講演抄録/キーワード |
講演名 |
2017-11-16 11:05
A Proposal of Dynamic Access Control with SDN for Practical Network Separation ○Satoki Nakamura(NIT)・Hirokazu Hasegawa(Nagoya Univ.)・Yuichiro Tateiwa(NIT)・Hiroki Takakura(NII)・Yonghwan KIM・Yoshiaki Katayama(NIT) IA2017-45 |
抄録 |
(和) |
(まだ登録されていません) |
(英) |
As one of effective countermeasures against recent sophisticated cyber attacks, many researches have paid attention to network separation with access control, e.g., separating an internal network into several sub-networks and applying access control among the sub-networks.
Although our previous method generates access control lists (ACL) by consulting the directory service information and network traffic data, necessary communication which is not obtained from these information may be prohibited.
This paper, therefore, proposes an extended method to generate ACL by using Software Defined Networking (SDN). When prohibited communication is newly observed, it is temporarily allowed and deeply investigated to identify whether malicious or benign. Then, the ACL is dynamically changed according to the result of the investigation. |
キーワード |
(和) |
/ / / / / / / |
(英) |
targeted attacks / network separation / access control / SDN / / / / |
文献情報 |
信学技報, vol. 117, no. 299, IA2017-45, pp. 65-69, 2017年11月. |
資料番号 |
IA2017-45 |
発行日 |
2017-11-08 (IA) |
ISSN |
Print edition: ISSN 0913-5685 Online edition: ISSN 2432-6380 |
著作権に ついて |
技術研究報告に掲載された論文の著作権は電子情報通信学会に帰属します.(許諾番号:10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
PDFダウンロード |
IA2017-45 |
|