Published:

In-submission Project: Geographically Distributed Management of Enterprise Network Security Policy

This work (funded by the Office of Naval Research) extends a single, globally-defined and managed, enterprise network security policy to many geographically distributed sites. Each site operates independently and enforces a least-information policy slice that is dynamically parameterized with user location as employees roam between sites. We build a prototype of MSNetViews and analyze performance. As such, we demonstrate the utility of SDN towards achieving zero trust for on-premises network resources, even for organizations with many geographically distributed sites.