Home // ICN 2024, The Twenty-Third International Conference on Networks // View article

Automating SDN-ACLs with User Groups and Authentication Events

Authors:
Florian Grießer
Atsushi Shinoda
Hirokazu Hasegawa
Hajime Shimada

Keywords: Software-defined Networking; Authentication; Access Control Lists

Abstract:
Due to emerging cybersecurity threats, traditional networks struggle to adapt to new challenges because of their static nature and need for manual adjustments. In contrast, the inherent flexibility and rapid adaptability of Software-defined Networks (SDN) present an opportunity to overcome these limitations. Leveraging this potential, we propose a novel approach for automatically generating Access Control Lists (ACLs) within SDN environments. The system centralizes Access Control to the User Database and automatically generates derived rules, thus reducing administrators' manual work. By implementing Port Access Control, we can ensure that only authentic clients can access network resources. As a second feature, the system can change ACLs to block traffic or forward traffic to an Intrusion Detection System (IDS) for deeper inspection in case of suspicious activity like failed login attempts. To demonstrate the effectiveness, we evaluated the system in two use cases, initial client connection and dynamic adaption to authentication events, to test and compare the implementation to other systems. The evaluation proved that we can reduce manual processes and enhance the security of a network by dynamically generating ACLs to isolate clients.

Pages: 5 to 12

Copyright: Copyright (c) IARIA, 2024

Publication date: May 26, 2024

Published in: conference

ISSN: 2308-4413

ISBN: 978-1-68558-174-9

Location: Barcelona, Spain

Dates: from May 26, 2024 to May 30, 2024