Abstract
This paper presents the Policy Framework of DynFire,
a novel approach for attribute-based, dynamic control
of network firewalls. DynFire allows an individually
controlled, secure access to IT resources of a large
organization, with particular focus on mobile users and
users with restricted rights, such as subcontractors.
The basic assumption behind DynFire is that, within a
secured network domain separated from the Internet, a
temporary binding between an IP address and a single user
ID can be established. Users with different attributes can
authenticate to the network and get individual access to
network resources. To administrate such a large amount of
users and different access rights within a secured network
domain of an organization, which includes distributed
organisational zones, a policy framework is needed. The
following paper presents a policy framework for dynamic
and distributed firewalls which is able to grant access
control on a per-user basis, with multitenancy capabilities
and administrative delegation.
Users
Please
log in to take part in the discussion (add own reviews or comments).