Ecole d'ingénieur et centre de recherche en Sciences du numérique

Application access control at network level

Molva, Refik;Rütsche, Erich

CCS 1994, 2nd ACM Conference on Computer and Communications Security, November 2-4, 1994, Fairfax, USA

This paper describes an access control mechanism that enforces at the network level an access control decision that is taken at the application level. The mechanism is based on the pre-computation of encrypted counters called tickets. An access enforcement device verifies the existence of a valid ticket in each packet that is subject to access control and kills unauthorized packets. Tickets are not computed as a function of the user data. Due to the timing constraints of shared media LANs the presence of a valid ticket in a packet proves that the operation implied by the user data has been authorized. The access control mechanism is elaborated for Internet protocols over Ethernet and we discuss its properties for internetworking and multicasting.

Document Doi Bibtex

Titre:Application access control at network level
Type:Conférence
Langue:English
Ville:Fairfax
Pays:ÉTATS-UNIS
Date:
Département:Sécurité numérique
Eurecom ref:383
Copyright: © ACM, 1994. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in CCS 1994, 2nd ACM Conference on Computer and Communications Security, November 2-4, 1994, Fairfax, USA http://dx.doi.org/10.1145/191177.191234
Bibtex: @inproceedings{EURECOM+383, doi = {http://dx.doi.org/10.1145/191177.191234}, year = {1994}, title = {{A}pplication access control at network level}, author = {{M}olva, {R}efik and {R}{\"u}tsche, {E}rich}, booktitle = {{CCS} 1994, 2nd {ACM} {C}onference on {C}omputer and {C}ommunications {S}ecurity, {N}ovember 2-4, 1994, {F}airfax, {USA}}, address = {{F}airfax, {\'{E}}{TATS}-{UNIS}}, month = {11}, url = {http://www.eurecom.fr/publication/383} }
Voir aussi: