Visible to the public Enforcing Multilevel Security Policies in Database-Defined Networks using Row-Level Security

TitleEnforcing Multilevel Security Policies in Database-Defined Networks using Row-Level Security
Publication TypeConference Paper
Year of Publication2019
AuthorsAl-Haj, Ali, Aziz, Benjamin
Conference Name2019 International Conference on Networked Systems (NetSys)
ISBN Number978-1-7281-0568-0
Keywordsbusiness requirements, Collaboration, composability, computer networks, database management systems, database tables, database-defined network, Database-Defined Networking, fine-grained security policies, Human Behavior, Information Flow Control, Metrics, multilevel security, multilevel security policies, network configuration, network hardware administration, Network topology, Policy Based Governance, policy-based governance, pubcrawl, relational database security, relational databases, Resiliency, Routing, routing configuration, Row-Level Security, row-level security checks, security, security of data, security policies, Software Defined Network, software defined networking, software-defined networking, Standards, Structured Query Language

Despite the wide of range of research and technologies that deal with the problem of routing in computer networks, there remains a gap between the level of network hardware administration and the level of business requirements and constraints. Not much has been accomplished in literature in order to have a direct enforcement of such requirements on the network. This paper presents a new solution in specifying and directly enforcing security policies to control the routing configuration in a software-defined network by using Row-Level Security checks which enable fine-grained security policies on individual rows in database tables. We show, as a first step, how a specific class of such policies, namely multilevel security policies, can be enforced on a database-defined network, which presents an abstraction of a network's configuration as a set of database tables. We show that such policies can be used to control the flow of data in the network either in an upward or downward manner.

Citation Keyal-haj_enforcing_2019