Skip to content

Enforcing multilevel security policies in database-defined networks using row-level security

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Despite the wide of range of research and technologies that deal with the problem of routing in computer networks, there remains a gap between the level of network hardware administration and the level of business requirements and constraints. Not much has been accomplished in literature in order to have a direct enforcement of such requirements on the network. This paper presents a new solution in specifying and directly enforcing security policies to control the routing configuration in a software-defined network by using Row-Level Security checks which enable fine-grained security policies on individual rows in database tables. We show, as a first step, how a specific class of such policies, namely multilevel security policies, can be enforced on a database-defined network, which presents an abstraction of a network’s configuration as a set of database tables. We show that such policies can be used to control the flow of data in the network either in an upward or downward manner.
Original languageEnglish
Title of host publicationProceedings of the 2019 International Conference on Networked Systems (NetSys)
Subtitle of host publicationSDNFlex 2019
PublisherInstitute of Electrical and Electronics Engineers
Number of pages6
ISBN (Electronic)978-1-7281-0568-0
ISBN (Print)978-1-7281-0569-7
DOIs
Publication statusPublished - 3 Oct 2019
Event2019 International Conference on Networked Systems (NetSys): SDNFlex 2019 - München, Germany
Duration: 18 Mar 201921 Mar 2019
http://www.netsys2019.org/

Conference

Conference2019 International Conference on Networked Systems (NetSys)
CountryGermany
CityMünchen
Period18/03/1921/03/19
Internet address

Documents

  • Enforcing multilevel security policies

    Rights statement: © 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

    Accepted author manuscript (Post-print), 370 KB, PDF document

Related information

Relations Get citation (various referencing formats)

ID: 13057851