Policy Enforcement in Stub Autonomous Domains
نویسنده
چکیده
Interconnection across administrative boundaries prompts the need for comprehensive policy enforcement (i.e., access control) with respect to inter-domain packet traac. Due to the nature of the communication services they provide, stub and transit domains require diierent mechanisms for policing inter-domain traac. This paper addresses the design of a policy enforcement mechanism geared speciically towards stub domains. With the aid of some basic concepts borrowed from Visa protocoll5], a much more powerful mechanism is developed and analyzed. Protocol implementation and experimental results are discussed.
منابع مشابه
Beyond interdomain reachability
The Border Gateway Protocol (BGP) was designed as a successor to the Exterior Gateway Protocol. BGP started as a subset of the IDRP protocol [ISO93] being developed by ISO. During the last ten years, BGP has evolved in an incremental and backward compatible manner. In the early nineties, the main objective of BGP was to make possible the distribution of routes constrained by routeing policies, ...
متن کاملAdministering Access Control in Dynamic Coalitions
Dynamic coalitions enable autonomous domains to achieve common objectives by sharing resources based on negotiated resource-sharing agreements. A major requirement for administering dynamic coalitions is the availability of a comprehensive set of access control tools. In this paper we discuss the design, implementation, evaluation, and demonstration of such tools. In particular, we have develop...
متن کاملScalable Security Policy Mechanisms
The design principle of restricting local autonomy only where necessary for global robustness has led to a scalable Internet. Unfortunately, this scalability and capacity for distributed control has not been achieved in the mechanisms for specifying and enforcing security policies. The STRONGMAN system described in this paper demonstrates three new approaches to providing efficient local policy...
متن کاملManaging Access Control in Large Scale Heterogeneous Networks
The design principle of maximizing local autonomy except when it conflicts with global robustness has led to a scalable Internet with enormous heterogeneity of both applications and infrastructure. These properties have not been achieved in the mechanisms for specifying and enforcing security policies. The STRONGMAN (for Scalable TRust Of Next Generation MANagement) system [14], [15] offers thr...
متن کاملBANDS: An Inter-domain Internet Security Policy Management System for IPSec/VPN
IPSecNPN is widely deployed for users to remotely access their corporate data. IPSec policies must be correctly set up for VPN to provide anticipated protection. Manual policy setup is unscalable, inefficient and error-prone. Automated policy generation to comply with and enforce high-level security policies is desired but difficult, especially in an inter-domain environment when a VPN traverse...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 1992