work presents the HACFlow, a novel, autonomic, and policy-based framework for access control management in OpenFlow networks. HACFlow aims to simplify and automate the network management allowing network operators to govern rights of network entities by defining dynamic, fine-grained, and high-level access control policies. We analyzed the performance of HACFlow and compared it against related approaches.

查看原文本刊更多论文

OpenFlow网络的自主和基于策略的授权框架

网络访问控制(NAC)管理是一项至关重要的任务，特别是在当前由许多异构物(Internet of things)组成的网络中，共享数据、资源和互联网访问。软件定义网络(SDN)简化了网络的设计和运行，为网络管理提供了新的机会(可编程性、灵活性、动态性和标准化)。尽管如此，访问控制管理仍然是一个挑战，一旦管理安全策略涉及处理大量访问控制规则集，检测冲突策略，定义优先级，授权以及对网络状态变化和事件做出反应。这项工作提出了HACFlow，一个新颖的、自主的、基于策略的框架，用于OpenFlow网络中的访问控制管理。HACFlow旨在简化和自动化网络管理，允许网络运营商通过定义动态的、细粒度的、高级的访问控制策略来管理网络实体的权限。我们分析了HACFlow的性能，并将其与相关方法进行了比较。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 13th International Conference on Network and Service Management (CNSM)

自引率

0.00%

发文量