Capability-Based Egress Network Access Control for Transferring Access Rights

Suzuki, Shinichi; Shinjo, Yasushi; Hirotsu, Toshio; Itano, Kozo; Kato, K.

doi:10.1109/icita.2005.92

Cited by 8 publications

(6 citation statements)

References 10 publications

(9 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the paper Suzuki et al (2005), we have described a method that uses an operating system kernel to manage capabilities. In this paper, we use a utility program called capability-agent to manage capabilities outside the kernel.…”

Section: Article In Pressmentioning

confidence: 99%

See 2 more Smart Citations

Capability-based egress network access control by using DNS server

Suzuki¹,

Shinjo²,

Hirotsu³

et al. 2007

Journal of Network and Computer Applications

View full text Add to dashboard Cite

In conventional egress network access control (NAC) based on access control lists (ACLs), modifying the ACLs is a heavy task for administrators. To enable configuration without a large amount of administrators' effort, we introduce capabilities to egress NAC. In our method, a user can transfer his/her access rights (capabilities) to other persons without asking administrators. To realize our method, we use a DNS cache server and a router. A resolver of the client sends the user name, domain name, and service name to the DNS cache server. The DNS server issues capabilities according to a policy and sends them to the client. The client puts these capabilities into the IP options of packets and sends them to the router. The router verifies the capabilities, and determines whether to pass or block the packets. In this paper, we describe the design and implementation of our method in detail. Experimental results show that our method does not reduce the router's performance. r

show abstract

Section: Article In Pressmentioning

confidence: 99%

“…To carry capabilities, we have extended the DNS message format and defined a new IP option (Suzuki et al, 2005).…”

Section: Versionmentioning

confidence: 99%

See 1 more Smart Citation

Capability-based egress network access control by using DNS server

Suzuki¹,

Shinjo²,

Hirotsu³

et al. 2007

Journal of Network and Computer Applications

View full text Add to dashboard Cite

show abstract

“…Client agent playing a very important role is at the forefront of the system. If there is no clear definition of its function or the improper design, client agent can not perform its function, and the entire NAC namely only exists [5]. So it is very essential to study the client agent in-depth.…”

Section: Introductionmentioning

confidence: 97%

Design and implementation of client agent in the Network Admission Control

Cao

2010

International Congress on Ultra Modern Telecommunications and Control Systems

View full text Add to dashboard Cite

Network Admission Control (NAC) is one part of Selfdefending Network (SDN) Plan. Because NAC only allows secure network equipment access network, it can improve the security of network. In this paper, the authentication process of NAC was analyzed. The client agent which in the most front of NAC should have the function was studied. The design idea was introduced, functions of all the modules of the client agent was described. At last, the experiment circumstance was built, the experiment was carried out, and the results were all satisfying.

show abstract

“…Network Access Control (NAC) is defined as some control mechanisms which are enforced by network administrators at routers or proxies as to authenticate users and machines to authorize them to access the network [1]. Network access control technology plays an increasingly important role in computer network security, especially against security challenges brought by ubiquitous applications on the heterogeneous networks.…”

Section: Introductionmentioning

confidence: 99%

TNC-compatible NAC System implemented on Network Processor

Husain

Hassanein

2007

32nd IEEE Conference on Local Computer Networks (LCN 2007)

View full text Add to dashboard Cite

In this paper, based on the Trusted Network Connect architecture, we designed a novel TNC-compatible Network Access Control System which ensures that network administrators enforce security policies on endpoint connection and communication with corporate network depending on the endpoint integrity and security status. The platform framework is built on the Intel IXP2400 network processor and a set of network access control mechanisms is implemented. The paper introduces the system design and implementation based on hardware characteristic of the IXP2400 Architecture, presents emulation performance results of the system, and then proposes systemic performance optimizations, especially cryptographic performances, according to IXP2400 shared memory hierarchy and access latency, which averagely boost the throughput more than 25%. The novelty of system design is the utilization of IXP2400 multi-core and multi-thread network processor's software and hardware platform to implement the NAC system framework through secure and reliable communication to ensure endpoint integrity and platform-authentication, which is compatible with Trusted Network Connect.

show abstract

Capability-Based Egress Network Access Control for Transferring Access Rights

Cited by 8 publications

References 10 publications

Capability-based egress network access control by using DNS server

Capability-based egress network access control by using DNS server

Design and implementation of client agent in the Network Admission Control

TNC-compatible NAC System implemented on Network Processor

Contact Info

Product

Resources

About