Removing the Reliance on Perimeters for Security using Network Views
ACM Symposium on Access Control Models and Technologies (SACMAT)(2022)
摘要
Traditional enterprise security relies on network perimeters to define and enforce network security policies. Emerging application-focused Zero Trust architectures attempt to address this long-standing challenge by moving business applications to the cloud and performing enhanced identity and access control checks within a web gateway. However, these solutions ignore the security needs of workstations, development servers, and device management interfaces. In this work, we propose Network Views (abbrev. NetViews) for least-privilege network access control where each host has a different, limited view of the other hosts and services within a network. We present an SDN-based design and demonstrate that our implementation has network latency and throughput comparable to baseline reactive forwarding. We further provide an optimization for multi-connection flows that significantly reduces both redundant access control checks and forwarding state storage in switches. As such, NetViews provides a practical primitive for removing the reliance on security perimeters within enterprise networks.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要