This paper describes an access control mechanism that enforces at the network level an access control decision that is taken at the application level. The mechanism is based on the pre-computation of encrypted counters called tickets. An access enforcement device verifies the existence of a valid ticket in each packet that is subject to access control and kills unauthorized packets. Tickets are not computed as a function of the user data. Due to the timing constraints of shared media LANs the presence of a valid ticket in a packet proves that the operation implied by the user data has been authorized. The access control mechanism is elaborated for Internet protocols over Ethernet and we discuss its properties for internetworking and multicasting.
Application access control at network level
CCS 1994, 2nd ACM Conference on Computer and Communications Security, November 2-4, 1994, Fairfax, USA
Type:
Conference
City:
Fairfax
Date:
1994-11-02
Department:
Digital Security
Eurecom Ref:
383
Copyright:
© ACM, 1994. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in CCS 1994, 2nd ACM Conference on Computer and Communications Security, November 2-4, 1994, Fairfax, USA http://dx.doi.org/10.1145/191177.191234
See also:
PERMALINK : https://www.eurecom.fr/publication/383
