{"title":"Implementation of C-BAS: Certificate-Based AAA for SDN Experimental Facilities","authors":"U. Toseef, K. Pentikousis","doi":"10.1109/NCCA.2015.16","DOIUrl":null,"url":null,"abstract":"Recent work in software-defined networking experimental facilities has been shifting towards large scale deployments through federation of resources that span across continents and make it possible to perform experiments at a global scale. The success of such deployments very much depends on the design and implementation of essential, secure mechanisms for authentication, authorization, and accounting (AAA) that not only ensure the robustness of such facilities against intrusions and unauthorized use but also ease experimentation and system administration in such complex environments. C-BAS is an initiative in this direction that uses a secure and flexible certificate-based AAA architecture for SDN experimental facilities. Advanced certificate-based authentication and authorization makes C-BAS inherently resilient against attacks specific to traditional AAA mechanisms, increases flexibility and autonomy in experimental facility system administration, and facilitates federation. This article introduces the implementation details of C-BAS, explains its features through use cases, and evaluates its computational performance.","PeriodicalId":309782,"journal":{"name":"2015 IEEE Fourth Symposium on Network Cloud Computing and Applications (NCCA)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-06-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE Fourth Symposium on Network Cloud Computing and Applications (NCCA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NCCA.2015.16","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 9
Abstract
Recent work in software-defined networking experimental facilities has been shifting towards large scale deployments through federation of resources that span across continents and make it possible to perform experiments at a global scale. The success of such deployments very much depends on the design and implementation of essential, secure mechanisms for authentication, authorization, and accounting (AAA) that not only ensure the robustness of such facilities against intrusions and unauthorized use but also ease experimentation and system administration in such complex environments. C-BAS is an initiative in this direction that uses a secure and flexible certificate-based AAA architecture for SDN experimental facilities. Advanced certificate-based authentication and authorization makes C-BAS inherently resilient against attacks specific to traditional AAA mechanisms, increases flexibility and autonomy in experimental facility system administration, and facilitates federation. This article introduces the implementation details of C-BAS, explains its features through use cases, and evaluates its computational performance.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
