Policy Enforcement in Stub Autonomous Domains

نویسنده

  • Gene Tsudik
چکیده

Interconnection across administrative boundaries prompts the need for comprehensive policy enforcement (i.e., access control) with respect to inter-domain packet traac. Due to the nature of the communication services they provide, stub and transit domains require diierent mechanisms for policing inter-domain traac. This paper addresses the design of a policy enforcement mechanism geared speciically towards stub domains. With the aid of some basic concepts borrowed from Visa protocoll5], a much more powerful mechanism is developed and analyzed. Protocol implementation and experimental results are discussed.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Beyond interdomain reachability

The Border Gateway Protocol (BGP) was designed as a successor to the Exterior Gateway Protocol. BGP started as a subset of the IDRP protocol [ISO93] being developed by ISO. During the last ten years, BGP has evolved in an incremental and backward compatible manner. In the early nineties, the main objective of BGP was to make possible the distribution of routes constrained by routeing policies, ...

متن کامل

Administering Access Control in Dynamic Coalitions

Dynamic coalitions enable autonomous domains to achieve common objectives by sharing resources based on negotiated resource-sharing agreements. A major requirement for administering dynamic coalitions is the availability of a comprehensive set of access control tools. In this paper we discuss the design, implementation, evaluation, and demonstration of such tools. In particular, we have develop...

متن کامل

Scalable Security Policy Mechanisms

The design principle of restricting local autonomy only where necessary for global robustness has led to a scalable Internet. Unfortunately, this scalability and capacity for distributed control has not been achieved in the mechanisms for specifying and enforcing security policies. The STRONGMAN system described in this paper demonstrates three new approaches to providing efficient local policy...

متن کامل

Managing Access Control in Large Scale Heterogeneous Networks

The design principle of maximizing local autonomy except when it conflicts with global robustness has led to a scalable Internet with enormous heterogeneity of both applications and infrastructure. These properties have not been achieved in the mechanisms for specifying and enforcing security policies. The STRONGMAN (for Scalable TRust Of Next Generation MANagement) system [14], [15] offers thr...

متن کامل

BANDS: An Inter-domain Internet Security Policy Management System for IPSec/VPN

IPSecNPN is widely deployed for users to remotely access their corporate data. IPSec policies must be correctly set up for VPN to provide anticipated protection. Manual policy setup is unscalable, inefficient and error-prone. Automated policy generation to comply with and enforce high-level security policies is desired but difficult, especially in an inter-domain environment when a VPN traverse...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 1992