izpis_h1_title_alt

Dinamično dodeljevanje dostopa do omrežnih naprav
ID KRMELJ, GREGOR ROBERT (Author), ID Ciglarič, Mojca (Mentor) More about this mentor... This link opens in a new window, ID Pančur, Matjaž (Comentor)

.pdfPDF - Presentation file, Download (1,40 MB)
MD5: 1F66AE4F6D3BD272B0A70A275180FCBD

Abstract
Programska oprema postaja vse bolj kompleksna, tako po številu vrstic kot tudi po funkcionalnosti. V želji, da bi programski izdelek čim prej tržili velikokrat programska oprema vsebuje določene pomanjkljivosti zaradi katerih izdelek nima zadostne zaščite. Obstoječi varnostni mehanizmi, ki naj bi zagotavljali, da aplikacije ne bi bile dostopne za neznane oziroma nezaželene uporabnike, se ponavadi aktivirajo šele v višjih slojih aplikacij. Z obstoječimi varnostnimi mehanizmi praviloma težje določimo, ali ima uporabnik pravice dostopa na nižjih slojih. V primeru, ko so ranljivi mehanizmi avtentikacije in avtorizacije, je ogrožena splošna varnost programske storitve. Diplomsko delo predstavi možnost omejitve dostopa do sistema na omre\-žnem sloju, tako da dinamično dodelimo pravice uporabniku v požarnem zidu. Posledično to omogoča, da storitev vzpostavimo na internetu in da je le ta omrežno nevidna vsem neavtoriziranim uporabnikom.

Language:Slovenian
Keywords:omrežje, internet, požarni zid, SDP, SPA, varnost, OpenSPA, OpenSDP, skrite storitve
Work type:Bachelor thesis/paper
Organization:FRI - Faculty of Computer and Information Science
Year:2018
PID:20.500.12556/RUL-103207 This link opens in a new window
Publication date in RUL:14.09.2018
Views:2173
Downloads:306
Metadata:XML DC-XML DC-RDF
:
Copy citation
Share:Bookmark and Share

Secondary language

Language:English
Title:Dynamic Access Control to Network Devices
Abstract:
Today’s software is getting more complex by the number of lines of code as well as the number of included features. Due to the rising complexity of software and market demands to release new products, the number of new vulnerabilities is on the rise too. Current mechanisms to defend against unauthorized access are usually implemented in higher layers of the network stack. Limiting access in the application layer is a common practice, while lower layers access rights are harder to implement. The problem becomes evident when an application is vulnerable and the mechanisms of authentication and authorization are threatened. This thesis proposes a method of user authentication and authorization which functions on the network layer by dynamically assigning firewall rules. This in turn facilitates deployment of dark network applications on the internet - applications which are accessible on the network layer only to authorized users.

Keywords:network, internet, firewall, SDP, SPA, security, OpenSPA, OpenSDP, hidden services

Similar documents

Similar works from RUL:
Similar works from other Slovenian collections:

Back