Litcius/Paper detail

Removing the Reliance on Perimeters for Security using Network Views

Iffat Anjum, Daniel Kostecki, Ethan Leba, Jessica Sokal, Rajit Bharambe, William Enck, Cristina Nita-Rotaru, Bradley Reaves

202218 citationsDOI

Abstract

Traditional enterprise security relies on network perimeters to define and enforce network security policies. Emerging application-focused Zero Trust architectures attempt to address this long-standing challenge by moving business applications to the cloud and performing enhanced identity and access control checks within a web gateway. However, these solutions ignore the security needs of workstations, development servers, and device management interfaces. In this work, we propose Network Views (abbrev. NetViews) for least-privilege network access control where each host has a different, limited view of the other hosts and services within a network. We present an SDN-based design and demonstrate that our implementation has network latency and throughput comparable to baseline reactive forwarding. We further provide an optimization for multi-connection flows that significantly reduces both redundant access control checks and forwarding state storage in switches. As such, NetViews provides a practical primitive for removing the reliance on security perimeters within enterprise networks.

Topics & Concepts

Computer scienceComputer networkNetwork Access ControlNetwork securityAccess controlComputer securityServerOpenFlowCloud computingCloud computing securitySoftware-defined networkingOperating systemSoftware-Defined Networks and 5GNetwork Security and Intrusion DetectionInternet Traffic Analysis and Secure E-voting
Removing the Reliance on Perimeters for Security using Network Views | Litcius