A Novel Architecture for Enterprise Network Security

Author

Chen, Chao ; Wang, Ke ; Dai, Yiqi

Author_Institution

Dept. of Comput. Sci. & Technol., Tsinghua Univ., Beijing, China

Volume

1

fYear

2009

fDate

11-14 Dec. 2009

Firstpage

537

Lastpage

541

Abstract

The security and trustworthiness of enterprise networks have been a major concern in the research and practice of Intranet security. The security of endpoints and their network access are inevitably two important factors regarding enterprise network security. In this paper we present a novel architecture to enforce controls on endpoint application execution and network access, in which the policy decision point (PDP) and policy enforcement point (PEP) are introduced. A hybrid mechanism is proposed such that the control of application and network access of endpoints are integrated. Security analysis and performance evaluation prove that the proposed architecture maintains a balance between security and flexibility of enterprise network control.

Keywords

business communication; computer network security; intranets; enterprise network security; enterprise network trustworthiness; intranet security; policy decision point; policy enforcement point; Access control; Chaos; Computational intelligence; Computer architecture; Computer security; Control systems; Internet; Sections; Switches; System analysis and design; application-network access control; enterprise network; policy decision point; policy enforcement point;

fLanguage

English

Publisher

ieee

Conference_Titel

Computational Intelligence and Security, 2009. CIS '09. International Conference on

Conference_Location

Beijing

Print_ISBN

978-1-4244-5411-2

Type

conf

DOI

10.1109/CIS.2009.141

Filename

5375916