SANE: a protection architecture for enterprise networks

Martín Casado; Tal Garfinkel; Aditya Akella; Michael J. Freedman; Dan Boneh; Nick McKeown; Scott Shenker

Back

Shared by

Scott Shenker

University of California, Berkeley

SANE: a protection architecture for enterprise networks

Article 2006 en

Authors

MC
Martín Casado
TG
Tal Garfinkel
AA
Aditya Akella

Abstract

1 min read

Connectivity in today’s enterprise networks is regulated by a combination of complex routing and bridging policies, along with various interdiction mechanisms such as ACLs, packet filters, and other middleboxes that attempt to retrofit access control onto an otherwise permissive network architecture. This leads to enterprise networks that are inflexible, fragile, and difficult to manage. To address these limitations, we offer SANE, a protection architecture for enterprise networks. SANE defines a single protection layer that governs all connectivity within the enterprise. All routing and access control decisions are made by a logically-centralized server that grants access to services by handing out capabilities (encrypted source routes) according to declarative access control policies (e.g., “Alice can access

SANE: a protection architecture for enterprise networks

Abstract

Discussion(0)

Related publications

Practical declarative network management

Building extensible and secure networks

Rethinking Enterprise Network Control

Policies in routing

Metropolitan and access network architecture design for optical flow switching

Related publications

Article2009
Practical declarative network management
Article2009

Article2011
Building extensible and secure networks
Article2011

Article2009
Rethinking Enterprise Network Control
Article2009

Article2007
Policies in routing
Article2007

Article2014
Metropolitan and access network architecture design for optical flow switching
Article2014