BABAC: An Access Control Framework for Network Virtualization Using User Behaviors and Attributes

With the application of network virtualization technique, a collection of autonomous and heterogeneous virtual networks (VNs) could co-exist on an underlying shared physical substrate. In such an environment, end users and network resources are distributed across different VNs in a dynamic fashion. From the service provider´s perspective, efficient access control mechanism needs to be deployed to VNs to guarantee global resource utilization efficiency whilst meet certain operational requirements, e.g. security, service level agreements (SLAs). As a response, this paper presents a scalable and flexible network access control framework within individual or across multiple VN domains: BABAC (Behaviors and Attributes Based Access Control). It is based on user behaviors and attributes where the access decisions are made through two phases: the preaccess control based on three categorized user attributes and the post-access control maintaining the knowledge of network resources utilizations based on three categories of user behaviors. This paper highlights the strength of the proposed approach to be applied in network virtualization environment (NVE) which exhibits a collection of unique characteristics, e.g. VN autonomy, user mobility and multi-homing. Through a comprehensive comparison with the state-of-the-art approaches, the evaluation outcome demonstrates its effectiveness for access control in NVE.