An ABAC-based Policy Framework for Dynamic Firewalling
S. Berger, A. Vensmer, und S. Kiesel. Proceedings of the The Seventh International Conference on Systems and Networks Communications (ICSNC 2012), Seite 118--123. Lisbon, Portugal, (November 2012)
Zusammenfassung
This paper presents the Policy Framework of DynFire,
a novel approach for attribute-based, dynamic control
of network firewalls. DynFire allows an individually
controlled, secure access to IT resources of a large
organization, with particular focus on mobile users and
users with restricted rights, such as subcontractors.
The basic assumption behind DynFire is that, within a
secured network domain separated from the Internet, a
temporary binding between an IP address and a single user
ID can be established. Users with different attributes can
authenticate to the network and get individual access to
network resources. To administrate such a large amount of
users and different access rights within a secured network
domain of an organization, which includes distributed
organisational zones, a policy framework is needed. The
following paper presents a policy framework for dynamic
and distributed firewalls which is able to grant access
control on a per-user basis, with multitenancy capabilities
and administrative delegation.
%0 Conference Paper
%1 ki-2012-0090
%A Berger, Sören
%A Vensmer, Alexander
%A Kiesel, Sebastian
%B Proceedings of the The Seventh International Conference on Systems and Networks Communications (ICSNC 2012)
%C Lisbon, Portugal
%D 2012
%K imported myown tikauthor:kiesel
%P 118--123
%T An ABAC-based Policy Framework for Dynamic Firewalling
%U http://www.thinkmind.org/index.php?view=article&articleid=icsnc_2012_5_40_20202
%X This paper presents the Policy Framework of DynFire,
a novel approach for attribute-based, dynamic control
of network firewalls. DynFire allows an individually
controlled, secure access to IT resources of a large
organization, with particular focus on mobile users and
users with restricted rights, such as subcontractors.
The basic assumption behind DynFire is that, within a
secured network domain separated from the Internet, a
temporary binding between an IP address and a single user
ID can be established. Users with different attributes can
authenticate to the network and get individual access to
network resources. To administrate such a large amount of
users and different access rights within a secured network
domain of an organization, which includes distributed
organisational zones, a policy framework is needed. The
following paper presents a policy framework for dynamic
and distributed firewalls which is able to grant access
control on a per-user basis, with multitenancy capabilities
and administrative delegation.
%@ 978-1-61208-231-8
@inproceedings{ki-2012-0090,
abstract = {This paper presents the Policy Framework of DynFire,
a novel approach for attribute-based, dynamic control
of network firewalls. DynFire allows an individually
controlled, secure access to IT resources of a large
organization, with particular focus on mobile users and
users with restricted rights, such as subcontractors.
The basic assumption behind DynFire is that, within a
secured network domain separated from the Internet, a
temporary binding between an IP address and a single user
ID can be established. Users with different attributes can
authenticate to the network and get individual access to
network resources. To administrate such a large amount of
users and different access rights within a secured network
domain of an organization, which includes distributed
organisational zones, a policy framework is needed. The
following paper presents a policy framework for dynamic
and distributed firewalls which is able to grant access
control on a per-user basis, with multitenancy capabilities
and administrative delegation.},
added-at = {2023-11-17T18:29:11.000+0100},
address = {Lisbon, Portugal},
author = {Berger, S\"{o}ren and Vensmer, Alexander and Kiesel, Sebastian},
biburl = {https://puma.ub.uni-stuttgart.de/bibtex/2d1cfe789135a6cab776319f6e262e948/skiesel},
booktitle = {Proceedings of the The Seventh International Conference on Systems and Networks Communications (ICSNC 2012)},
interhash = {533b8240750d363753f4743fb06abbef},
intrahash = {d1cfe789135a6cab776319f6e262e948},
isbn = {978-1-61208-231-8},
keywords = {imported myown tikauthor:kiesel},
month = nov,
pages = {118--123},
pdf = {http://www.thinkmind.org/download.php?articleid=icsnc_2012_5_40_20202},
timestamp = {2023-11-20T16:35:54.000+0100},
title = {{An ABAC-based Policy Framework for Dynamic Firewalling}},
url = {http://www.thinkmind.org/index.php?view=article&articleid=icsnc_2012_5_40_20202},
year = 2012
}