Sfatables: A firewall-like policy engine for federated systems

Sapan Bhatia, Andy Bavier, Larry Peterson, Soner Sevinc

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

Recent efforts to federate computation and communication resources across organizational boundaries face a challenge in establishing the policies by which one organization's users can access resources in other organizations. This paper describes an approach to defining, communicating, analyzing, and enforcing resource allocation policies in this new setting. Our approach was designed to address the needs of PlanetLab, but we demonstrate through a range of examples that it is general enough to accommodate a diverse collection of computing facilities. Our policy engine is implemented in a specific tool chain, called sfatables, that is patterned after the iptables mechanism used to define packet processing policies for network traffic. The interface to our policy engine thus uses the familiar paradigm of a firewall and provides a flexible interface for resource owners to specify access policies for their resources. Our implementation makes it possible to precisely document policies, query, and analyze them.

Original languageEnglish (US)
Title of host publicationProceedings - 31st International Conference on Distributed Computing Systems, ICDCS 2011
Pages467-476
Number of pages10
DOIs
StatePublished - Aug 25 2011
Event31st International Conference on Distributed Computing Systems, ICDCS 2011 - Minneapolis, MN, United States
Duration: Jun 20 2011Jul 24 2011

Publication series

NameProceedings - International Conference on Distributed Computing Systems

Other

Other31st International Conference on Distributed Computing Systems, ICDCS 2011
CountryUnited States
CityMinneapolis, MN
Period6/20/117/24/11

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Sfatables: A firewall-like policy engine for federated systems'. Together they form a unique fingerprint.

  • Cite this

    Bhatia, S., Bavier, A., Peterson, L., & Sevinc, S. (2011). Sfatables: A firewall-like policy engine for federated systems. In Proceedings - 31st International Conference on Distributed Computing Systems, ICDCS 2011 (pp. 467-476). [5961701] (Proceedings - International Conference on Distributed Computing Systems). https://doi.org/10.1109/ICDCS.2011.58