Enforcing mobile security with location-aware role-based access control

Ulltveit-Moe, Nils; Oleshchuk, Vladimir

doi:10.1002/sec.879

Cited by 7 publications

(1 citation statement)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One promising approach to BYOD security is to use context-aware policies, which enforce access control based on devices' runtime context [62]. For instance, a policy may deny access from devices whose TLS libraries have not been updated [105], or grant access to devices that are physically located in the enterprise boundary [95], or only allow the use of a sensitive service only if administrators are online [59,94]. In each of these scenarios, we desire to make security decisions based on additional "threat signals", such as the device location, library version, or even the status of other devices in the network.…”

Section: Introductionmentioning

confidence: 99%

Programmable In-Network Security for Context-aware BYOD Policies

Qiao¹,

Li²,

Morrison³

et al. 2019

Preprint

View full text Add to dashboard Cite

Bring Your Own Device (BYOD) has become the new norm in enterprise networks, but BYOD security remains a top concern. Context-aware security, which enforces access control based on dynamic runtime context, holds much promise. Recent work has developed SDN solutions to collect device context for network-wide access control in a central controller. However, the central controller poses a bottleneck that can become an attack target, and processing context changes at remote software has low agility.We present a new paradigm, programmable in-network security (Poise), which is enabled by the emergence of programmable switches. At the heart of Poise is a novel switch primitive, which can be programmed to support a wide range of context-aware policies in hardware. Users of Poise specify concise policies, and Poise compiles them into different instantiations of the security primitive in P4. Compared to centralized SDN defenses, Poise is resilient to control plane saturation attacks, and it dramatically increases defense agility.

show abstract