Publication No 40162


Berger, S.; Vensmer, A.*; Kiesel, S.


An ABAC-based Policy Framework for Dynamic Firewalling


Network Security


Network Management




This paper presents the Policy Framework of DynFire, a novel approach for attribute-based, dynamic control of network firewalls. DynFire allows an individually controlled, secure access to IT resources of a large organization, with particular focus on mobile users and users with restricted rights, such as subcontractors. The basic assumption behind DynFire is that, within a secured network domain separated from the Internet, a temporary binding between an IP address and a single user ID can be established. Users with different attributes can authenticate to the network and get individual access to network resources. To administrate such a large amount of users and different access rights within a secured network domain of an organization, which includes distributed organisational zones, a policy framework is needed. The following paper presents a policy framework for dynamic and distributed firewalls which is able to grant access control on a per-user basis, with multitenancy capabilities and administrative delegation.



Reference entry

Berger, S.; Vensmer, A.; Kiesel, S.
An ABAC-based Policy Framework for Dynamic Firewalling
Proceedings of The Seventh International Conference on Systems and Networks Communications (ICSNC 2012), Lisbon, November 2012, pp. 118-123

BibTex file

Download  [BIBTEX]

Full Text

Download  [PDF]

Authors marked with an asterisk (*) were IKR staff members at the time the publication has been written.