Publication View

Abstract SANE: A Protection Architecture for Enterprise Networks (2008)

Abstract

Connectivity in today’s enterprise networks is regulated by a combination of complex routing and bridging policies, along with various interdiction mechanisms such as ACLs, packet filters, and other middleboxes that attempt to retrofit access control onto an otherwise permissive network architecture. This leads to enterprise networks that are inflexible, fragile, and difficult to manage. To address these limitations, we offer SANE, a protection architecture for enterprise networks. SANE defines a single protection layer that governs all connectivity within the enterprise. All routing and access control decisions are made by a logically-centralized server that grants access to services by handing out capabilities (encrypted source routes) according to declarative access control policies (e.g., “Alice can access

Publication details

Download	http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.62.6378
Source	http://www.stanford.edu/~talg/papers/SANE/sane-usenix06.pdf
Contributors	CiteSeerX
Repository	CiteSeerX - Scientific Literature Digital Library and Search Engine (United States)
Type	text
Language	English
Relation	10.1.1.71.5072, 10.1.1.17.1073, 10.1.1.84.6725, 10.1.1.119.2679, 10.1.1.2.7909, 10.1.1.130.833, 10.1.1.42.7881, 10.1.1.36.6795, 10.1.1.1.7646, 10.1.1.100.4046, 10.1.1.65.3435, 10.1.1.6.3184, 10.1.1.76.4374, 10.1.1.118.3532, 10.1.1.61.335, 10.1.1.61.1584, 10.1.1.48.1933, 10.1.1.60.2527, 10.1.1.10.280, 10.1.1.91.2472, 10.1.1.126.8003, 10.1.1.73.8506, 10.1.1.9.3734