Use this URL to cite or link to this record in EThOS:
Title: FlowIdentity : a software-defined network access control architecture for OpenFlow-Based Switches
Author: Yakasai, Sadiq Tanko
ISNI:       0000 0004 5992 569X
Awarding Body: University of Reading
Current Institution: University of Reading
Date of Award: 2016
Availability of Full Text:
Access from EThOS:
The present methods of enterprise network security mostly operate under strict operational constraints; network operators are faced with solutions that are complex, proprietary and closed for innovation. Security policies in today's networks are mostly expressed and enforced using dynamic network traffic parameters, making their manageability difficult and expensive. Additionally, the security functionalities on today's network devices are mostly retrofitted onto existing ones (such as forwarding), thereby resulting in complex interactions - leading to a solution that is brittle, expensive to manage, and most of all, not open to enhancement. Software-Defined Networking (SDN) and Network Functions Virtualisation (NFV) are exciting technologies that create a paradigm shift in computer networking. These provide an exciting opportunity for the industry and researchers to solve some of the most persistent networking problems through creativity and improved ease of development, but also the rapid deployment of network services through automation and orchestration. This thesis presents a principle approach to the redesign of enterprise network access control architecture using 802.IX framework. We present FlowIdentity, an architecture that simplifies the engineering of network access control, lowering the cost of managing security policies, and increases deployment agility of network security services. The solution is a software-defined network access control architecture which redesigns the 802.lX framework and employs OpenFlow protocol, combining a novel authorization method by a stateful role-based firewall. Our solution presents a novel unification of policy definition and enforcement for network access control and endpoint vulnerability assessment. We present a proof-of-concept prototype and evaluate it for functionality, scalability and performance.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID:  DOI: Not available