Skip to main content
SpringerLink
Log in

Decentralized Access Control Management for Network Configuration

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

Configuration management is of great importance for network operators and service providers today. Sharing of resources between business parties with conflicting interests is a reality and raises many issues with respect to configuration management. One issue is access control to configuration data. A network operator or service provider needs appropriate tools, not only to control its networked resources, but also to specify how this control should be exercised. We propose an access control model for the IETF NETCONF network configuration protocol, based on the OASIS XACML access control standard, which allows a flexible and fine-grained control for NETCONF commands. Our approach does not require any additions to the NETCONF protocol and is independent of the configuration’s data-model. Furthermore our approach can easily be extended to cover new NETCONF functionality.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Godik, S., Moses, T. (eds.): eXtensible Access Control Markup Language (XACML). Standard, Organization for the Advancement of Structured Information Standards (OASIS). http://www.oasis-open.org/committees/xacml (2003)

  2. Anderson, A.: Xacml References and Products, Version 1.83. http://docs.oasis-open.org/xacml/xacmlRefs.html (2007)

  3. Rissanen, E., Lockhart, H., Moses, T. (eds.): XACML v3.0 administrative policy. Standard, Organization for the Advancement of Structured Information Standards (OASIS). http://www.oasis-open.org/committees/xacml (2006)

  4. Seitz, L.: SICSacml. http://www.sics.se/spot/xacml_3_0.html (2006)

  5. Enns, R.: NETCONF Configuration Protocol. RFC 4741, IETF. http://www.ietf.org/rfc/rfc4741.txt (2006)

  6. Seitz, L., Rissanen, E.: NETCONF access control profile for XACML. Internet-draft, IETF. http://tools.ietf.org/id/draft-seitz-netconf-xacml-02.txt (2007)

  7. Seitz, L., Rissanen, E.: NETCONF access control profile for XACML. SICS Technical Report T2008:06. Swedish Institute of Computer Science, SICS AB. ISSN: 1100–3154 (2008)

  8. Wijnen, B., Presuhn, R., McCloghrie K.: View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP). RFC 3415, IETF. http://www.ietf.org/rfc/rfc3415.txt (2002)

  9. Ferraiolo, D., Sandhu, R., Gavrilla, S., Kuhn, D., Chandramouli, R.: A proposed standard for role based access control. ACM Trans. Inform. Syst. Secur. 4(3), 224–274 (2001)

    Article  Google Scholar 

  10. Loria (Lorraine Laboratory of IT Research and its Applications): EnSuite—a Netconf Framework. http://ensuite.sourceforge.net (2006)

  11. Cridlig, V.: NETCONF access control framework. Internet-draft, IETF. http://tools.ietf.org/id/draft-cridlig-netconf-rbac-00.txt (2006)

  12. Tail-f Systems: ConfD User Guide. Request form available at http://www.tail-f.com/confd-user-guide (2007)

  13. Bierman, A.: Network Configuration Extensions: Access Control Model. Internet-draft, IETF. http://tools.ietf.org/id/draft-bierman-ncx-acm-00.txt (2007)

  14. Clark, J., DeRose, S. (eds.): XML Path Language (XPath). W3C recommendation, World Wide Web Consortium. http://www.w3.org/TR/xpath (1999)

  15. Anderson, A. (ed.): Multiple resource profile of XACML v2.0. Standard, Organization for the Advancement of Structured Information Standards (OASIS). http://www.oasis-open.org/committees/xacml (2005)

  16. Desai, A.: Introduction to sequential XPath. In: Proceedings of XML Conference & Exposition, Orlando, USA, IDEAllicance (2001)

  17. Olteanu, D., Meuss, H., Furche, T., Bry, F.: XPath: looking forward. In: Proceedings of Workshop on XML-Based Data Management at EDBT 2002, vol. 2490 of LNCS. Springer-Verlag, Prague, Czech Republic (2002)

  18. Novachev, D.: XPath Visualizer version 1.4. http://www.topxml.com/xpathvisualizer/ (2001)

Download references

Acknowledgments

This work was carried in the context of the PRIMA-Net project. (http://www.sics.se/primanet) funded by the Swedish Governmental Agency for Innovation Systems (Vinnova).

Author information

Authors and Affiliations

  1. SPOT, SICS, Box 1263, 16429, Kista, Sweden

    Ludwig Seitz, Cao Ling & Babak Sadighi

  2. Ericsson Research, 16480, Kista, Sweden

    Göran Selander

  3. Axiomatics AB, Electrum 223, 16440, Kista, Sweden

    Erik Rissanen & Babak Sadighi

Authors
  1. Ludwig Seitz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Göran Selander
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Erik Rissanen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Cao Ling
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Babak Sadighi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ludwig Seitz.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Seitz, L., Selander, G., Rissanen, E. et al. Decentralized Access Control Management for Network Configuration. J Netw Syst Manage 16, 303–316 (2008). https://doi.org/10.1007/s10922-008-9111-3

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10922-008-9111-3

Keywords

Search

Navigation