A central element of designing IT security infrastructures is the logical segmentation of information assets into groups sharing the same security requirements and policies, called network zones. As more business ecosystems are migrated to the cloud, additional demands for cybersecurity emerge and make the network-zone operation and management for large corporate networks challenging. In this paper, we introduce the new concept of an inter-domain transit zone that securely bridges physically and logically non-adjacent zones in large-scale information systems, simplifying complex network-zone structures. With inter-zone translation points, we also ensure communication integrity and confidentiality while providing lightweight security-policy enforcement. A logically centralized network coordinator enables scalable and flexible network management. Our implementation demonstrates that the new architecture merely introduces a few microseconds of additional processing delay in transit.

View More Papers

Exploring The Design Space of Sharing and Privacy Mechanisms...

Abdulmajeed Alqhatani, Heather R. Lipford (University of North Carolina at Charlotte)

Read More

SerialDetector: Principled and Practical Exploration of Object Injection Vulnerabilities...

Mikhail Shcherbakov (KTH Royal Institute of Technology), Musard Balliu (KTH Royal Institute of Technology)

Read More

SOK: An Evaluation of Quantum Authentication Through Systematic Literature...

Ritajit Majumdar (Indian Statistical Institute), Sanchari Das (University of Denver)

Read More

Towards Defeating Mass Surveillance and SARS-CoV-2: The Pronto-C2 Fully...

Gennaro Avitabile, Vincenzo Botta, Vincenzo Iovino, and Ivan Visconti (University of Salerno)

Read More