scholarly journals Attribute-Guard: Attribute-Based Flow Access Control Framework in Software-Defined Networking

2020 ◽  
Vol 2020 ◽  
pp. 1-18 ◽  
Author(s):  
Xianwei Zhu ◽  
ChaoWen Chang ◽  
Qin Xi ◽  
ZhiBin Zuo
Keyword(s):  
Access Control ◽  
Software Defined Networking ◽  
Authentication Protocol ◽  
Network Characteristics ◽  
Fine Grained ◽  
Control Framework ◽  
Data Plane ◽  
Data Validity ◽  
The One ◽  
Matching Field

Software-defined networking (SDN) decouples the control plane from the data plane, offering flexible network configuration and management. Because of this architecture, some security features are missing. On the one hand, because the data plane only has the packet forwarding function, it is impossible to effectively authenticate the data validity. On the other hand, OpenFlow can only match based on network characteristics, and it is impossible to achieve fine-grained access control. In this paper, we aim to develop solutions to guarantee the validity of flow in SDN and present Attribute-Guard, a fine-grained access control and authentication scheme for flow in SDN. We design an attribute-based flow authentication protocol to verify the legitimacy of the validity flow. The attribute identifier is used as a matching field to define a forwarding control. The flow matching based on the attribute identifier and the flow authentication protocol jointly implement fine-grained access control. We conduct theoretical analysis and simulation-based evaluation of Attribute-Guard. The results show that Attribute-Guard can efficiently identify and reject fake flow.

PolyOrBAC

2011 ◽  
pp. 901-923 ◽  
Author(s):  
Anas Abou El Kalam ◽  
Yves Deswarte
Keyword(s):  
Web Services ◽  
Access Control ◽  
Web Service ◽  
Service Access ◽  
Control Mechanisms ◽  
Model Checker ◽  
Control Framework ◽  
The One ◽  
Organization Based Access Control ◽  
The Web

With the emergence of Web Services-based collaborative systems, new issues arise, in particular those related to security. In this context, Web Service access control should be studied, specified and enforced. This work proposes a new access control framework for Inter-Organizational Web Services: “PolyOr- BAC”. On the one hand, the authors extend OrBAC (Organization-Based Access Control Model) to specify rules for intra- as well as inter-organization access control; on the other hand, they enforce these rules by applying access control mechanisms dedicated to Web Services. Furthermore, the authors propose a runtime model checker for the interactions between collaborating organizations, to verify their compliance with previously signed contracts. In this respect, not only their security framework handles secure local and remote accesses, but also deals with competition and mutual suspicion between organizations, controls the Web Service workflows and audits the different interactions. In particular, every deviation from the signed contracts triggers an alarm, the concerned parties are notified, and audits can be used as evidence for a judge to sanction the party responsible for the deviation.

PolyOrBAC

2011 ◽  
pp. 537-557
Author(s):  
Anas Abou El Kalam ◽  
Yves Deswarte
Keyword(s):  
Web Services ◽  
Access Control ◽  
Web Service ◽  
Service Access ◽  
Control Mechanisms ◽  
Model Checker ◽  
Control Framework ◽  
The One ◽  
Organization Based Access Control ◽  
The Web

With the emergence of Web Services-based collaborative systems, new issues arise, in particular those related to security. In this context, Web Service access control should be studied, specified and enforced. This work proposes a new access control framework for Inter-Organizational Web Services: “PolyOr- BAC”. On the one hand, the authors extend OrBAC (Organization-Based Access Control Model) to specify rules for intra- as well as inter-organization access control; on the other hand, they enforce these rules by applying access control mechanisms dedicated to Web Services. Furthermore, the authors propose a runtime model checker for the interactions between collaborating organizations, to verify their compliance with previously signed contracts. In this respect, not only their security framework handles secure local and remote accesses, but also deals with competition and mutual suspicion between organizations, controls the Web Service workflows and audits the different interactions. In particular, every deviation from the signed contracts triggers an alarm, the concerned parties are notified, and audits can be used as evidence for a judge to sanction the party responsible for the deviation.

Application of IEEE802.1x Protocol Based on EPON System

2013 ◽  
Vol 336-338 ◽  
pp. 2433-2437
Author(s):  
Huang Zhi ◽  
Xiang Qun Wang ◽  
Wei Chen
Keyword(s):  
Access Control ◽  
Communication System ◽  
Low Cost ◽  
Distribution Network ◽  
Authentication Protocol ◽  
Network Communication ◽  
Network Access ◽  
Authentication Protocols ◽  
Network Access Control ◽  
The One

IEEE 802.1x is a port-based network access control protocol, the one of the newest authentication protocols. With the MD5 algorithm as an example, this paper introduces the type of protocol packets and the authentication process in detail. The authentication port is apart from the business stream based on the logical port. The business stream is transmitted over the controlled port, but the authentication stream is transmitted over the uncontrolled port. Therefore, the port control and authorization for users can be carried out. In this paper, two authentication methods based on EPON system are studied in detail. The 802.1x authentication protocol has many advantages, such as low-cost, simply and so on. It can satisfy the requirement of intelligent distribution network communication system.

Static Analysis Based Correctness Verification for Mandatory Access Control Framework

2009 ◽  
Vol 32 (4) ◽  
pp. 730-739 ◽  
Author(s):  
Xin-Song WU ◽  
Zhou-Yi ZHOU ◽  
Ye-Ping HE ◽  
Hong-Liang LIANG ◽  
Chun-Yang YUAN
Keyword(s):  
Access Control ◽  
Static Analysis ◽  
Mandatory Access Control ◽  
Control Framework
Sign in / Sign up

Export Citation Format

Share Document