MIT Libraries logoDSpace@MIT

MIT
View Item 
  • DSpace@MIT Home
  • MIT Open Access Articles
  • MIT Open Access Articles
  • View Item
  • DSpace@MIT Home
  • MIT Open Access Articles
  • MIT Open Access Articles
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.

Delegating Network Security with More Information

Author(s)
Naous, Jad; Stutsman, Ryan; Mazieres, David; McKeown, Nick; Zeldovich, Nickolai
Thumbnail
DownloadZeldovich_Delegating network.pdf (180.3Kb)
OPEN_ACCESS_POLICY

Open Access Policy

Creative Commons Attribution-Noncommercial-Share Alike

Terms of use
Creative Commons Attribution-Noncommercial-Share Alike 3.0 http://creativecommons.org/licenses/by-nc-sa/3.0/
Metadata
Show full item record
Abstract
Network security is gravitating towards more centralized control. Strong centralization places a heavy burden on the administrator who has to manage complex security policies and be able to adapt to users' requests. To be able to cope, the administrator needs to delegate some control back to end-hosts and users, a capability that is missing in today's networks. Delegation makes administrators less of a bottleneck when policy needs to be modified and allows network administration to follow organizational lines. To enable delegation, we propose ident++ - a simple protocol to request additional information from end-hosts and networks on the path of a flow. ident++ allows users and end-hosts to participate in network security enforcement by providing information that the administrator might not have or rules to be enforced on their behalf. In this paper we describe ident++ and how it provides delegation and enables flexible and powerful policies.
Date issued
2009-08
URI
http://hdl.handle.net/1721.1/67004
Department
Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory; Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science
Journal
Proceedings of the 1st ACM Workshop on Research on Enterprise Networking, WREN '09
Publisher
Association for Computing Machinery
Citation
Naous, Jad et al. “Delegating network security with more information.” in WREN '09, Proceedings of the 1st ACM workshop on Research on enterprise networking, August 21, 2009, Barcelona, Spain, ACM Press.
Version: Author's final manuscript
ISBN
9781605584430

Collections
  • MIT Open Access Articles

Browse

All of DSpaceCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects

My Account

Login

Statistics

OA StatisticsStatistics by CountryStatistics by Department
MIT Libraries
PrivacyPermissionsAccessibilityContact us
MIT
Content created by the MIT Libraries, CC BY-NC unless otherwise noted. Notify us about copyright concerns.