DocumentCode :
2671847
Title :
BABAC: An Access Control Framework for Network Virtualization Using User Behaviors and Attributes
Author :
Che, Yanzhe ; Yang, Qiang ; Wu, Chunming ; Ma, Lianhang
Author_Institution :
Coll. of Comput. Sci. & Technol., Zhejiang Univ., Hangzhou, China
fYear :
2010
fDate :
18-20 Dec. 2010
Firstpage :
747
Lastpage :
754
Abstract :
With the application of network virtualization technique, a collection of autonomous and heterogeneous virtual networks (VNs) could co-exist on an underlying shared physical substrate. In such an environment, end users and network resources are distributed across different VNs in a dynamic fashion. From the service provider´s perspective, efficient access control mechanism needs to be deployed to VNs to guarantee global resource utilization efficiency whilst meet certain operational requirements, e.g. security, service level agreements (SLAs). As a response, this paper presents a scalable and flexible network access control framework within individual or across multiple VN domains: BABAC (Behaviors and Attributes Based Access Control). It is based on user behaviors and attributes where the access decisions are made through two phases: the preaccess control based on three categorized user attributes and the post-access control maintaining the knowledge of network resources utilizations based on three categories of user behaviors. This paper highlights the strength of the proposed approach to be applied in network virtualization environment (NVE) which exhibits a collection of unique characteristics, e.g. VN autonomy, user mobility and multi-homing. Through a comprehensive comparison with the state-of-the-art approaches, the evaluation outcome demonstrates its effectiveness for access control in NVE.
Keywords :
authorisation; virtual private networks; virtualisation; BABAC; access control framework; access control mechanism; behaviors and attributes based access control; network virtualization; network virtualization environment; virtual networks; Access control; Law; Monitoring; Permission; Resource management; Semantics; Network virtualization environment; access control; network resources;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Green Computing and Communications (GreenCom), 2010 IEEE/ACM Int'l Conference on & Int'l Conference on Cyber, Physical and Social Computing (CPSCom)
Conference_Location :
Hangzhou
Print_ISBN :
978-1-4244-9779-9
Electronic_ISBN :
978-0-7695-4331-4
Type :
conf
DOI :
10.1109/GreenCom-CPSCom.2010.60
Filename :
5724912
Link To Document :
بازگشت