Skip to Main content Skip to Navigation
Theses

Sécurité du plan de gestion des réseaux IP

Vincent Cridlig 1
1 MADYNES - Management of dynamic networks and services
INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : Over the past decades, the fast evolution of networks led to an increasing diversity and number of managed devices, and consequently to many network management platforms. Each of these platforms creates a close environment delimited by its management model, protocol and data model but also a non-isolated environment because of the shared managed resources within a device. Indeed, although the data models are heterogeneous across platform, they may recover partially. This environment is responsible for a security gap since each network management platform has its own security architecture along with its own associated security parameters. The problem also appears within a single platform allowing many security models or underlying protocols. Up to now, there has been no real work regarding the consequences of such an heterogeneous environment and the possible solutions. In this thesis, we propose some multi-platform architectures that are able to distribute access rights automatically and on-the-fly in order to limit the privilege discrepancies between platforms and to improve security policies consistency. We also define a model for checking the access rights in order to guaranty the local consistency within one device. This model translates heterogeneous policies in a convergent representation in order to extract their privilege differences. We have extended the Netconf configuration protocol with a role-based access control framework. This proposal has been implemented and a series of benchmarks showed that the impact of XPath-based access control rules on the global processing time of a Netconf agent was acceptable.
Complete list of metadatas

Cited literature [2 references]  Display  Hide  Download

https://tel.archives-ouvertes.fr/tel-00134670
Contributor : Vincent Cridlig <>
Submitted on : Sunday, March 4, 2007 - 8:11:49 PM
Last modification on : Friday, February 26, 2021 - 3:28:04 PM
Long-term archiving on: : Wednesday, April 7, 2010 - 1:19:33 AM

Identifiers

  • HAL Id : tel-00134670, version 1

Collections

Citation

Vincent Cridlig. Sécurité du plan de gestion des réseaux IP. Réseaux et télécommunications [cs.NI]. Université Henri Poincaré - Nancy I, 2006. Français. ⟨tel-00134670⟩

Share

Metrics

Record views

405

Files downloads

3933