CORE

🇺🇦   make metadata, not war

    50,833 research outputs found

    SDN Access Control for the Masses

    Author
    Publication venue
    'Elsevier BV'
    Publication date
    Field of study
    Full text link
    The evolution of Software-Defined Networking (SDN) has so far been predominantly geared towards defining and refining the abstractions on the forwarding and control planes. However, despite a maturing south-bound interface and a range of proposed network operating systems, the network management application layer is yet to be specified and standardized. It has currently poorly defined access control mechanisms that could be exposed to network applications. Available mechanisms allow only rudimentary control and lack procedures to partition resource access across multiple dimensions. We address this by extending the SDN north-bound interface to provide control over shared resources to key stakeholders of network infrastructure: network providers, operators and application developers. We introduce a taxonomy of SDN access models, describe a comprehensive design for SDN access control and implement the proposed solution as an extension of the ONOS network controller intent framework
    arXiv.org e-Print Archive
    Lund University Publications

    Secure Virtualization and Multicore Platforms State-of-the-Art report

    Author
    Publication venue
    Swedish Institute of Computer Science
    Publication date
    Field of study
    Get PDF
    SVaM
    CiteSeerX
    RISE – Research Institutes of Sweden
    Digitala Vetenskapliga Arkivet - Academic Archive On-line
    Swedish Institute of Computer Science Publications Database
    Software institutes' Online Digital Archive

    A Taxonomy for Attack Patterns on Information Flows in Component-Based Operating Systems

    Author
    Publication venue
    Publication date
    Field of study
    Full text link
    We present a taxonomy and an algebra for attack patterns on component-based operating systems. In a multilevel security scenario, where isolation of partitions containing data at different security classifications is the primary security goal and security breaches are mainly defined as undesired disclosure or modification of classified data, strict control of information flows is the ultimate goal. In order to prevent undesired information flows, we provide a classification of information flow types in a component-based operating system and, by this, possible patterns to attack the system. The systematic consideration of informations flows reveals a specific type of operating system covert channel, the covert physical channel, which connects two former isolated partitions by emitting physical signals into the computer's environment and receiving them at another interface.Comment: 9 page
    arXiv.org e-Print Archive
    Fraunhofer-ePrints
    • …
    corecore