Title | Specification of mPlane Access Control and Data Protection Mechanisms |
Publication Type | Report |
Year of Publication | 2013 |
Authors | De Rosa, G., and S. Pentassuglia |
Document Number | D1.2 |
Date Published | 08/2013 |
Institution | mPlane Consortium |
City | Torino |
Type | Public Deliverable |
Keywords | access control, anonymisation, authentication plane, privacy, security |
Abstract | This document primarily defines security specifications for the mPlane architecture (in terms of authentication, access control and safe communications), on the basis of what specified in the D1.1. Also, it provides a description of the measures that can be adopted in order to guarantee the privacy of the data gathered through the probes. This aspect of the mPlane infrastructure must not be neglected, since from a legal point of view the users' right to privacy must be protected in any case. The techniques to be adopted are anonymization and aggregation, but utility of data decreases as the level of privacy increases, hence it is necessary to find a good trade-off. Two protocols are proposed for secure communications among components: TLS and SSH, which adopt respectively X.509 certificates and RSA keys for identity management. As the access control policy that will be adopted depends mostly on the mPlane administrators' choices, this document provides a survey of several approaches. The cross-domain and the mobile scenarios are also analyzed, providing solutions that can guarantee access control, security and privacy. |
Citation Key | Ros2013a |