发明名称 |
PROTECTING AND TRACKING NETWORK STATE UPDATES IN SOFTWARE-DEFINED NETWORKS FROM SIDE-CHANNEL ACCESS |
摘要 |
A system and method of access control and tracking capabilities of programmable switches are described. A system and associated method include an access controller component and a tracker component. The access controller component defines access control rights for a user in a flow of a programmable switch in a network. The access control rights are determined by access control table information and an associated bit-array based flow-level role data structure built by a controller network operator. The tracker component authorizes and permits the user to modify the flow according to a flow modification request, which is based upon information in the access control table information and the associated bit-array based flow-level role data structure for the user. A notification component of a programmable switch notifies the controller of the network about the modification request to the flow. |
申请公布号 |
US2015295852(A1) |
申请公布日期 |
2015.10.15 |
申请号 |
US201414253513 |
申请日期 |
2014.04.15 |
申请人 |
NTT INNOVATION INSTITUTE, INC. |
发明人 |
Natarajan Sriram |
分类号 |
H04L12/927 |
主分类号 |
H04L12/927 |
代理机构 |
|
代理人 |
|
主权项 |
1. A system comprising:
an access controller that stores access control rights of a user to perform an action on a flow table of a programmable switch in a network, wherein the access control rights are determined by stored information that includes a predetermination association of a particular user and a permitted action that the particular user is allowed to take with respect to the flow table; and a tracker that permits the user to perform an action on the flow table included in a flow modification request received at the programmable switch, based upon the stored access control rights. |
地址 |
East Palo Alto CA US |