A Network Access Control solution combining OrBAC and SDN

Rafael Aschoff; Daniel Rosendo; Marcos MacHado; Alexandre Santos; Djamel Sadok

doi:10.23919/INM.2017.7987316

A Network Access Control solution combining OrBAC and SDN

Rafael Aschoff
, Daniel Rosendo
, Marcos MacHado
, Alexandre Santos
, Djamel Sadok

Workflow and Ecosystem Services

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

5 Scopus citations

Abstract

Standard Port-based Network Access Control (NAS) with tagged Virtual Local Area Networks (VLANs) systems are useful to authenticate users within an isolated network environment. This approach on its own, however, lacks the flexibility and granularity level that new generation networks based on SDN (Software Defined Networking) can provide. The flow-based access control provides a more appropriate granularity to enforce network policies. In this paper, we propose a novel solution named SDN-based Network Access Control (S-NAC) that provides authentication and authorization of clients and servers based on high-level policies enforced at flow level. The solution has been implemented, deployed and tested over emulated and real networks.

Original language	English
Title of host publication	Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management
Editors	Prosper Chemouil, Paulo Simoes, Edmundo Madeira, Stefano Secci, Edmundo Monteiro, Luciano Paschoal Gaspary, Carlos Raniery P. dos Santos, Marinos Charalambides
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	483-489
Number of pages	7
ISBN (Electronic)	9783901882890
DOIs	https://doi.org/10.23919/INM.2017.7987316
State	Published - Jul 20 2017
Event	15th IFIP/IEEE International Symposium on Integrated Network and Service Management, IM 2017 - Lisbon, Portugal Duration: May 8 2017 → May 12 2017

Publication series

Name	Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management

Conference

Conference	15th IFIP/IEEE International Symposium on Integrated Network and Service Management, IM 2017
Country/Territory	Portugal
City	Lisbon
Period	05/8/17 → 05/12/17

Access to Document

10.23919/INM.2017.7987316

Cite this

Aschoff, R., Rosendo, D., MacHado, M., Santos, A., & Sadok, D. (2017). A Network Access Control solution combining OrBAC and SDN. In P. Chemouil, P. Simoes, E. Madeira, S. Secci, E. Monteiro, L. P. Gaspary, C. R. P. dos Santos, & M. Charalambides (Eds.), Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management (pp. 483-489). Article 7987316 (Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.23919/INM.2017.7987316

Aschoff, Rafael ; Rosendo, Daniel ; MacHado, Marcos et al. / A Network Access Control solution combining OrBAC and SDN. Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management. editor / Prosper Chemouil ; Paulo Simoes ; Edmundo Madeira ; Stefano Secci ; Edmundo Monteiro ; Luciano Paschoal Gaspary ; Carlos Raniery P. dos Santos ; Marinos Charalambides. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 483-489 (Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management).

@inproceedings{39ae8b910ecb4542b90a9ecef4454042,

title = "A Network Access Control solution combining OrBAC and SDN",

abstract = "Standard Port-based Network Access Control (NAS) with tagged Virtual Local Area Networks (VLANs) systems are useful to authenticate users within an isolated network environment. This approach on its own, however, lacks the flexibility and granularity level that new generation networks based on SDN (Software Defined Networking) can provide. The flow-based access control provides a more appropriate granularity to enforce network policies. In this paper, we propose a novel solution named SDN-based Network Access Control (S-NAC) that provides authentication and authorization of clients and servers based on high-level policies enforced at flow level. The solution has been implemented, deployed and tested over emulated and real networks.",

author = "Rafael Aschoff and Daniel Rosendo and Marcos MacHado and Alexandre Santos and Djamel Sadok",

note = "Publisher Copyright: {\textcopyright} 2017 IFIP.; 15th IFIP/IEEE International Symposium on Integrated Network and Service Management, IM 2017 ; Conference date: 08-05-2017 Through 12-05-2017",

