Infrastructure-Based Access Policy Enforcement Using Software-Defined Networks

Author

Tyler Carden Culp, Florida Institute of Technology

Date of Award

12-2018

Document Type

Thesis

Degree Name

Master of Science (MS)

Department

Computer Engineering and Sciences

First Advisor

Thomas C. Eskridge

Second Advisor

Barry Webster

Third Advisor

Marco Carvalho

Fourth Advisor

Philip Bernhard

Abstract

This thesis describes a method to enhance network security using software defined networks. Standard networks use perimeter-based defenses to block attackers from gaining access to internal systems. A key problem with standard networks is that once a malicious entity has gained access to the network, they are often able to freely move throughout the network and to attack internal systems with impunity. This problem can be mitigated by placing defenses such as firewalls between machines on the network, but this approach requires significant resources and constant maintenance. If the network infrastructure itself is leveraged as a defense by individualizing the visibility of the network for each user according to their roles and permissions, then the resulting network will eliminate most or all of the actions attackers would take to monitor and attack the network from the inside. This type of defense requires identifying the sources of communication, enforcing global permissions, and dynamically updating the user’s view of the network.

Recommended Citation

Culp, Tyler Carden, "Infrastructure-Based Access Policy Enforcement Using Software-Defined Networks" (2018). Theses and Dissertations. 824.
https://repository.fit.edu/etd/824