Abstract
In this work, we proposed Software Defined Networking (SDN) based access control techniques for preventing unauthorised access to traffic flows in secure networks. We have developed an Access Control Application (ACA) for the SDN Controller for differentiating the flow requests from the user/devices that are classified at different security levels and configuring the routes with physical or virtual separation between the flows. This separation of flows makes it difficult for the malicious users with lower security clearance to access the flows that belong to the users with higher security clearance. Hence, our work significantly minimises the attack surface in secure environments. We will also discuss the prototype implementation of our model and some performance characteristics.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Berde, P., et al.: ONOS: towards an open, distributed SDN OS. In: Proceedings of the 3rd Workshop on Hot Topics in Software Defined Networking, pp. 1–6. ACM (2014)
Badger, L., Sterne, D.F., Sherman, D.L., Walker, K.M., Haghighat, S.A.: Practical domain and type enforcement for UNIX. In: 1995 Proceedings of the IEEE Symposium on Security and Privacy, pp. 66–77 (1995)
Barham, P., et al.: Xen and the art of virtualization. In: Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, SOSP 2003, pp. 164–177. ACM Press, New York (2003)
Bell, D.E., LaPadula, L.J.: Secure computer system: unified exposition and multics interpretation (1976)
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: 2007 IEEE Symposium on Security and Privacy, SP 2007, pp. 321–334. IEEE (2007)
Brewer, D.F., Nash, M.J.: The Chinese Wall security policy. In: IEEE Symposium on Security and Privacy, pp. 206–214 (1989)
Dacier, M.C., et al.: Security challenges and opportunities of software-defined networking. IEEE Secur. Priv. 15(2), 96–100 (2017). https://doi.org/10.1109/MSP.2017.46
Ferraiolo, D., Kuhn, R.: Role-based access control. In: 15th National Computer Security Conference, pp. 554–563. US National Institute of Standards and Technology (1992)
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 89–98. ACM (2006)
Hong, S., et al.: Poisoning network visibility in software-defined networks: new attacks and countermeasures. In: NDSS (2015)
Jansen, R., Juarez, M., Gálvez, R., Elahi, T., Diaz, C.: Inside Job: applying traffic analysis to measure tor from within. In: Network and Distributed System Security Symposium. IEEE Internet Society (2018)
Kreutz, D., Ramos, F., Verissimo, P.: Towards secure and dependable software-defined networks. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, pp. 55–60. ACM (2013)
Lantz, B., Heller, B., McKeown, N.: A network in a laptop: rapid prototyping for software-defined networks. In: Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, p. 19. ACM (2010)
Lee, S., et al.: DELTA: a security assessment framework for software-defined networks. In: Proceedings of NDSS, vol. 17 (2017)
NSA: SELinux Related Work (2012). http://www.nsa.gov/research/selinux/related.shtml. Accessed July 2012
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control: a multi-dimensional view. In: 1994 Proceedings of the 10th Annual Computer Security Applications Conference, pp. 54–62 (1994)
Schehlmann, L., Abt, S., Baier, H.: Blessing or curse? Revisiting security aspects of software-defined networking. In: 10th International Conference on Network and Service Management, pp. 382–387. IEEE (2014)
Schneier, B.: Heartbleed. Schneier On Security, Blog (2014)
Mininet Team: Mininet: an instant virtual network on your laptop (or other PC). Google scholar (2012)
Tomšŭ, R., Marchal, S., Asokan, N.: Profiling users by modeling web transactions. In: 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), pp. 2399–2404. IEEE (2017)
Trusted Computing Group: Incorporated: TPM main, part 1 design principles. Technical report, revision 116, Trusted Computing Group, Inc. (2011)
Zhou, L., Varadharajan, V., Hitchens, M.: Achieving secure role-based access control on encrypted data in cloud storage. IEEE Trans. Inf. Forensics Secur. 8(12), 1947–1960 (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Tupakula, U., Varadharajan, V., Karmakar, K. (2020). Access Control Based Dynamic Path Establishment for Securing Flows from the User Devices with Different Security Clearance. In: Barolli, L., Takizawa, M., Xhafa, F., Enokido, T. (eds) Advanced Information Networking and Applications. AINA 2019. Advances in Intelligent Systems and Computing, vol 926. Springer, Cham. https://doi.org/10.1007/978-3-030-15032-7_109
Download citation
DOI: https://doi.org/10.1007/978-3-030-15032-7_109
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-15031-0
Online ISBN: 978-3-030-15032-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)