Abstract
Packet filter firewalls are fundamental elements to prevent unauthorized traffic to reach protected networks or hosts. However, they have to take decisions about packets based on their contents, and currently packets do not contain any information about the entity responsible for its generation. In this paper we propose a framework that tackle this problem. The framework adds extra information to packets, which enables a firewall to authenticate its origin and to get an identity attribute for discriminating the entity responsible for the packet, upon which an access control policy can be implemented. This framework uses trusted third party services for authenticating people and providing related identity attributes for firewalls. For a proof of concept we implemented a prototype in Linux machines using iptables and personal identity smartcards.
Chapter PDF
Similar content being viewed by others
References
Neuman, C., Yu, T., Hartman, S., Raeburn, K.: The Kerberos Network Authentication Service (V5). RFC 4120 (July 2005)
Hughes, J., Cantor, S., Hodges, J., Hirsch, F., Mishra, P., Philpott, R., Maler, E.: Profiles for the OASIS Security Assertion Markup Language (SAML) 2.0. OASIS Standard (March 2005)
Kent, S., Atkinson, R.: IP Authentication Header. RFC 2402 (November 1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Zúquete, A., Correia, P., Rocha, M. (2012). A Framework for Enforcing User-Based Authorization Policies on Packet Filter Firewalls. In: De Decker, B., Chadwick, D.W. (eds) Communications and Multimedia Security. CMS 2012. Lecture Notes in Computer Science, vol 7394. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32805-3_20
Download citation
DOI: https://doi.org/10.1007/978-3-642-32805-3_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32804-6
Online ISBN: 978-3-642-32805-3
eBook Packages: Computer ScienceComputer Science (R0)