A central element of designing IT security infrastructures is the logical segmentation of information assets into groups sharing the same security requirements and policies, called network zones. As more business ecosystems are migrated to the cloud, additional demands for cybersecurity emerge and make the network-zone operation and management for large corporate networks challenging. In this paper, we introduce the new concept of an inter-domain transit zone that securely bridges physically and logically non-adjacent zones in large-scale information systems, simplifying complex network-zone structures. With inter-zone translation points, we also ensure communication integrity and confidentiality while providing lightweight security-policy enforcement. A logically centralized network coordinator enables scalable and flexible network management. Our implementation demonstrates that the new architecture merely introduces a few microseconds of additional processing delay in transit.
Mondrian: Comprehensive Inter-domain Network Zoning Architecture
Jonghoon Kwon (ETH Zürich), Claude Hähni (ETH Zürich), Patrick Bamert (Zürcher Kantonalbank), Adrian Perrig (ETH Zürich)
View More Papers
Exploring The Design Space of Sharing and Privacy Mechanisms...
Abdulmajeed Alqhatani, Heather R. Lipford (University of North Carolina at Charlotte)
Read MoreSerialDetector: Principled and Practical Exploration of Object Injection Vulnerabilities...
Mikhail Shcherbakov (KTH Royal Institute of Technology), Musard Balliu (KTH Royal Institute of Technology)
Read MoreSOK: An Evaluation of Quantum Authentication Through Systematic Literature...
Ritajit Majumdar (Indian Statistical Institute), Sanchari Das (University of Denver)
Read MoreTowards Defeating Mass Surveillance and SARS-CoV-2: The Pronto-C2 Fully...
Gennaro Avitabile, Vincenzo Botta, Vincenzo Iovino, and Ivan Visconti (University of Salerno)
Read More