Home

About

Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network
FAQHELPSITE MAPCONTACT US


  Advanced Search  

 
STANFORD HPN TECHNICAL REPORT TR05-HPNG-101700 SANE: A Protection Architecture for Enterprise Networks
 

Summary: STANFORD HPN TECHNICAL REPORT TR05-HPNG-101700
SANE: A Protection Architecture for Enterprise Networks
Martin Casado, Tal Garfinkel, Aditya Akella
Dan Boneh, Nick McKeown, Scott Shenker
{casado,talg,dabo,nickm}@stanford.edu
aditya@cs.cmu.edu, shenker@icsi.berkeley.edu
Abstract
Connectivity in today's enterprise networks is regulated
by a combination of complex routing and bridging poli-
cies, along with various interdiction mechanisms such as
ACLs, packet filters, and other middleboxes that attempt
to retrofit access control onto an otherwise permissive
Internet architecture. This leads to enterprise networks
that are inflexible, fragile and difficult to manage.
We offer SANE, a protection architecture for enter-
prise networks that overcomes these limitations. By de-
fault, hosts can only contact a logically centralized ref-
erence monitor that hands out capabilities (encrypted
source routes) for services, according to declarative ac-
cess control policies (e.g. Alice can access http-proxy).

  

Source: Akella, Aditya - Department of Computer Sciences, University of Wisconsin at Madison

 

Collections: Computer Technologies and Information Sciences