Delegating Network Security with More Information
Network security is gravitating towards more centralized control. Strong centralization places a heavy burden on the administrator who has to manage complex security policies and be able to adapt to users' requests. To be able to cope, the administrator needs to delegate some control back to en...
| Main Authors: | , , , , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | en_US |
| Published: |
Association for Computing Machinery
2011
|
| Online Access: | http://hdl.handle.net/1721.1/67004 https://orcid.org/0000-0003-0238-2703 |
| _version_ | 1811072357182210048 |
|---|---|
| author | Naous, Jad Stutsman, Ryan Mazieres, David McKeown, Nick Zeldovich, Nickolai |
| author2 | Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory |
| author_facet | Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory Naous, Jad Stutsman, Ryan Mazieres, David McKeown, Nick Zeldovich, Nickolai |
| author_sort | Naous, Jad |
| collection | MIT |
| description | Network security is gravitating towards more centralized control. Strong centralization places a heavy burden on the administrator who has to manage complex security policies and be able to adapt to users' requests. To be able to cope, the administrator needs to delegate some control back to end-hosts and users, a capability that is missing in today's networks. Delegation makes administrators less of a bottleneck when policy needs to be modified and allows network administration to follow organizational lines. To enable delegation, we propose ident++ - a simple protocol to request additional information from end-hosts and networks on the path of a flow. ident++ allows users and end-hosts to participate in network security enforcement by providing information that the administrator might not have or rules to be enforced on their behalf. In this paper we describe ident++ and how it provides delegation and enables flexible and powerful policies. |
| first_indexed | 2024-09-23T09:04:40Z |
| format | Article |
| id | mit-1721.1/67004 |
| institution | Massachusetts Institute of Technology |
| language | en_US |
| last_indexed | 2024-09-23T09:04:40Z |
| publishDate | 2011 |
| publisher | Association for Computing Machinery |
| record_format | dspace |
| spelling | mit-1721.1/670042022-09-30T13:16:41Z Delegating Network Security with More Information Naous, Jad Stutsman, Ryan Mazieres, David McKeown, Nick Zeldovich, Nickolai Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science Zeldovich, Nickolai Zeldovich, Nickolai Network security is gravitating towards more centralized control. Strong centralization places a heavy burden on the administrator who has to manage complex security policies and be able to adapt to users' requests. To be able to cope, the administrator needs to delegate some control back to end-hosts and users, a capability that is missing in today's networks. Delegation makes administrators less of a bottleneck when policy needs to be modified and allows network administration to follow organizational lines. To enable delegation, we propose ident++ - a simple protocol to request additional information from end-hosts and networks on the path of a flow. ident++ allows users and end-hosts to participate in network security enforcement by providing information that the administrator might not have or rules to be enforced on their behalf. In this paper we describe ident++ and how it provides delegation and enables flexible and powerful policies. United States. Dept. of Homeland Security (Scholarship and Fellowship Program) United States. Dept. of Energy Oak Ridge Institute for Science and Education 2011-11-10T16:31:07Z 2011-11-10T16:31:07Z 2009-08 Article http://purl.org/eprint/type/ConferencePaper 9781605584430 http://hdl.handle.net/1721.1/67004 Naous, Jad et al. “Delegating network security with more information.” in WREN '09, Proceedings of the 1st ACM workshop on Research on enterprise networking, August 21, 2009, Barcelona, Spain, ACM Press. https://orcid.org/0000-0003-0238-2703 en_US http://dx.doi.org/10.1145/1592681.1592685 Proceedings of the 1st ACM Workshop on Research on Enterprise Networking, WREN '09 Creative Commons Attribution-Noncommercial-Share Alike 3.0 http://creativecommons.org/licenses/by-nc-sa/3.0/ application/pdf Association for Computing Machinery MIT web domain |
| spellingShingle | Naous, Jad Stutsman, Ryan Mazieres, David McKeown, Nick Zeldovich, Nickolai Delegating Network Security with More Information |
| title | Delegating Network Security with More Information |
| title_full | Delegating Network Security with More Information |
| title_fullStr | Delegating Network Security with More Information |
| title_full_unstemmed | Delegating Network Security with More Information |
| title_short | Delegating Network Security with More Information |
| title_sort | delegating network security with more information |
| url | http://hdl.handle.net/1721.1/67004 https://orcid.org/0000-0003-0238-2703 |
| work_keys_str_mv | AT naousjad delegatingnetworksecuritywithmoreinformation AT stutsmanryan delegatingnetworksecuritywithmoreinformation AT mazieresdavid delegatingnetworksecuritywithmoreinformation AT mckeownnick delegatingnetworksecuritywithmoreinformation AT zeldovichnickolai delegatingnetworksecuritywithmoreinformation |