A Framework for Enforcing User-Based Authorization Policies on Packet Filter Firewalls

Abstract : Packet filter firewalls are fundamental elements to prevent unauthorized traffic to reach protected networks or hosts. However, they have to take decisions about packets based on their contents, and currently packets do not contain any information about the entity responsible for its generation. In this paper we propose a framework that tackle this problem. The framework adds extra information to packets, which enables a firewall to authenticate its origin and to get an identity attribute for discriminating the entity responsible for the packet, upon which an access control policy can be implemented. This framework uses trusted third party services for authenticating people and providing related identity attributes for firewalls. For a proof of concept we implemented a prototype in Linux machines using iptables and personal identity smartcards.
Type de document :
Communication dans un congrès
Bart Decker; David W. Chadwick. 13th International Conference on Communications and Multimedia Security (CMS), Sep 2012, Canterbury, United Kingdom. Springer, Lecture Notes in Computer Science, LNCS-7394, pp.204-206, 2012, Communications and Multimedia Security. 〈10.1007/978-3-642-32805-3_20〉
Liste complète des métadonnées

Littérature citée [2 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01540897
Contributeur : Hal Ifip <>
Soumis le : vendredi 16 juin 2017 - 16:47:06
Dernière modification le : vendredi 16 juin 2017 - 16:48:57
Document(s) archivé(s) le : mercredi 10 janvier 2018 - 13:16:26

Fichier

978-3-642-32805-3_20_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

André Zúquete, Pedro Correia, Miguel Rocha. A Framework for Enforcing User-Based Authorization Policies on Packet Filter Firewalls. Bart Decker; David W. Chadwick. 13th International Conference on Communications and Multimedia Security (CMS), Sep 2012, Canterbury, United Kingdom. Springer, Lecture Notes in Computer Science, LNCS-7394, pp.204-206, 2012, Communications and Multimedia Security. 〈10.1007/978-3-642-32805-3_20〉. 〈hal-01540897〉

Partager

Métriques

Consultations de la notice

39

Téléchargements de fichiers

14