Towards Policy Enforcement Point as a Service (PEPS)

Arash Shaghaghi, Mohamed Ali Kaafar, Sandra Scott-Hayward, Salil S. Kanhere, Sanjay Jha

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contribution

3 Citations (Scopus)

Abstract

In this paper, we coin the term Policy Enforcement as a Service (PEPS), which enables the provision of innovative inter-layer and inter-domain Access Control. We leverage the architecture of Software-Defined-Network (SDN) to introduce a common network-level enforcement point, which is made available to a range of access control systems. With our PEPS model, it is possible to have a 'defense in depth' protection model and drop unsuccessful access requests before engaging the data provider (e.g. a database system). Moreover, the current implementation of access control within the 'trusted' perimeter of an organization is no longer a restriction so that the potential for novel, distributed and cooperative security services can be realized. We conduct an analysis of the security requirements and technical challenges for implementing Policy Enforcement as a Service. To illustrate the benefits of our proposal in practice, we include a report on our prototype PEPS-enabled location-based access control.

Original languageEnglish
Title of host publicationNFV-SDN 2016
Subtitle of host publication2016 IEEE Conference on Network Function Virtualization and Software Defined Networks
Place of PublicationPiscataway, NJ
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages50-55
Number of pages6
ISBN (Electronic)9781509009336
DOIs
Publication statusPublished - 2016
Externally publishedYes
Event2016 IEEE Conference on Network Function Virtualization and Software Defined Networks, NFV-SDN 2016 - Palo Alto, United States
Duration: 7 Nov 201610 Nov 2016

Conference

Conference2016 IEEE Conference on Network Function Virtualization and Software Defined Networks, NFV-SDN 2016
CountryUnited States
CityPalo Alto
Period7/11/1610/11/16

Fingerprint Dive into the research topics of 'Towards Policy Enforcement Point as a Service (PEPS)'. Together they form a unique fingerprint.

  • Cite this

    Shaghaghi, A., Kaafar, M. A., Scott-Hayward, S., Kanhere, S. S., & Jha, S. (2016). Towards Policy Enforcement Point as a Service (PEPS). In NFV-SDN 2016: 2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (pp. 50-55). Piscataway, NJ: Institute of Electrical and Electronics Engineers (IEEE). https://doi.org/10.1109/NFV-SDN.2016.7919475