Enforcing Multilevel Security Policies in Database-Defined Networks using Row-Level Security
Title | Enforcing Multilevel Security Policies in Database-Defined Networks using Row-Level Security |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Al-Haj, Ali, Aziz, Benjamin |
Conference Name | 2019 International Conference on Networked Systems (NetSys) |
Publisher | IEEE |
ISBN Number | 978-1-7281-0568-0 |
Keywords | business requirements, Collaboration, composability, computer networks, database management systems, database tables, database-defined network, Database-Defined Networking, fine-grained security policies, Human Behavior, Information Flow Control, Metrics, multilevel security, multilevel security policies, network configuration, network hardware administration, Network topology, Policy Based Governance, policy-based governance, pubcrawl, relational database security, relational databases, Resiliency, Routing, routing configuration, Row-Level Security, row-level security checks, security, security of data, security policies, Software Defined Network, software defined networking, software-defined networking, Standards, Structured Query Language |
Abstract | Despite the wide of range of research and technologies that deal with the problem of routing in computer networks, there remains a gap between the level of network hardware administration and the level of business requirements and constraints. Not much has been accomplished in literature in order to have a direct enforcement of such requirements on the network. This paper presents a new solution in specifying and directly enforcing security policies to control the routing configuration in a software-defined network by using Row-Level Security checks which enable fine-grained security policies on individual rows in database tables. We show, as a first step, how a specific class of such policies, namely multilevel security policies, can be enforced on a database-defined network, which presents an abstraction of a network's configuration as a set of database tables. We show that such policies can be used to control the flow of data in the network either in an upward or downward manner. |
URL | https://ieeexplore.ieee.org/document/8854491 |
DOI | 10.1109/NetSys.2019.8854491 |
Citation Key | al-haj_enforcing_2019 |
- row-level security checks
- policy-based governance
- pubcrawl
- relational database security
- relational databases
- Resiliency
- Routing
- routing configuration
- Row-Level Security
- Policy Based Governance
- security
- security of data
- security policies
- Software Defined Network
- software defined networking
- software-defined networking
- standards
- Structured Query Language
- Human behavior
- collaboration
- composability
- computer networks
- database management systems
- database tables
- database-defined network
- Database-Defined Networking
- fine-grained security policies
- business requirements
- Information Flow Control
- Metrics
- multilevel security
- multilevel security policies
- network configuration
- network hardware administration
- network topology