Mike Chen, Barbara Hohlt, Tal Lavian, December 2000.
We are facing a trend towards ubiquitous connectivity where users demand access at any time, anywhere. This has led to the deployment of public network ports and wireless networks. Current solutions to network access control are inflexible and only provide all-or-nothing access.
It is also becoming increasingly important to protect Intranet hosts from other mobile and static hosts on the same Intranet to contain damages in the event that a host is compromised.
We present an architecture that addresses these issues and does so with utmost efficiency. By using a programmable router to provide dynamic, fine-grained network access control, we can offer a solution that is both flexible and efficient. The Java-enabled router dynamically generates and enforces access control rules using policies and user profiles as input, significantly reducing administrative overhead. Our modular design seamlessly integrates with existing authentication and directory servers, reducing administrative costs. Our prototype, implemented using Nortel’s Accelar router, effectively moves users to VLANs with the appropriate access privilege, demonstrating the practicality and potential of our approach.