A Network Access Control solution combining OrBAC and SDN

Standard Port-based Network Access Control (NAS) with tagged Virtual Local Area Networks (VLANs) systems are useful to authenticate users within an isolated network environment. This approach on its own, however, lacks the flexibility and granularity level that new generation networks based on SDN (Software Defined Networking) can provide. The flow-based access control provides a more appropriate granularity to enforce network policies. In this paper, we propose a novel solution named SDN-based Network Access Control (S-NAC) that provides authentication and authorization of clients and servers based on high-level policies enforced at flow level. The solution has been implemented, deployed and tested over emulated and real networks.

[1]  Jim Esch,et al.  Software-Defined Networking: A Comprehensive Survey , 2015, Proc. IEEE.

[2]  A. Neeraja,et al.  Licensed under Creative Commons Attribution Cc by Improving Network Management with Software Defined Networking , 2022 .

[3]  Keith Kirkpatrick,et al.  Software-defined networking , 2013, CACM.

[4]  Byrav Ramamurthy,et al.  OpenSec: A framework for implementing security policies using OpenFlow , 2014, 2014 IEEE Global Communications Conference.

[5]  Bruno Lopes Alcantara Batista,et al.  PonderFlow: A Policy Specification Language for Openflow Networks , 2014 .

[6]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[7]  Frédéric Cuppens,et al.  Organization based access control , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[8]  Nick McKeown,et al.  A network in a laptop: rapid prototyping for software-defined networks , 2010, Hotnets-IX.

[9]  Gail-Joon Ahn,et al.  LPM: Layered Policy Management for Software-Defined Networks , 2014, DBSec.

[10]  Xuesong Yan,et al.  A Software-Defined Intelligent Method for Antenna Design , 2014, 2014 IEEE 12th International Conference on Dependable, Autonomic and Secure Computing.