Capability-based egress network access control by using DNS server

スポンサーリンク

概要

• 論文の詳細を見る

• In conventional egress network access control (NAC) based on access control lists (ACLs),modifying the ACLs is a heavy task for administrators. To enable configuration without a largeamount of administrators’ effort, we introduce capabilities to egress NAC. In our method, a user cantransfer his/her access rights (capabilities) to other persons without asking administrators. To realizeour method, we use a DNS cache server and a router. A resolver of the client sends the user name,domain name, and service name to the DNS cache server. The DNS server issues capabilitiesaccording to a policy and sends them to the client. The client puts these capabilities into the IP optionsof packets and sends them to the router. The router verifies the capabilities, and determines whether topass or block the packets. In this paper, we describe the design and implementation of our method indetail. Experimental results show that our method does not reduce the router’s performance.

• Elsevier Ltd.の論文

著者

• Shinjo Yasushi

  Dep. Of Computer Sci. Univ. Of Tsukuba Tsukuba Ibaraki 305-8573 Jpn

関連論文

• Capability-based egress network access control by using DNS server
• Achieving efficiency and portability in systems software: a case study on POSIX-compliant multithreaded programs

スポンサーリンク