year = "2017",

month = jul,

day = "20",

doi = "10.23919/INM.2017.7987316",

language = "English",

series = "Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "483--489",

editor = "Prosper Chemouil and Paulo Simoes and Edmundo Madeira and Stefano Secci and Edmundo Monteiro and Gaspary, \{Luciano Paschoal\} and \{dos Santos\}, \{Carlos Raniery P.\} and Marinos Charalambides",

booktitle = "Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management",

}

Aschoff, R, Rosendo, D, MacHado, M, Santos, A & Sadok, D 2017, A Network Access Control solution combining OrBAC and SDN. in P Chemouil, P Simoes, E Madeira, S Secci, E Monteiro, LP Gaspary, CRP dos Santos & M Charalambides (eds), Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management., 7987316, Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management, Institute of Electrical and Electronics Engineers Inc., pp. 483-489, 15th IFIP/IEEE International Symposium on Integrated Network and Service Management, IM 2017, Lisbon, Portugal, 05/8/17. https://doi.org/10.23919/INM.2017.7987316

A Network Access Control solution combining OrBAC and SDN. / Aschoff, Rafael; Rosendo, Daniel; MacHado, Marcos et al.
Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management. ed. / Prosper Chemouil; Paulo Simoes; Edmundo Madeira; Stefano Secci; Edmundo Monteiro; Luciano Paschoal Gaspary; Carlos Raniery P. dos Santos; Marinos Charalambides. Institute of Electrical and Electronics Engineers Inc., 2017. p. 483-489 7987316 (Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A Network Access Control solution combining OrBAC and SDN

AU - Aschoff, Rafael

AU - Rosendo, Daniel

AU - MacHado, Marcos

AU - Santos, Alexandre

AU - Sadok, Djamel

PY - 2017/7/20

Y1 - 2017/7/20

N2 - Standard Port-based Network Access Control (NAS) with tagged Virtual Local Area Networks (VLANs) systems are useful to authenticate users within an isolated network environment. This approach on its own, however, lacks the flexibility and granularity level that new generation networks based on SDN (Software Defined Networking) can provide. The flow-based access control provides a more appropriate granularity to enforce network policies. In this paper, we propose a novel solution named SDN-based Network Access Control (S-NAC) that provides authentication and authorization of clients and servers based on high-level policies enforced at flow level. The solution has been implemented, deployed and tested over emulated and real networks.

AB - Standard Port-based Network Access Control (NAS) with tagged Virtual Local Area Networks (VLANs) systems are useful to authenticate users within an isolated network environment. This approach on its own, however, lacks the flexibility and granularity level that new generation networks based on SDN (Software Defined Networking) can provide. The flow-based access control provides a more appropriate granularity to enforce network policies. In this paper, we propose a novel solution named SDN-based Network Access Control (S-NAC) that provides authentication and authorization of clients and servers based on high-level policies enforced at flow level. The solution has been implemented, deployed and tested over emulated and real networks.

UR - https://www.scopus.com/pages/publications/85029456495

U2 - 10.23919/INM.2017.7987316

DO - 10.23919/INM.2017.7987316

M3 - Conference contribution

AN - SCOPUS:85029456495

T3 - Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management

SP - 483

EP - 489

BT - Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management

A2 - Chemouil, Prosper

A2 - Simoes, Paulo

A2 - Madeira, Edmundo

A2 - Secci, Stefano

A2 - Monteiro, Edmundo

A2 - Gaspary, Luciano Paschoal

A2 - dos Santos, Carlos Raniery P.

A2 - Charalambides, Marinos

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 15th IFIP/IEEE International Symposium on Integrated Network and Service Management, IM 2017

Y2 - 8 May 2017 through 12 May 2017

ER -

Aschoff R, Rosendo D, MacHado M, Santos A, Sadok D. A Network Access Control solution combining OrBAC and SDN. In Chemouil P, Simoes P, Madeira E, Secci S, Monteiro E, Gaspary LP, dos Santos CRP, Charalambides M, editors, Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management. Institute of Electrical and Electronics Engineers Inc. 2017. p. 483-489. 7987316. (Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management). doi: 10.23919/INM.2017.7987316

A Network Access Control solution combining OrBAC and SDN

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this