Team for Research in
Ubiquitous Secure Technology

• SANE: A protection architecture for enterprise networks.

Citation
"• SANE: A protection architecture for enterprise networks.". M. Casado, Tal Garfinkel, A. Akella, M. Freedman, D. Boneh, N. McKeown, and S. Shenker (eds.), Usenix Security, 2006.

Abstract
Connectivity in today's enterprise networks is regulated by a combination of complex routing and bridging policies, along with various interdiction mechanisms such as ACLs, packet filters, and other middleboxes that attempt to retrofit access control onto an otherwise permissive network architecture. This leads to enterprise networks that are inflexible, fragile, and difficult to manage. To address these limitations, we offer SANE, a protection architecture for enterprise networks. SANE defines a single protection layer that governs all connectivity within the enterprise. All routing and access control decisions are made by a logically-centralized server that grants access to services by handing out capabilities (encrypted source routes) according to declarative access control policies (e.g., "Alice can access http server foo"). Capabilities are enforced at each switch, which are simple and only minimally trusted. SANE offers strong attack resistance and containment in the face of compromise, yet is practical for everyday use. Our prototype implementation shows that SANE could be deployed in current networks with only a few modifications, and it can easily scale to networks of tens of thousands of nodes.

Electronic downloads

Citation formats  
  • HTML
     <a
    href="http://www.truststc.org/pubs/597.html"
    ><i>•	SANE: A protection architecture
    for enterprise networks.</i></a>, M. Casado, Tal
    Garfinkel, A. Akella, M. Freedman, D. Boneh, N. McKeown, and
    S. Shenker (eds.), Usenix Security, 2006.
  • Plain text
     "•	SANE: A protection architecture for
    enterprise networks.". M. Casado, Tal Garfinkel, A.
    Akella, M. Freedman, D. Boneh, N. McKeown, and S. Shenker
    (eds.), Usenix Security, 2006.
  • BibTeX
    @proceedings{CasadoGarfinkelAkellaFreedmanBonehMcKeownShenker06_SANEProtectionArchitectureForEnterpriseNetworks,
        title = {•	SANE: A protection architecture for enterprise
                  networks.},
        editor = {M. Casado, Tal Garfinkel, A. Akella, M. Freedman,
                  D. Boneh, N. McKeown, and S. Shenker},
        organization = {Usenix Security},
        year = {2006},
        abstract = {Connectivity in today's enterprise networks is
                  regulated by a combination of complex routing and
                  bridging policies, along with various interdiction
                  mechanisms such as ACLs, packet filters, and other
                  middleboxes that attempt to retrofit access
                  control onto an otherwise permissive network
                  architecture. This leads to enterprise networks
                  that are inflexible, fragile, and difficult to
                  manage. To address these limitations, we offer
                  SANE, a protection architecture for enterprise
                  networks. SANE defines a single protection layer
                  that governs all connectivity within the
                  enterprise. All routing and access control
                  decisions are made by a logically-centralized
                  server that grants access to services by handing
                  out capabilities (encrypted source routes)
                  according to declarative access control policies
                  (e.g., "Alice can access http server foo").
                  Capabilities are enforced at each switch, which
                  are simple and only minimally trusted. SANE offers
                  strong attack resistance and containment in the
                  face of compromise, yet is practical for everyday
                  use. Our prototype implementation shows that SANE
                  could be deployed in current networks with only a
                  few modifications, and it can easily scale to
                  networks of tens of thousands of nodes. },
        URL = {http://www.truststc.org/pubs/597.html}
    }
    

Posted by Jessica Gamble on 16 Mar 2009.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.