Home // ICSNC 2012, The Seventh International Conference on Systems and Networks Communications // View article

An ABAC-based Policy Framework for Dynamic Firewalling

Authors:
Sören Berger
Alexander Vensmer
Sebastian Kiesel

Keywords: dynamic firewall control; network security; policy based network access control.

Abstract:
This paper presents the Policy Framework of DynFire, a novel approach for attribute-based, dynamic control of network firewalls. DynFire allows an individually controlled, secure access to IT resources of a large organization, with particular focus on mobile users and users with restricted rights, such as subcontractors. The basic assumption behind DynFire is that, within a secured network domain separated from the Internet, a temporary binding between an IP address and a single user ID can be established. Users with different attributes can authenticate to the network and get individual access to network resources. To administrate such a large amount of users and different access rights within a secured network domain of an organization, which includes distributed organisational zones, a policy framework is needed. The following paper presents a policy framework for dynamic and distributed firewalls which is able to grant access control on a per-user basis, with multitenancy capabilities and administrative delegation.

Pages: 118 to 123

Copyright: Copyright (c) IARIA, 2012

Publication date: November 18, 2012

Published in: conference

ISSN: 2163-9027

ISBN: 978-1-61208-231-8

Location: Lisbon, Portugal

Dates: from November 18, 2012 to November 23, 2012