Abstract
The Internet has evolved into an interconnection of networks on an organizational basis from the early stages where the interconnection was primarily on a network basis. The original protocol architecture, which essentially sought ubiquitous connectivity, has little scope for incorporating access control, a feature for which the demand increases with connectivity. In this work, we have taken up this issue. We have examined- how one can provide a transparent network, while preserving security of organizations by implementing and maintaining strict access control using firewalls.
We propose a “User Access Domain (UAD)” to provide user-level grouping, and a „Access Domain Control Layer (ADCL)” to support the user level domain over the organizational networks with firewalls. While the User Access Domain provides the framework for virtual private networks the Access Domain Control Layer provides firewall-transparent TCP/UDP connectivity in what appears to be a seamless logical network spanning the User Access Domain.
Moreover, the access-control policy can be formulated in more relevant terms like user identity, user role, source-destination, service etc. A proof-of-concept prototype is presently operational. The access-control framework is managed and maintained using the SNMP protocol. Appropriate MIBs have been defined and are in the process of being implemented.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
References
W.R. Cheswick, S.M. Bellovin: Firewalls and Internet Security, P.306, Addison-Wesley Publishing (1994)
Marcus J. Ranum: Thinking about Firewalls, Proceedings of the Second World Conference on Systems and Network Security and Management (1993.4)
M. Leech, M. Ganis, Y. Lee, R. Kuris, D. Koblas, L. Jones: SOCKS Protocol Version 5, p.9, RFC1928 (1996.3)
Deborah Lynn Estrin: Access to Inter-Organization Computer Networks, MIT (1985)
J. Postel: Internet Protocol, p.45, RFC791 (1981.9)
C. Partridge: Mail routing and the domain system, p.7, RFC974 (1986.1)
Information technology — Open systems interconnection — The directory: Authentication framework, ITU-T X.509 (1993/11)
DS J. Case, K. McCloghrie, M. Rose, S. Waldbusser: Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2), p.24, RFC1448 (1996.1)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1997 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Terada, M., Murayama, Y., Mansfield, G. (1997). Access control for inter-organizational computer network environment. In: Masuda, T., Masunaga, Y., Tsukamoto, M. (eds) Worldwide Computing and Its Applications. WWCA 1997. Lecture Notes in Computer Science, vol 1274. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-63343-X_62
Download citation
DOI: https://doi.org/10.1007/3-540-63343-X_62
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-63343-3
Online ISBN: 978-3-540-69430-4
eBook Packages: Springer Book Archive