Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

IFIP International Conference on Communications and Multimedia Security

CMS 2012: Communications and Multimedia Security pp 204–206Cite as

  1. Home
  2. Communications and Multimedia Security
  3. Conference paper
A Framework for Enforcing User-Based Authorization Policies on Packet Filter Firewalls

A Framework for Enforcing User-Based Authorization Policies on Packet Filter Firewalls

  • André Zúquete18,
  • Pedro Correia19 &
  • Miguel Rocha19 
  • Conference paper
  • 916 Accesses

Part of the Lecture Notes in Computer Science book series (LNSC,volume 7394)

Abstract

Packet filter firewalls are fundamental elements to prevent unauthorized traffic to reach protected networks or hosts. However, they have to take decisions about packets based on their contents, and currently packets do not contain any information about the entity responsible for its generation. In this paper we propose a framework that tackle this problem. The framework adds extra information to packets, which enables a firewall to authenticate its origin and to get an identity attribute for discriminating the entity responsible for the packet, upon which an access control policy can be implemented. This framework uses trusted third party services for authenticating people and providing related identity attributes for firewalls. For a proof of concept we implemented a prototype in Linux machines using iptables and personal identity smartcards.

Download conference paper PDF

References

  1. Neuman, C., Yu, T., Hartman, S., Raeburn, K.: The Kerberos Network Authentication Service (V5). RFC 4120 (July 2005)

    Google Scholar 

  2. Hughes, J., Cantor, S., Hodges, J., Hirsch, F., Mishra, P., Philpott, R., Maler, E.: Profiles for the OASIS Security Assertion Markup Language (SAML) 2.0. OASIS Standard (March 2005)

    Google Scholar 

  3. Kent, S., Atkinson, R.: IP Authentication Header. RFC 2402 (November 1998)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dep. of Electronics, Telecommunications and Informatics/IEETA, Univ. of Aveiro, Portugal

    André Zúquete

  2. IEETA, Univ. of Aveiro, Portugal

    Pedro Correia & Miguel Rocha

Authors
  1. André Zúquete
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pedro Correia
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Miguel Rocha
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, IBBT-DistriNet, K.U. Leuven, Celestijnenlaan 200A, 3001, Leuven, Belgium

    Bart De Decker

  2. School of Computing, University of Kent, CT2 7NZ, Canterbury, Kent, UK

    David W. Chadwick

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 IFIP International Federation for Information Processing

About this paper

Cite this paper

Zúquete, A., Correia, P., Rocha, M. (2012). A Framework for Enforcing User-Based Authorization Policies on Packet Filter Firewalls. In: De Decker, B., Chadwick, D.W. (eds) Communications and Multimedia Security. CMS 2012. Lecture Notes in Computer Science, vol 7394. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32805-3_20

Download citation

  • .RIS
  • .ENW
  • .BIB
  • DOI: https://doi.org/10.1007/978-3-642-32805-3_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-32804-6

  • Online ISBN: 978-3-642-32805-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature