Theses
https://www.cs.dartmouth.edu/~sws/abstracts/djin.shtml
Last modified: 06/21/05 10:35:05 AM
Twum Djin.
Managing Access Control in Virtual Private Networks.
Technical Report TR2005-544,
Department of Computer Science,
Dartmouth College.
2005.
Senior High Honors Thesis. Advisor: Sean Smith.
Abstract
Virtual Private Network technology allows remote network users to
benefit from resources on a private network as if their host machines
actually resided on the network. However, each resource on a network
may also have its own access control policies, which may be completely
unrelated to network access. Thus a user's access to a network (even by
VPN technology) does not guarantee their access to the sought
resources. With the introduction of more complicated access
privileges, such as delegated access, it is conceivable for a scenario
to arise where a user can access a network remotely (because of direct
permissions from the network administrator or by delegated permission)
but cannot access any resources on the network. There is, therefore, a
need for a network access control mechanism that understands the
privileges of each remote network user on one hand, and the access
control policies of various network resources on the other hand, and
so can aid a remote user in accessing these resources based on the
user's privileges.
This research presents a software solution in the form of a
centralized access control framework called an Access Control Service
(ACS), that can grant remote users network presence and simultaneously
aid them in accessing various network resources with varying access
control policies. At the same time, the ACS provides a centralized
framework for administrators to manage access to their resources. The
ACS achieves these objectives using VPN technology, network address
translation and by proxying various authentication protocols on behalf
of remote users.
Download
PDF
