{"title":"C-BAS的实现:SDN实验设施基于证书的AAA","authors":"U. Toseef, K. Pentikousis","doi":"10.1109/NCCA.2015.16","DOIUrl":null,"url":null,"abstract":"Recent work in software-defined networking experimental facilities has been shifting towards large scale deployments through federation of resources that span across continents and make it possible to perform experiments at a global scale. The success of such deployments very much depends on the design and implementation of essential, secure mechanisms for authentication, authorization, and accounting (AAA) that not only ensure the robustness of such facilities against intrusions and unauthorized use but also ease experimentation and system administration in such complex environments. C-BAS is an initiative in this direction that uses a secure and flexible certificate-based AAA architecture for SDN experimental facilities. Advanced certificate-based authentication and authorization makes C-BAS inherently resilient against attacks specific to traditional AAA mechanisms, increases flexibility and autonomy in experimental facility system administration, and facilitates federation. This article introduces the implementation details of C-BAS, explains its features through use cases, and evaluates its computational performance.","PeriodicalId":309782,"journal":{"name":"2015 IEEE Fourth Symposium on Network Cloud Computing and Applications (NCCA)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-06-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"Implementation of C-BAS: Certificate-Based AAA for SDN Experimental Facilities\",\"authors\":\"U. Toseef, K. Pentikousis\",\"doi\":\"10.1109/NCCA.2015.16\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Recent work in software-defined networking experimental facilities has been shifting towards large scale deployments through federation of resources that span across continents and make it possible to perform experiments at a global scale. The success of such deployments very much depends on the design and implementation of essential, secure mechanisms for authentication, authorization, and accounting (AAA) that not only ensure the robustness of such facilities against intrusions and unauthorized use but also ease experimentation and system administration in such complex environments. C-BAS is an initiative in this direction that uses a secure and flexible certificate-based AAA architecture for SDN experimental facilities. Advanced certificate-based authentication and authorization makes C-BAS inherently resilient against attacks specific to traditional AAA mechanisms, increases flexibility and autonomy in experimental facility system administration, and facilitates federation. This article introduces the implementation details of C-BAS, explains its features through use cases, and evaluates its computational performance.\",\"PeriodicalId\":309782,\"journal\":{\"name\":\"2015 IEEE Fourth Symposium on Network Cloud Computing and Applications (NCCA)\",\"volume\":\"35 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-06-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 IEEE Fourth Symposium on Network Cloud Computing and Applications (NCCA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NCCA.2015.16\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE Fourth Symposium on Network Cloud Computing and Applications (NCCA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NCCA.2015.16","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Implementation of C-BAS: Certificate-Based AAA for SDN Experimental Facilities
Recent work in software-defined networking experimental facilities has been shifting towards large scale deployments through federation of resources that span across continents and make it possible to perform experiments at a global scale. The success of such deployments very much depends on the design and implementation of essential, secure mechanisms for authentication, authorization, and accounting (AAA) that not only ensure the robustness of such facilities against intrusions and unauthorized use but also ease experimentation and system administration in such complex environments. C-BAS is an initiative in this direction that uses a secure and flexible certificate-based AAA architecture for SDN experimental facilities. Advanced certificate-based authentication and authorization makes C-BAS inherently resilient against attacks specific to traditional AAA mechanisms, increases flexibility and autonomy in experimental facility system administration, and facilitates federation. This article introduces the implementation details of C-BAS, explains its features through use cases, and evaluates its computational performance.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
