Enforcing multilevel security policies in database-defined networks using row-level security

Ali Hasan Alhaj, Benjamin Aziz

Research output: Chapter in Book/Report/Conference proceedingConference contribution

166 Downloads (Pure)


Despite the wide of range of research and technologies that deal with the problem of routing in computer networks, there remains a gap between the level of network hardware administration and the level of business requirements and constraints. Not much has been accomplished in literature in order to have a direct enforcement of such requirements on the network. This paper presents a new solution in specifying and directly enforcing security policies to control the routing configuration in a software-defined network by using Row-Level Security checks which enable fine-grained security policies on individual rows in database tables. We show, as a first step, how a specific class of such policies, namely multilevel security policies, can be enforced on a database-defined network, which presents an abstraction of a network’s configuration as a set of database tables. We show that such policies can be used to control the flow of data in the network either in an upward or downward manner.
Original languageEnglish
Title of host publicationProceedings of the 2019 International Conference on Networked Systems (NetSys)
Subtitle of host publicationSDNFlex 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
Number of pages6
ISBN (Electronic)978-1-7281-0568-0
ISBN (Print)978-1-7281-0569-7
Publication statusPublished - 3 Oct 2019
Event2019 International Conference on Networked Systems (NetSys): SDNFlex 2019 - München, Germany
Duration: 18 Mar 201921 Mar 2019


Conference2019 International Conference on Networked Systems (NetSys)
Internet address


  • Information Flow Control
  • Multilevel Security
  • Database-Defined Networking
  • Software-Defined Networking
  • Row-Level Security
  • Security Policies


Dive into the research topics of 'Enforcing multilevel security policies in database-defined networks using row-level security'. Together they form a unique fingerprint.

Cite this