Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
SIGCOMM
2009
ACM
2009
ACM
Delegating network security with more information
Network security is gravitating towards more centralized control. Strong centralization places a heavy burden on the administrator who has to manage complex security policies and be able to adapt to users’ requests. To be able to cope, the administrator needs to delegate some control back to end-hosts and users, a capability that is missing in today’s networks. Delegation makes administrators less of a bottleneck when policy needs to be modified and allows network administration to follow organizational lines. To enable delegation, we propose ident++—a simple protocol to request additional information from end-hosts and networks on the path of a flow. ident++ allows users and end-hosts to participate in network security enforcement by providing information that the administrator might not have or rules to be enforced on their behalf. In this paper we describe ident++ and how it provides delegation and enables flexible and powerful policies. Categories and Subject Descriptors ...
Real-time TrafficCommunications | Complex Security Policies | Delegation Makes Administrators | Network Security | SIGCOMM 2009 |
Related Content
| Added | 28 May 2010 |
| Updated | 28 May 2010 |
| Type | Conference |
| Year | 2009 |
| Where | SIGCOMM |
| Authors | Jad Naous, Ryan Stutsman, David Mazières, Nick McKeown, Nickolai Zeldovich |
Comments (0)
Researcher Info
|
