| Presentation | 2017-11-16 A Proposal of Dynamic Access Control with SDN for Practical Network Separation Satoki Nakamura, Hirokazu Hasegawa, Yuichiro Tateiwa, Hiroki Takakura, Yonghwan KIM, Yoshiaki Katayama, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | As one of effective countermeasures against recent sophisticated cyber attacks, many researches have paid attention to network separation with access control, e.g., separating an internal network into several sub-networks and applying access control among the sub-networks. Although our previous method generates access control lists (ACL) by consulting the directory service information and network traffic data, necessary communication which is not obtained from these information may be prohibited. This paper, therefore, proposes an extended method to generate ACL by using Software Defined Networking (SDN). When prohibited communication is newly observed, it is temporarily allowed and deeply investigated to identify whether malicious or benign. Then, the ACL is dynamically changed according to the result of the investigation. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | targeted attacksnetwork separationaccess controlSDN |
| Paper # | IA2017-45 |
| Date of Issue | 2017-11-08 (IA) |
| Conference Information | |
| Committee | IA |
|---|---|
| Conference Date | 2017/11/15(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | KMITL, Bangkok, Thailand |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | IA2017 - Workshop on Internet Architecture and Applications 2017 |
| Chair | Katsuyoshi Iida(Hokkaido Univ.) |
| Vice Chair | Rei Atarashi(IIJ) / Hiroyuki Osaki(Kwansei Gakuin Univ.) / Tomoki Yoshihisa(Osaka Univ.) |
| Secretary | Rei Atarashi(Tokyo Metropolitan Univ.) / Hiroyuki Osaki(TOYOTA-IT) / Tomoki Yoshihisa |
| Assistant | Kenji Ohira(Tokushima Univ.) / Ryohei Banno(NTT) / Toshiki Watanabe(NEC) |
| Paper Information | |
| Registration To | Technical Committee on Internet Architecture |
|---|---|
| Language | ENG |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | A Proposal of Dynamic Access Control with SDN for Practical Network Separation |
| Sub Title (in English) | |
| Keyword(1) | targeted attacksnetwork separationaccess controlSDN |
| 1st Author's Name | Satoki Nakamura |
| 1st Author's Affiliation | Nagoya Institute of Technology(NIT) |
| 2nd Author's Name | Hirokazu Hasegawa |
| 2nd Author's Affiliation | Nagoya University(Nagoya Univ.) |
| 3rd Author's Name | Yuichiro Tateiwa |
| 3rd Author's Affiliation | Nagoya Institute of Technology(NIT) |
| 4th Author's Name | Hiroki Takakura |
| 4th Author's Affiliation | National Institute of Informatics(NII) |
| 5th Author's Name | Yonghwan KIM |
| 5th Author's Affiliation | Nagoya Institute of Technology(NIT) |
| 6th Author's Name | Yoshiaki Katayama |
| 6th Author's Affiliation | Nagoya Institute of Technology(NIT) |
| Date | 2017-11-16 |
| Paper # | IA2017-45 |
| Volume (vol) | vol.117 |
| Number (no) | IA-299 |
| Page | pp.pp.65-69(IA), |
| #Pages | 5 |
| Date of Issue | 2017-11-08 (IA) |