Evolution of the Ethane Architecture

Abstract

The Ethane architecture, developed at Stanford University, demonstrated that a novel approach to building secure networks could support superior low-level security and flexible policy-based control over individual flows. However, Ethane only provided operators with a single function: policy-based access control. Moreover, Ethane's policy was expressed in a language that did not have a rigorous logical foundation. Almost a year of subsequent work, reported on here, extended Ethane to address these two shortcomings. First, the Ethane architecture was evolved from Ethane's narrowly targeted design to a fully general network operating system called NOX, which provides users with full-blown programmatic interface. Second, the policy language has evolved from the Ethane's primitive pol-eth to a much more powerful and rigorously analyzed Flow-Based Security Language (FSL). This report describes these two advances.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Feb 01, 2009
Accession Number
ADA494653

Entities

People

  • Martin Casado
  • Scott Shenker

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies
  • Engineered Resilient Systems

DTIC Thesaurus Topics

  • Air Force Research Laboratories
  • Computer Access Control
  • Computer Network Security
  • Computer Networks
  • Computer Programming
  • Computers
  • Control Systems
  • Intrusion Detection
  • Language
  • Local Area Networks
  • Mobile Phones
  • Network Architecture
  • Network Protocols
  • Network Topology
  • Operating Systems

Readers

  • Database Systems and Applications
  • Organic Chemistry
  • Strategic Security Studies