Publication No 40162
|
Author(s)
|
Berger, S.; Vensmer, A.*; Kiesel, S.
|
Title
|
An ABAC-based Policy Framework for Dynamic Firewalling
|
Topics
|
Network Security
|
Methods
|
Network Management
|
Keywords
|
ACCESS CONTROL; SECURITY
|
Abstract
|
This paper presents the Policy Framework of DynFire, a novel approach for attribute-based, dynamic control of network firewalls. DynFire allows an individually controlled, secure access to IT resources of a large organization, with particular focus on mobile users and users with restricted rights, such as subcontractors. The basic assumption behind DynFire is that, within a secured network domain separated from the Internet, a temporary binding between an IP address and a single user ID can be established. Users with different attributes can authenticate to the network and get individual access to network resources. To administrate such a large amount of users and different access rights within a secured network domain of an organization, which includes distributed organisational zones, a policy framework is needed. The following paper presents a policy framework for dynamic and distributed firewalls which is able to grant access control on a per-user basis, with multitenancy capabilities and administrative delegation.
|
Year
|
2012
|
Reference entry
|
Berger, S.; Vensmer, A.; Kiesel, S.
An ABAC-based Policy Framework for Dynamic Firewalling
Proceedings of The Seventh International Conference on Systems and Networks Communications (ICSNC 2012), Lisbon, November 2012, pp. 118-123
|
BibTex file
|
Download [BIBTEX]
|
Full Text
|
Download
[PDF]
|
|
|