Title :
A model for checking consistency in access control policies for network management
Author :
Cridlig, Vincent ; State, Radu ; Festor, Olivier
Author_Institution :
LORIA - INRIA Lorraine 615, Villers-les-Nancy
fDate :
May 21 2007-Yearly 25 2007
Abstract :
This paper addresses the consistency of heterogeneous device access control in the network management area. It addresses well-know network management frameworks like SNMP (v3), CLI, Netconf and the lesser known TR-069 proposed in the framework of ADSL operators. For each of these, a formal definition of the access control model is proposed as well as the conversion towards a unified Role-Based Access Control model. Next, we show how to compare roles and permissions between the generated access control policies and to answer to questions like: which policy is more permissive, what are the common privileges between a set of roles?
Keywords :
authorisation; digital subscriber lines; formal specification; protocols; telecommunication network management; telecommunication security; ADSL operators; CLI; Netconf; SNMP; TR-069; access control policies; consistency checking; network management; role-based access control model; simple network management protocol; Access control; Authentication; Convergence; Data models; Information security; Network servers; Network topology; Permission; Protocols; Utility programs;
Conference_Titel :
Integrated Network Management, 2007. IM '07. 10th IFIP/IEEE International Symposium on
Conference_Location :
Munich
Print_ISBN :
1-4244-0798-2
Electronic_ISBN :
1-4244-0799-0
DOI :
10.1109/INM.2007.374765
