Reaktiva nät

Authors:

  • Tommy Gustafsson
  • Jonas Almroth
  • Fredrik Mörnestedt

Publish date: 2012-12-28

Report number: FOI-R--3560--SE

Pages: 43

Written in: Swedish

Keywords:

  • reactive networks
  • 802.1X
  • EAP
  • identity-based networking
  • dynamic
  • access lists

Abstract

This report describes the work and result of the Swedish Armed Forces R&T project "Reactive network infrastructure for dynamic separation". The project have evaluated and assessed a reactive net as feasible. A reactive net is a term used within the project to describe a network that can dynamically adapt its security based on the system or the type of information that a certain user utilizes at every moment. The goal of the project was to achieve and evaluate a network with several dynamically adaptable and logically separated security domains in one single network infrastructure. Within the project the components of a working demonstrator for a reactive net have been developed and evaluated. The purpose of the demonstrator was to investigate whether or not a reactive net was feasible and to describe the assurance that can be attributed the demonstrator. The demonstrator will also be used to present the reactive net concept to the Swedish Armed Forces. The demonstrator utilizes the protocols IEEE 802.1X and SSH to configure portbased access lists which provide the logical separation. Such a solution can be based on COTS but needs to be supplemented with some custom components. The report also states that reactive networks can serve as a network-based security mechanism and that by combining such technology with an MLScapable client, it can facilitate the Swedish Armed Force's vision of one and only "one network and information infrastructure" (FM CIO, 2009). The report also describes how reactive nets are related to COTS and identitybased networks currently offered by several companies as.

Share page on social media