DMCA
Resonance: Dynamic Access Control for Enterprise Networks
Cached
Download Links
| Citations: | 44 - 7 self |
BibTeX
@MISC{Nayak_resonance:dynamic,
author = {Ankur Nayak and Alex Reimers and Nick Feamster and Russ Clark},
title = {Resonance: Dynamic Access Control for Enterprise Networks},
year = {}
}
Share
 |
 |
 |
 |
||
OpenURL
Abstract
Enterprise network security is typically reactive, and it relies heavily on host security and middleboxes. This approach creates complicated interactions between protocols and systems that can cause incorrect behavior and slow response to attacks. We argue that imbuing the network layer with mechanisms for dynamic access control can remedy these ills. We propose Resonance, a system for securing enterprise networks, where the network elements themselves enforce dynamic access control policies based on both flow-level information and real-time alerts. Resonance uses programmable switches to manipulate traffic at lower layers; these switches take actions (e.g., dropping or redirecting traffic) to enforce high-level security policies based on input from both higherlevel security policies and distributed monitoring and inference systems. We describe the design of Resonance, apply it to Georgia Tech’s network access control system, show how it can both overcome the current shortcomings and provide new security functions, describe our proposed deployment, and discuss open research questions.
Keyphrases
dynamic access control enterprise network programmable switch open research question host security current shortcoming network layer new security function incorrect behavior high-level security policy enterprise network security inference system higherlevel security policy slow response flow-level information real-time alert enforce dynamic access control policy
